diff options
Diffstat (limited to 'src')
168 files changed, 15275 insertions, 17508 deletions
diff --git a/src/leap/__init__.py b/src/leap/__init__.py index 0e880867..f48ad105 100644 --- a/src/leap/__init__.py +++ b/src/leap/__init__.py @@ -1,35 +1,6 @@ -""" -LEAP Encryption Access Project -website: U{https://leap.se/} -""" - -from leap import eip -from leap import baseapp -from leap import util -#from leap import soledad - -__all__ = [eip, baseapp, util] -__version__ = "unknown" +# See http://peak.telecommunity.com/DevCenter/setuptools#namespace-packages try: - from ._version import get_versions - __version__ = get_versions()['version'] - del get_versions + __import__('pkg_resources').declare_namespace(__name__) except ImportError: - #running on a tree that has not run - #the setup.py setver - pass - -__appname__ = "unknown" -try: - from leap._appname import __appname__ -except ImportError: - #running on a tree that has not run - #the setup.py setver - pass - -__full_version__ = __appname__ + '/' + str(__version__) - -try: - from leap._branding import BRANDING as __branding -except ImportError: - __branding = {} + from pkgutil import extend_path + __path__ = extend_path(__path__, __name__) diff --git a/src/leap/app.py b/src/leap/app.py index 1b2ccd61..cb9951c1 100644 --- a/src/leap/app.py +++ b/src/leap/app.py @@ -1,72 +1,125 @@ -# vim: tabstop=8 expandtab shiftwidth=4 softtabstop=4 -from functools import partial +# -*- coding: utf-8 -*- +# app.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + import logging -import platform import signal +import sys + +from functools import partial -# This is only needed for Python v2 but is harmless for Python v3. -import sip -sip.setapi('QVariant', 2) -sip.setapi('QString', 2) -from PyQt4.QtGui import (QApplication, QSystemTrayIcon, QMessageBox) -from PyQt4 import QtCore +from PySide import QtCore, QtGui -from leap import __version__ as VERSION -from leap.baseapp.mainwindow import LeapWindow -from leap.util import polkit +from leap.common.events import server as event_server +from leap.util import __version__ as VERSION +from leap.util import leap_argparse +from leap.util.leap_log_handler import LeapLogHandler +from leap.util.requirement_checker import check_requirements from leap.gui import locale_rc +from leap.gui import twisted_main +from leap.gui.mainwindow import MainWindow +from leap.platform_init import IS_MAC +from leap.platform_init.locks import we_are_the_one_and_only +from leap.services.tx import leap_services + + +import codecs +codecs.register(lambda name: codecs.lookup('utf-8') + if name == 'cp65001' else None) + +# pylint: avoid unused import +assert(locale_rc) def sigint_handler(*args, **kwargs): + """ + Signal handler for SIGINT + """ logger = kwargs.get('logger', None) - logger.debug('SIGINT catched. shutting down...') + if logger: + logger.debug("SIGINT catched. shutting down...") mainwindow = args[0] - mainwindow.shutdownSignal.emit() + mainwindow.quit() + + +def install_qtreactor(logger): + import qt4reactor + qt4reactor.install() + logger.debug("Qt4 reactor installed") def main(): """ - launches the main event loop - long live to the (hidden) leap window! + Starts the main event loop and launches the main window. """ - import sys - from leap.util import leap_argparse - parser, opts = leap_argparse.init_leapc_args() - debug = getattr(opts, 'debug', False) + event_server.ensure_server(event_server.SERVER_PORT) + + _, opts = leap_argparse.init_leapc_args() + debug = opts.debug + standalone = opts.standalone + bypass_checks = opts.danger - # XXX get severity from command line args + # TODO: get severity from command line args if debug: level = logging.DEBUG else: level = logging.WARNING + # Console logger logger = logging.getLogger(name='leap') logger.setLevel(level) console = logging.StreamHandler() console.setLevel(level) - formatter = logging.Formatter( - '%(asctime)s ' - '- %(name)s - %(levelname)s - %(message)s') + log_format = '%(asctime)s - %(name)s - %(levelname)s - %(message)s' + formatter = logging.Formatter(log_format) console.setFormatter(formatter) logger.addHandler(console) + # LEAP custom handler + leap_handler = LeapLogHandler() + leap_handler.setLevel(level) + logger.addHandler(leap_handler) + + logger.debug('Leap handler plugged!') + + if not we_are_the_one_and_only(): + # leap-client is already running + logger.warning("Tried to launch more than one instance " + "of leap-client. Raising the existing " + "one instead.") + sys.exit(1) + + check_requirements() + logger.info('~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~') logger.info('LEAP client version %s', VERSION) logger.info('~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~') - logfile = getattr(opts, 'log_file', False) - if logfile: - logger.debug('setting logfile to %s ', logfile) + logfile = opts.log_file + if logfile is not None: + logger.debug('Setting logfile to %s ', logfile) fileh = logging.FileHandler(logfile) fileh.setLevel(logging.DEBUG) fileh.setFormatter(formatter) logger.addHandler(fileh) logger.info('Starting app') - app = QApplication(sys.argv) + app = QtGui.QApplication(sys.argv) - # launch polkit-auth agent if needed - if platform.system() == "Linux": - polkit.check_if_running_polkit_auth() + # install the qt4reactor. + install_qtreactor(logger) # To test: # $ LANG=es ./app.py @@ -75,52 +128,42 @@ def main(): if qtTranslator.load("qt_%s" % locale, ":/translations"): app.installTranslator(qtTranslator) appTranslator = QtCore.QTranslator() - if appTranslator.load("leap_client_%s" % locale, ":/translations"): + if appTranslator.load("%s.qm" % locale[:2], ":/translations"): app.installTranslator(appTranslator) - # needed for initializing qsettings - # it will write .config/leap/leap.conf - # top level app settings - # in a platform independent way + # Needed for initializing qsettings it will write + # .config/leap/leap.conf top level app settings in a platform + # independent way app.setOrganizationName("leap") app.setApplicationName("leap") app.setOrganizationDomain("leap.se") - # XXX we could check here - # if leap-client is already running, and abort - # gracefully in that case. - - if not QSystemTrayIcon.isSystemTrayAvailable(): - QMessageBox.critical(None, "Systray", - "I couldn't detect" - "any system tray on this system.") - sys.exit(1) - if not debug: - QApplication.setQuitOnLastWindowClosed(False) - - window = LeapWindow(opts) - - # this dummy timer ensures that - # control is given to the outside loop, so we - # can hook our sigint handler. - timer = QtCore.QTimer() - timer.start(500) - timer.timeout.connect(lambda: None) + # XXX --------------------------------------------------------- + # In quarantine, looks like we don't need it anymore. + # This dummy timer ensures that control is given to the outside + # loop, so we can hook our sigint handler. + #timer = QtCore.QTimer() + #timer.start(500) + #timer.timeout.connect(lambda: None) + # XXX --------------------------------------------------------- + + window = MainWindow( + lambda: twisted_main.quit(app), + standalone=standalone, + bypass_checks=bypass_checks) + window.show() sigint_window = partial(sigint_handler, window, logger=logger) signal.signal(signal.SIGINT, sigint_window) - if debug: - # we only show the main window - # if debug mode active. - # if not, it will be set visible - # from the systray menu. - window.show() - if sys.platform == "darwin": - window.raise_() - - # run main loop - sys.exit(app.exec_()) + if IS_MAC: + window.raise_() + + tx_app = leap_services() + assert(tx_app) + + # Run main loop + twisted_main.start(app) if __name__ == "__main__": main() diff --git a/src/leap/base/auth.py b/src/leap/base/auth.py deleted file mode 100644 index c2d3f424..00000000 --- a/src/leap/base/auth.py +++ /dev/null @@ -1,355 +0,0 @@ -import binascii -import json -import logging -#import urlparse - -import requests -import srp - -from PyQt4 import QtCore - -from leap.base import constants as baseconstants -from leap.crypto import leapkeyring -from leap.util.misc import null_check -from leap.util.web import get_https_domain_and_port - -logger = logging.getLogger(__name__) - -SIGNUP_TIMEOUT = getattr(baseconstants, 'SIGNUP_TIMEOUT', 5) - -""" -Registration and authentication classes for the -SRP auth mechanism used in the leap platform. - -We're using the srp library which uses a c-based implementation -of the protocol if the c extension is available, and a python-based -one if not. -""" - - -class SRPAuthenticationError(Exception): - """ - exception raised - for authentication errors - """ - - -safe_unhexlify = lambda x: binascii.unhexlify(x) \ - if (len(x) % 2 == 0) else binascii.unhexlify('0' + x) - - -class LeapSRPRegister(object): - - def __init__(self, - schema="https", - provider=None, - verify=True, - register_path="1/users", - method="POST", - fetcher=requests, - srp=srp, - hashfun=srp.SHA256, - ng_constant=srp.NG_1024): - - null_check(provider, "provider") - - self.schema = schema - - domain, port = get_https_domain_and_port(provider) - self.provider = domain - self.port = port - - self.verify = verify - self.register_path = register_path - self.method = method - self.fetcher = fetcher - self.srp = srp - self.HASHFUN = hashfun - self.NG = ng_constant - - self.init_session() - - def init_session(self): - self.session = self.fetcher.session() - - def get_registration_uri(self): - # XXX assert is https! - # use urlparse - if self.port: - uri = "%s://%s:%s/%s" % ( - self.schema, - self.provider, - self.port, - self.register_path) - else: - uri = "%s://%s/%s" % ( - self.schema, - self.provider, - self.register_path) - - return uri - - def register_user(self, username, password, keep=False): - """ - @rtype: tuple - @rparam: (ok, request) - """ - salt, vkey = self.srp.create_salted_verification_key( - username, - password, - self.HASHFUN, - self.NG) - - user_data = { - 'user[login]': username, - 'user[password_verifier]': binascii.hexlify(vkey), - 'user[password_salt]': binascii.hexlify(salt)} - - uri = self.get_registration_uri() - logger.debug('post to uri: %s' % uri) - - # XXX get self.method - req = self.session.post( - uri, data=user_data, - timeout=SIGNUP_TIMEOUT, - verify=self.verify) - # we catch it in the form - #req.raise_for_status() - return (req.ok, req) - - -class SRPAuth(requests.auth.AuthBase): - - def __init__(self, username, password, server=None, verify=None): - # sanity check - null_check(server, 'server') - self.username = username - self.password = password - self.server = server - self.verify = verify - - logger.debug('SRPAuth. verify=%s' % verify) - logger.debug('server: %s. username=%s' % (server, username)) - - self.init_data = None - self.session = requests.session() - - self.init_srp() - - def init_srp(self): - usr = srp.User( - self.username, - self.password, - srp.SHA256, - srp.NG_1024) - uname, A = usr.start_authentication() - - self.srp_usr = usr - self.A = A - - def get_auth_data(self): - return { - 'login': self.username, - 'A': binascii.hexlify(self.A) - } - - def get_init_data(self): - try: - init_session = self.session.post( - self.server + '/1/sessions/', - data=self.get_auth_data(), - verify=self.verify) - except requests.exceptions.ConnectionError: - raise SRPAuthenticationError( - "No connection made (salt).") - except: - raise SRPAuthenticationError( - "Unknown error (salt).") - if init_session.status_code not in (200, ): - raise SRPAuthenticationError( - "No valid response (salt).") - - self.init_data = init_session.json - return self.init_data - - def get_server_proof_data(self): - try: - auth_result = self.session.put( - #self.server + '/1/sessions.json/' + self.username, - self.server + '/1/sessions/' + self.username, - data={'client_auth': binascii.hexlify(self.M)}, - verify=self.verify) - except requests.exceptions.ConnectionError: - raise SRPAuthenticationError( - "No connection made (HAMK).") - - if auth_result.status_code not in (200, ): - raise SRPAuthenticationError( - "No valid response (HAMK).") - - self.auth_data = auth_result.json - return self.auth_data - - def authenticate(self): - logger.debug('start authentication...') - - init_data = self.get_init_data() - salt = init_data.get('salt', None) - B = init_data.get('B', None) - - # XXX refactor this function - # move checks and un-hex - # to routines - - if not salt or not B: - raise SRPAuthenticationError( - "Server did not send initial data.") - - try: - unhex_salt = safe_unhexlify(salt) - except TypeError: - raise SRPAuthenticationError( - "Bad data from server (salt)") - try: - unhex_B = safe_unhexlify(B) - except TypeError: - raise SRPAuthenticationError( - "Bad data from server (B)") - - self.M = self.srp_usr.process_challenge( - unhex_salt, - unhex_B - ) - - proof_data = self.get_server_proof_data() - - HAMK = proof_data.get("M2", None) - if not HAMK: - errors = proof_data.get('errors', None) - if errors: - logger.error(errors) - raise SRPAuthenticationError("Server did not send HAMK.") - - try: - unhex_HAMK = safe_unhexlify(HAMK) - except TypeError: - raise SRPAuthenticationError( - "Bad data from server (HAMK)") - - self.srp_usr.verify_session( - unhex_HAMK) - - try: - assert self.srp_usr.authenticated() - logger.debug('user is authenticated!') - except (AssertionError): - raise SRPAuthenticationError( - "Auth verification failed.") - - def __call__(self, req): - self.authenticate() - req.cookies = self.session.cookies - return req - - -def srpauth_protected(user=None, passwd=None, server=None, verify=True): - """ - decorator factory that accepts - user and password keyword arguments - and add those to the decorated request - """ - def srpauth(fn): - def wrapper(*args, **kwargs): - if user and passwd: - auth = SRPAuth(user, passwd, server, verify) - kwargs['auth'] = auth - kwargs['verify'] = verify - if not args: - logger.warning('attempting to get from empty uri!') - return fn(*args, **kwargs) - return wrapper - return srpauth - - -def get_leap_credentials(): - settings = QtCore.QSettings() - full_username = settings.value('username') - username, domain = full_username.split('@') - seed = settings.value('%s_seed' % domain, None) - password = leapkeyring.leap_get_password(full_username, seed=seed) - return (username, password) - - -# XXX TODO -# Pass verify as single argument, -# in srpauth_protected style - -def magick_srpauth(fn): - """ - decorator that gets user and password - from the config file and adds those to - the decorated request - """ - logger.debug('magick srp auth decorator called') - - def wrapper(*args, **kwargs): - #uri = args[0] - # XXX Ugh! - # Problem with this approach. - # This won't work when we're using - # api.foo.bar - # Unless we keep a table with the - # equivalencies... - user, passwd = get_leap_credentials() - - # XXX pass verify and server too - # (pop) - auth = SRPAuth(user, passwd) - kwargs['auth'] = auth - return fn(*args, **kwargs) - return wrapper - - -if __name__ == "__main__": - """ - To test against test_provider (twisted version) - Register an user: (will be valid during the session) - >>> python auth.py add test password - - Test login with that user: - >>> python auth.py login test password - """ - - import sys - - if len(sys.argv) not in (4, 5): - print 'Usage: auth <add|login> <user> <pass> [server]' - sys.exit(0) - - action = sys.argv[1] - user = sys.argv[2] - passwd = sys.argv[3] - - if len(sys.argv) == 5: - SERVER = sys.argv[4] - else: - SERVER = "https://localhost:8443" - - if action == "login": - - @srpauth_protected( - user=user, passwd=passwd, server=SERVER, verify=False) - def test_srp_protected_get(*args, **kwargs): - req = requests.get(*args, **kwargs) - req.raise_for_status - return req - - #req = test_srp_protected_get('https://localhost:8443/1/cert') - req = test_srp_protected_get('%s/1/cert' % SERVER) - #print 'cert :', req.content[:200] + "..." - print req.content - sys.exit(0) - - if action == "add": - auth = LeapSRPRegister(provider=SERVER, verify=False) - auth.register_user(user, passwd) diff --git a/src/leap/base/authentication.py b/src/leap/base/authentication.py deleted file mode 100644 index 09ff1d07..00000000 --- a/src/leap/base/authentication.py +++ /dev/null @@ -1,11 +0,0 @@ -""" -Authentication Base Class -""" - - -class Authentication(object): - """ - I have no idea how Authentication (certs,?) - will be done, but stub it here. - """ - pass diff --git a/src/leap/base/checks.py b/src/leap/base/checks.py deleted file mode 100644 index 0bf44f59..00000000 --- a/src/leap/base/checks.py +++ /dev/null @@ -1,213 +0,0 @@ -# -*- coding: utf-8 -*- -import logging -import platform -import re -import socket - -import netifaces -import sh - -from leap.base import constants -from leap.base import exceptions - -logger = logging.getLogger(name=__name__) -_platform = platform.system() - -#EVENTS OF NOTE -EVENT_CONNECT_REFUSED = "[ECONNREFUSED]: Connection refused (code=111)" - -ICMP_TARGET = "8.8.8.8" - - -class LeapNetworkChecker(object): - """ - all network related checks - """ - def __init__(self, *args, **kwargs): - provider_gw = kwargs.pop('provider_gw', None) - self.provider_gateway = provider_gw - - def run_all(self, checker=None): - if not checker: - checker = self - #self.error = None # ? - - # for MVS - checker.check_tunnel_default_interface() - checker.check_internet_connection() - checker.is_internet_up() - - if self.provider_gateway: - checker.ping_gateway(self.provider_gateway) - - checker.parse_log_and_react([], ()) - - def check_internet_connection(self): - if _platform == "Linux": - try: - output = sh.ping("-c", "5", "-w", "5", ICMP_TARGET) - # XXX should redirect this to netcheck logger. - # and don't clutter main log. - logger.debug('Network appears to be up.') - except sh.ErrorReturnCode_1 as e: - packet_loss = re.findall("\d+% packet loss", e.message)[0] - logger.debug("Unidentified Connection Error: " + packet_loss) - if not self.is_internet_up(): - error = "No valid internet connection found." - else: - error = "Provider server appears to be down." - - logger.error(error) - raise exceptions.NoInternetConnection(error) - - else: - raise NotImplementedError - - def is_internet_up(self): - iface, gateway = self.get_default_interface_gateway() - try: - self.ping_gateway(self.provider_gateway) - except exceptions.NoConnectionToGateway: - return False - return True - - def _get_route_table_linux(self): - # do not use context manager, tests pass a StringIO - f = open("/proc/net/route") - route_table = f.readlines() - f.close() - #toss out header - route_table.pop(0) - if not route_table: - raise exceptions.NoDefaultInterfaceFoundError - return route_table - - def _get_def_iface_osx(self): - default_iface = None - #gateway = None - routes = list(sh.route('-n', 'get', ICMP_TARGET, _iter=True)) - iface = filter(lambda l: "interface" in l, routes) - if not iface: - return None, None - def_ifacel = re.findall('\w+\d', iface[0]) - default_iface = def_ifacel[0] if def_ifacel else None - if not default_iface: - return None, None - _gw = filter(lambda l: "gateway" in l, routes) - gw = re.findall('\d+\.\d+\.\d+\.\d+', _gw[0])[0] - return default_iface, gw - - def _get_tunnel_iface_linux(self): - # XXX review. - # valid also when local router has a default entry? - route_table = self._get_route_table_linux() - line = route_table.pop(0) - iface, destination = line.split('\t')[0:2] - if not destination == '00000000' or not iface == 'tun0': - raise exceptions.TunnelNotDefaultRouteError() - return True - - def check_tunnel_default_interface(self): - """ - Raises an TunnelNotDefaultRouteError - if tun0 is not the chosen default route - (including when no routes are present) - """ - #logger.debug('checking tunnel default interface...') - - if _platform == "Linux": - valid = self._get_tunnel_iface_linux() - return valid - elif _platform == "Darwin": - default_iface, gw = self._get_def_iface_osx() - #logger.debug('iface: %s', default_iface) - if default_iface != "tun0": - logger.debug('tunnel not default route! gw: %s', default_iface) - # XXX should catch this and act accordingly... - # but rather, this test should only be launched - # when we have successfully completed a connection - # ... TRIGGER: Connection stablished (or whatever it is) - # in the logs - raise exceptions.TunnelNotDefaultRouteError - else: - #logger.debug('PLATFORM !!! %s', _platform) - raise NotImplementedError - - def _get_def_iface_linux(self): - default_iface = None - gateway = None - - route_table = self._get_route_table_linux() - while route_table: - line = route_table.pop(0) - iface, destination, gateway = line.split('\t')[0:3] - if destination == '00000000': - default_iface = iface - break - return default_iface, gateway - - def get_default_interface_gateway(self): - """ - gets the interface we are going thru. - (this should be merged with check tunnel default interface, - imo...) - """ - if _platform == "Linux": - default_iface, gw = self._get_def_iface_linux() - elif _platform == "Darwin": - default_iface, gw = self._get_def_iface_osx() - else: - raise NotImplementedError - - if not default_iface: - raise exceptions.NoDefaultInterfaceFoundError - - if default_iface not in netifaces.interfaces(): - raise exceptions.InterfaceNotFoundError - logger.debug('-- default iface %s', default_iface) - return default_iface, gw - - def ping_gateway(self, gateway): - # TODO: Discuss how much packet loss (%) is acceptable. - - # XXX -- validate gateway - # -- is it a valid ip? (there's something in util) - # -- is it a domain? - # -- can we resolve? -- raise NoDNSError if not. - - # XXX -- sh.ping implemtation needs review! - try: - output = sh.ping("-c", "10", gateway).stdout - except sh.ErrorReturnCode_1 as e: - output = e.message - finally: - packet_loss = int(re.findall("(\d+)% packet loss", output)[0]) - - logger.debug('packet loss %s%%' % packet_loss) - if packet_loss > constants.MAX_ICMP_PACKET_LOSS: - raise exceptions.NoConnectionToGateway - - def check_name_resolution(self, domain_name): - try: - socket.gethostbyname(domain_name) - return True - except socket.gaierror: - raise exceptions.CannotResolveDomainError - - def parse_log_and_react(self, log, error_matrix=None): - """ - compares the recent openvpn status log to - strings passed in and executes the callbacks passed in. - @param log: openvpn log - @type log: list of strings - @param error_matrix: tuples of strings and tuples of callbacks - @type error_matrix: tuples strings and call backs - """ - for line in log: - # we could compile a regex here to save some cycles up -- kali - for each in error_matrix: - error, callbacks = each - if error in line: - for cb in callbacks: - if callable(cb): - cb() diff --git a/src/leap/base/config.py b/src/leap/base/config.py deleted file mode 100644 index 85bb3d66..00000000 --- a/src/leap/base/config.py +++ /dev/null @@ -1,348 +0,0 @@ -""" -Configuration Base Class -""" -import grp -import json -import logging -import re -import socket -import time -import os - -logger = logging.getLogger(name=__name__) - -from dateutil import parser as dateparser -from xdg import BaseDirectory -import requests - -from leap.base import exceptions -from leap.base import constants -from leap.base.pluggableconfig import PluggableConfig -from leap.util.fileutil import (mkdir_p) - -# move to base! -from leap.eip import exceptions as eipexceptions - - -class BaseLeapConfig(object): - slug = None - - # XXX we have to enforce that every derived class - # has a slug (via interface) - # get property getter that raises NI.. - - def save(self): - raise NotImplementedError("abstract base class") - - def load(self): - raise NotImplementedError("abstract base class") - - def get_config(self, *kwargs): - raise NotImplementedError("abstract base class") - - @property - def config(self): - return self.get_config() - - def get_value(self, *kwargs): - raise NotImplementedError("abstract base class") - - -class MetaConfigWithSpec(type): - """ - metaclass for JSONLeapConfig classes. - It creates a configuration spec out of - the `spec` dictionary. The `properties` attribute - of the spec dict is turn into the `schema` attribute - of the new class (which will be used to validate against). - """ - # XXX in the near future, this is the - # place where we want to enforce - # singletons, read-only and similar stuff. - - def __new__(meta, classname, bases, classDict): - schema_obj = classDict.get('spec', None) - - # not quite happy with this workaround. - # I want to raise if missing spec dict, but only - # for grand-children of this metaclass. - # maybe should use abc module for this. - abcderived = ("JSONLeapConfig",) - if schema_obj is None and classname not in abcderived: - raise exceptions.ImproperlyConfigured( - "missing spec dict on your derived class (%s)" % classname) - - # we create a configuration spec attribute - # from the spec dict - config_class = type( - classname + "Spec", - (PluggableConfig, object), - {'options': schema_obj}) - classDict['spec'] = config_class - - return type.__new__(meta, classname, bases, classDict) - -########################################################## -# some hacking still in progress: - -# Configs have: - -# - a slug (from where a filename/folder is derived) -# - a spec (for validation and defaults). -# this spec is conformant to the json-schema. -# basically a dict that will be used -# for type casting and validation, and defaults settings. - -# all config objects, since they are derived from BaseConfig, implement basic -# useful methods: -# - save -# - load - -########################################################## - - -class JSONLeapConfig(BaseLeapConfig): - - __metaclass__ = MetaConfigWithSpec - - def __init__(self, *args, **kwargs): - # sanity check - try: - assert self.slug is not None - except AssertionError: - raise exceptions.ImproperlyConfigured( - "missing slug on JSONLeapConfig" - " derived class") - try: - assert self.spec is not None - except AssertionError: - raise exceptions.ImproperlyConfigured( - "missing spec on JSONLeapConfig" - " derived class") - assert issubclass(self.spec, PluggableConfig) - - self.domain = kwargs.pop('domain', None) - self._config = self.spec(format="json") - self._config.load() - self.fetcher = kwargs.pop('fetcher', requests) - - # mandatory baseconfig interface - - def save(self, to=None, force=False): - """ - force param will skip the dirty check. - :type force: bool - """ - # XXX this force=True does not feel to right - # but still have to look for a better way - # of dealing with dirtiness and the - # trick of loading remote config only - # when newer. - - if force: - do_save = True - else: - do_save = self._config.is_dirty() - - if do_save: - if to is None: - to = self.filename - folder, filename = os.path.split(to) - if folder and not os.path.isdir(folder): - mkdir_p(folder) - self._config.serialize(to) - return True - - else: - return False - - def load(self, fromfile=None, from_uri=None, fetcher=None, - force_download=False, verify=True): - - if from_uri is not None: - fetched = self.fetch( - from_uri, - fetcher=fetcher, - verify=verify, - force_dl=force_download) - if fetched: - return - if fromfile is None: - fromfile = self.filename - if os.path.isfile(fromfile): - self._config.load(fromfile=fromfile) - else: - logger.warning('tried to load config from non-existent path') - logger.warning('Not Found: %s', fromfile) - - def fetch(self, uri, fetcher=None, verify=True, force_dl=False): - if not fetcher: - fetcher = self.fetcher - - logger.debug('uri: %s (verify: %s)' % (uri, verify)) - - rargs = (uri, ) - rkwargs = {'verify': verify} - headers = {} - - curmtime = self.get_mtime() if not force_dl else None - if curmtime: - logger.debug('requesting with if-modified-since %s' % curmtime) - headers['if-modified-since'] = curmtime - rkwargs['headers'] = headers - - #request = fetcher.get(uri, verify=verify) - request = fetcher.get(*rargs, **rkwargs) - request.raise_for_status() - - if request.status_code == 304: - logger.debug('...304 Not Changed') - # On this point, we have to assume that - # we HAD the filename. If that filename is corruct, - # we should enforce a force_download in the load - # method above. - self._config.load(fromfile=self.filename) - return True - - if request.json: - mtime = None - last_modified = request.headers.get('last-modified', None) - if last_modified: - _mtime = dateparser.parse(last_modified) - mtime = int(_mtime.strftime("%s")) - if callable(request.json): - _json = request.json() - else: - # back-compat - _json = request.json - self._config.load(json.dumps(_json), mtime=mtime) - self._config.set_dirty() - else: - # not request.json - # might be server did not announce content properly, - # let's try deserializing all the same. - try: - self._config.load(request.content) - self._config.set_dirty() - except ValueError: - raise eipexceptions.LeapBadConfigFetchedError - - return True - - def get_mtime(self): - try: - _mtime = os.stat(self.filename)[8] - mtime = time.strftime("%c GMT", time.gmtime(_mtime)) - return mtime - except OSError: - return None - - def get_config(self): - return self._config.config - - # public methods - - def get_filename(self): - return self._slug_to_filename() - - @property - def filename(self): - return self.get_filename() - - def validate(self, data): - logger.debug('validating schema') - self._config.validate(data) - return True - - # private - - def _slug_to_filename(self): - # is this going to work in winland if slug is "foo/bar" ? - folder, filename = os.path.split(self.slug) - config_file = get_config_file(filename, folder) - return config_file - - def exists(self): - return os.path.isfile(self.filename) - - -# -# utility functions -# -# (might be moved to some class as we see fit, but -# let's remain functional for a while) -# maybe base.config.util ?? -# - - -def get_config_dir(): - """ - get the base dir for all leap config - @rparam: config path - @rtype: string - """ - home = os.path.expanduser("~") - if re.findall("leap_tests-[_a-zA-Z0-9]{6}", home): - # we're inside a test! :) - return os.path.join(home, ".config/leap") - else: - # XXX dirspec is cross-platform, - # we should borrow some of those - # routines for osx/win and wrap this call. - return os.path.join(BaseDirectory.xdg_config_home, - 'leap') - - -def get_config_file(filename, folder=None): - """ - concatenates the given filename - with leap config dir. - @param filename: name of the file - @type filename: string - @rparam: full path to config file - """ - path = [] - path.append(get_config_dir()) - if folder is not None: - path.append(folder) - path.append(filename) - return os.path.join(*path) - - -def get_default_provider_path(): - default_subpath = os.path.join("providers", - constants.DEFAULT_PROVIDER) - default_provider_path = get_config_file( - '', - folder=default_subpath) - return default_provider_path - - -def get_provider_path(domain): - # XXX if not domain, return get_default_provider_path - default_subpath = os.path.join("providers", domain) - provider_path = get_config_file( - '', - folder=default_subpath) - return provider_path - - -def validate_ip(ip_str): - """ - raises exception if the ip_str is - not a valid representation of an ip - """ - socket.inet_aton(ip_str) - - -def get_username(): - try: - return os.getlogin() - except OSError as e: - import pwd - return pwd.getpwuid(os.getuid())[0] - - -def get_groupname(): - gid = os.getgroups()[-1] - return grp.getgrgid(gid).gr_name diff --git a/src/leap/base/connection.py b/src/leap/base/connection.py deleted file mode 100644 index 41d13935..00000000 --- a/src/leap/base/connection.py +++ /dev/null @@ -1,115 +0,0 @@ -""" -Base Connection Classs -""" -from __future__ import (division, unicode_literals, print_function) - -import logging - -from leap.base.authentication import Authentication - -logger = logging.getLogger(name=__name__) - - -class Connection(Authentication): - # JSONLeapConfig - #spec = {} - - def __init__(self, *args, **kwargs): - self.connection_state = None - self.desired_connection_state = None - #XXX FIXME diamond inheritance gotcha.. - #If you inherit from >1 class, - #super is only initializing one - #of the bases..!! - # I think we better pass config as a constructor - # parameter -- kali 2012-08-30 04:33 - super(Connection, self).__init__(*args, **kwargs) - - def connect(self): - """ - entry point for connection process - """ - pass - - def disconnect(self): - """ - disconnects client - """ - pass - - #def shutdown(self): - #""" - #shutdown and quit - #""" - #self.desired_con_state = self.status.DISCONNECTED - - def connection_state(self): - """ - returns the current connection state - """ - return self.status.current - - def desired_connection_state(self): - """ - returns the desired_connection state - """ - return self.desired_connection_state - - def get_icon_name(self): - """ - get icon name from status object - """ - return self.status.get_state_icon() - - # - # private methods - # - - def _disconnect(self): - """ - private method for disconnecting - """ - if self.subp is not None: - self.subp.terminate() - self.subp = None - # XXX signal state changes! :) - - def _is_alive(self): - """ - don't know yet - """ - pass - - def _connect(self): - """ - entry point for connection cascade methods. - """ - #conn_result = ConState.DISCONNECTED - try: - conn_result = self._try_connection() - except UnrecoverableError as except_msg: - logger.error("FATAL: %s" % unicode(except_msg)) - conn_result = self.status.UNRECOVERABLE - except Exception as except_msg: - self.error_queue.append(except_msg) - logger.error("Failed Connection: %s" % - unicode(except_msg)) - return conn_result - - -class ConnectionError(Exception): - """ - generic connection error - """ - def __str__(self): - if len(self.args) >= 1: - return repr(self.args[0]) - else: - raise self() - - -class UnrecoverableError(ConnectionError): - """ - we cannot do anything about it, sorry - """ - pass diff --git a/src/leap/base/constants.py b/src/leap/base/constants.py deleted file mode 100644 index f5665e5f..00000000 --- a/src/leap/base/constants.py +++ /dev/null @@ -1,42 +0,0 @@ -"""constants to be used in base module""" -from leap import __branding -APP_NAME = __branding.get("short_name", "leap-client") -OPENVPN_BIN = "openvpn" - -# default provider placeholder -# using `example.org` we make sure that this -# is not going to be resolved during the tests phases -# (we expect testers to add it to their /etc/hosts - -DEFAULT_PROVIDER = __branding.get( - "provider_domain", - "testprovider.example.org") - -DEFINITION_EXPECTED_PATH = "provider.json" - -DEFAULT_PROVIDER_DEFINITION = { - u"api_uri": "https://api.%s/" % DEFAULT_PROVIDER, - u"api_version": u"1", - u"ca_cert_fingerprint": "SHA256: fff", - u"ca_cert_uri": u"https://%s/ca.crt" % DEFAULT_PROVIDER, - u"default_language": u"en", - u"description": { - u"en": u"A demonstration service provider using the LEAP platform" - }, - u"domain": "%s" % DEFAULT_PROVIDER, - u"enrollment_policy": u"open", - u"languages": [ - u"en" - ], - u"name": { - u"en": u"Test Provider" - }, - u"services": [ - "openvpn" - ] -} - - -MAX_ICMP_PACKET_LOSS = 10 - -ROUTE_CHECK_INTERVAL = 10 diff --git a/src/leap/base/exceptions.py b/src/leap/base/exceptions.py deleted file mode 100644 index 2e31b33b..00000000 --- a/src/leap/base/exceptions.py +++ /dev/null @@ -1,97 +0,0 @@ -""" -Exception attributes and their meaning/uses -------------------------------------------- - -* critical: if True, will abort execution prematurely, - after attempting any cleaning - action. - -* failfirst: breaks any error_check loop that is examining - the error queue. - -* message: the message that will be used in the __repr__ of the exception. - -* usermessage: the message that will be passed to user in ErrorDialogs - in Qt-land. -""" -from leap.util.translations import translate - - -class LeapException(Exception): - """ - base LeapClient exception - sets some parameters that we will check - during error checking routines - """ - - critical = False - failfirst = False - warning = False - - -class CriticalError(LeapException): - """ - we cannot do anything about it - """ - critical = True - failfirst = True - - -# In use ??? -# don't thing so. purge if not... - -class MissingConfigFileError(Exception): - pass - - -class ImproperlyConfigured(Exception): - pass - - -# NOTE: "Errors" (context) has to be a explicit string! - - -class InterfaceNotFoundError(LeapException): - # XXX should take iface arg on init maybe? - message = "interface not found" - usermessage = translate( - "Errors", - "Interface not found") - - -class NoDefaultInterfaceFoundError(LeapException): - message = "no default interface found" - usermessage = translate( - "Errors", - "Looks like your computer " - "is not connected to the internet") - - -class NoConnectionToGateway(CriticalError): - message = "no connection to gateway" - usermessage = translate( - "Errors", - "Looks like there are problems " - "with your internet connection") - - -class NoInternetConnection(CriticalError): - message = "No Internet connection found" - usermessage = translate( - "Errors", - "It looks like there is no internet connection.") - # and now we try to connect to our web to troubleshoot LOL :P - - -class CannotResolveDomainError(LeapException): - message = "Cannot resolve domain" - usermessage = translate( - "Errors", - "Domain cannot be found") - - -class TunnelNotDefaultRouteError(LeapException): - message = "Tunnel connection dissapeared. VPN down?" - usermessage = translate( - "Errors", - "The Encrypted Connection was lost.") diff --git a/src/leap/base/jsonschema.py b/src/leap/base/jsonschema.py deleted file mode 100644 index 56689b08..00000000 --- a/src/leap/base/jsonschema.py +++ /dev/null @@ -1,791 +0,0 @@ -""" -An implementation of JSON Schema for Python - -The main functionality is provided by the validator classes for each of the -supported JSON Schema versions. - -Most commonly, :func:`validate` is the quickest way to simply validate a given -instance under a schema, and will create a validator for you. - -""" - -from __future__ import division, unicode_literals - -import collections -import json -import itertools -import operator -import re -import sys - - -__version__ = "0.8.0" - -PY3 = sys.version_info[0] >= 3 - -if PY3: - from urllib import parse as urlparse - from urllib.parse import unquote - from urllib.request import urlopen - basestring = unicode = str - iteritems = operator.methodcaller("items") -else: - from itertools import izip as zip - from urllib import unquote - from urllib2 import urlopen - import urlparse - iteritems = operator.methodcaller("iteritems") - - -FLOAT_TOLERANCE = 10 ** -15 -validators = {} - - -def validates(version): - """ - Register the decorated validator for a ``version`` of the specification. - - Registered validators and their meta schemas will be considered when - parsing ``$schema`` properties' URIs. - - :argument str version: an identifier to use as the version's name - :returns: a class decorator to decorate the validator with the version - - """ - - def _validates(cls): - validators[version] = cls - return cls - return _validates - - -class UnknownType(Exception): - """ - An attempt was made to check if an instance was of an unknown type. - - """ - - -class RefResolutionError(Exception): - """ - A JSON reference failed to resolve. - - """ - - -class SchemaError(Exception): - """ - The provided schema is malformed. - - The same attributes are present as for :exc:`ValidationError`\s. - - """ - - def __init__(self, message, validator=None, path=()): - super(SchemaError, self).__init__(message, validator, path) - self.message = message - self.path = list(path) - self.validator = validator - - def __str__(self): - return self.message - - -class ValidationError(Exception): - """ - The instance didn't properly validate under the provided schema. - - Relevant attributes are: - * ``message`` : a human readable message explaining the error - * ``path`` : a list containing the path to the offending element (or [] - if the error happened globally) in *reverse* order (i.e. - deepest index first). - - """ - - def __init__(self, message, validator=None, path=()): - # Any validator that recurses (e.g. properties and items) must append - # to the ValidationError's path to properly maintain where in the - # instance the error occurred - super(ValidationError, self).__init__(message, validator, path) - self.message = message - self.path = list(path) - self.validator = validator - - def __str__(self): - return self.message - - -@validates("draft3") -class Draft3Validator(object): - """ - A validator for JSON Schema draft 3. - - """ - - DEFAULT_TYPES = { - "array": list, "boolean": bool, "integer": int, "null": type(None), - "number": (int, float), "object": dict, "string": basestring, - } - - def __init__(self, schema, types=(), resolver=None): - self._types = dict(self.DEFAULT_TYPES) - self._types.update(types) - - if resolver is None: - resolver = RefResolver.from_schema(schema) - - self.resolver = resolver - self.schema = schema - - def is_type(self, instance, type): - if type == "any": - return True - elif type not in self._types: - raise UnknownType(type) - type = self._types[type] - - # bool inherits from int, so ensure bools aren't reported as integers - if isinstance(instance, bool): - type = _flatten(type) - if int in type and bool not in type: - return False - return isinstance(instance, type) - - def is_valid(self, instance, _schema=None): - error = next(self.iter_errors(instance, _schema), None) - return error is None - - @classmethod - def check_schema(cls, schema): - for error in cls(cls.META_SCHEMA).iter_errors(schema): - raise SchemaError( - error.message, validator=error.validator, path=error.path, - ) - - def iter_errors(self, instance, _schema=None): - if _schema is None: - _schema = self.schema - - for k, v in iteritems(_schema): - validator = getattr(self, "validate_%s" % (k.lstrip("$"),), None) - - if validator is None: - continue - - errors = validator(v, instance, _schema) or () - for error in errors: - # set the validator if it wasn't already set by the called fn - if error.validator is None: - error.validator = k - yield error - - def validate(self, *args, **kwargs): - for error in self.iter_errors(*args, **kwargs): - raise error - - def validate_type(self, types, instance, schema): - types = _list(types) - - for type in types: - if self.is_type(type, "object"): - if self.is_valid(instance, type): - return - elif self.is_type(type, "string"): - if self.is_type(instance, type): - return - else: - yield ValidationError(_types_msg(instance, types)) - - def validate_properties(self, properties, instance, schema): - if not self.is_type(instance, "object"): - return - - for property, subschema in iteritems(properties): - if property in instance: - for error in self.iter_errors(instance[property], subschema): - error.path.append(property) - yield error - elif subschema.get("required", False): - yield ValidationError( - "%r is a required property" % (property,), - validator="required", - path=[property], - ) - - def validate_patternProperties(self, patternProperties, instance, schema): - if not self.is_type(instance, "object"): - return - - for pattern, subschema in iteritems(patternProperties): - for k, v in iteritems(instance): - if re.match(pattern, k): - for error in self.iter_errors(v, subschema): - yield error - - def validate_additionalProperties(self, aP, instance, schema): - if not self.is_type(instance, "object"): - return - - extras = set(_find_additional_properties(instance, schema)) - - if self.is_type(aP, "object"): - for extra in extras: - for error in self.iter_errors(instance[extra], aP): - yield error - elif not aP and extras: - error = "Additional properties are not allowed (%s %s unexpected)" - yield ValidationError(error % _extras_msg(extras)) - - def validate_dependencies(self, dependencies, instance, schema): - if not self.is_type(instance, "object"): - return - - for property, dependency in iteritems(dependencies): - if property not in instance: - continue - - if self.is_type(dependency, "object"): - for error in self.iter_errors(instance, dependency): - yield error - else: - dependencies = _list(dependency) - for dependency in dependencies: - if dependency not in instance: - yield ValidationError( - "%r is a dependency of %r" % (dependency, property) - ) - - def validate_items(self, items, instance, schema): - if not self.is_type(instance, "array"): - return - - if self.is_type(items, "object"): - for index, item in enumerate(instance): - for error in self.iter_errors(item, items): - error.path.append(index) - yield error - else: - for (index, item), subschema in zip(enumerate(instance), items): - for error in self.iter_errors(item, subschema): - error.path.append(index) - yield error - - def validate_additionalItems(self, aI, instance, schema): - if ( - not self.is_type(instance, "array") or - not self.is_type(schema.get("items"), "array") - ): - return - - if self.is_type(aI, "object"): - for item in instance[len(schema):]: - for error in self.iter_errors(item, aI): - yield error - elif not aI and len(instance) > len(schema.get("items", [])): - error = "Additional items are not allowed (%s %s unexpected)" - yield ValidationError( - error % _extras_msg(instance[len(schema.get("items", [])):]) - ) - - def validate_minimum(self, minimum, instance, schema): - if not self.is_type(instance, "number"): - return - - instance = float(instance) - if schema.get("exclusiveMinimum", False): - failed = instance <= minimum - cmp = "less than or equal to" - else: - failed = instance < minimum - cmp = "less than" - - if failed: - yield ValidationError( - "%r is %s the minimum of %r" % (instance, cmp, minimum) - ) - - def validate_maximum(self, maximum, instance, schema): - if not self.is_type(instance, "number"): - return - - instance = float(instance) - if schema.get("exclusiveMaximum", False): - failed = instance >= maximum - cmp = "greater than or equal to" - else: - failed = instance > maximum - cmp = "greater than" - - if failed: - yield ValidationError( - "%r is %s the maximum of %r" % (instance, cmp, maximum) - ) - - def validate_minItems(self, mI, instance, schema): - if self.is_type(instance, "array") and len(instance) < mI: - yield ValidationError("%r is too short" % (instance,)) - - def validate_maxItems(self, mI, instance, schema): - if self.is_type(instance, "array") and len(instance) > mI: - yield ValidationError("%r is too long" % (instance,)) - - def validate_uniqueItems(self, uI, instance, schema): - if uI and self.is_type(instance, "array") and not _uniq(instance): - yield ValidationError("%r has non-unique elements" % instance) - - def validate_pattern(self, patrn, instance, schema): - if self.is_type(instance, "string") and not re.match(patrn, instance): - yield ValidationError("%r does not match %r" % (instance, patrn)) - - def validate_minLength(self, mL, instance, schema): - if self.is_type(instance, "string") and len(instance) < mL: - yield ValidationError("%r is too short" % (instance,)) - - def validate_maxLength(self, mL, instance, schema): - if self.is_type(instance, "string") and len(instance) > mL: - yield ValidationError("%r is too long" % (instance,)) - - def validate_enum(self, enums, instance, schema): - if instance not in enums: - yield ValidationError("%r is not one of %r" % (instance, enums)) - - def validate_divisibleBy(self, dB, instance, schema): - if not self.is_type(instance, "number"): - return - - if isinstance(dB, float): - mod = instance % dB - failed = (mod > FLOAT_TOLERANCE) and (dB - mod) > FLOAT_TOLERANCE - else: - failed = instance % dB - - if failed: - yield ValidationError("%r is not divisible by %r" % (instance, dB)) - - def validate_disallow(self, disallow, instance, schema): - for disallowed in _list(disallow): - if self.is_valid(instance, {"type": [disallowed]}): - yield ValidationError( - "%r is disallowed for %r" % (disallowed, instance) - ) - - def validate_extends(self, extends, instance, schema): - if self.is_type(extends, "object"): - extends = [extends] - for subschema in extends: - for error in self.iter_errors(instance, subschema): - yield error - - def validate_ref(self, ref, instance, schema): - resolved = self.resolver.resolve(ref) - for error in self.iter_errors(instance, resolved): - yield error - - -Draft3Validator.META_SCHEMA = { - "$schema": "http://json-schema.org/draft-03/schema#", - "id": "http://json-schema.org/draft-03/schema#", - "type": "object", - - "properties": { - "type": { - "type": ["string", "array"], - "items": {"type": ["string", {"$ref": "#"}]}, - "uniqueItems": True, - "default": "any" - }, - "properties": { - "type": "object", - "additionalProperties": {"$ref": "#", "type": "object"}, - "default": {} - }, - "patternProperties": { - "type": "object", - "additionalProperties": {"$ref": "#"}, - "default": {} - }, - "additionalProperties": { - "type": [{"$ref": "#"}, "boolean"], "default": {} - }, - "items": { - "type": [{"$ref": "#"}, "array"], - "items": {"$ref": "#"}, - "default": {} - }, - "additionalItems": { - "type": [{"$ref": "#"}, "boolean"], "default": {} - }, - "required": {"type": "boolean", "default": False}, - "dependencies": { - "type": ["string", "array", "object"], - "additionalProperties": { - "type": ["string", "array", {"$ref": "#"}], - "items": {"type": "string"} - }, - "default": {} - }, - "minimum": {"type": "number"}, - "maximum": {"type": "number"}, - "exclusiveMinimum": {"type": "boolean", "default": False}, - "exclusiveMaximum": {"type": "boolean", "default": False}, - "minItems": {"type": "integer", "minimum": 0, "default": 0}, - "maxItems": {"type": "integer", "minimum": 0}, - "uniqueItems": {"type": "boolean", "default": False}, - "pattern": {"type": "string", "format": "regex"}, - "minLength": {"type": "integer", "minimum": 0, "default": 0}, - "maxLength": {"type": "integer"}, - "enum": {"type": "array", "minItems": 1, "uniqueItems": True}, - "default": {"type": "any"}, - "title": {"type": "string"}, - "description": {"type": "string"}, - "format": {"type": "string"}, - "maxDecimal": {"type": "number", "minimum": 0}, - "divisibleBy": { - "type": "number", - "minimum": 0, - "exclusiveMinimum": True, - "default": 1 - }, - "disallow": { - "type": ["string", "array"], - "items": {"type": ["string", {"$ref": "#"}]}, - "uniqueItems": True - }, - "extends": { - "type": [{"$ref": "#"}, "array"], - "items": {"$ref": "#"}, - "default": {} - }, - "id": {"type": "string", "format": "uri"}, - "$ref": {"type": "string", "format": "uri"}, - "$schema": {"type": "string", "format": "uri"}, - }, - "dependencies": { - "exclusiveMinimum": "minimum", "exclusiveMaximum": "maximum" - }, -} - - -class RefResolver(object): - """ - Resolve JSON References. - - :argument str base_uri: URI of the referring document - :argument referrer: the actual referring document - :argument dict store: a mapping from URIs to documents to cache - - """ - - def __init__(self, base_uri, referrer, store=()): - self.base_uri = base_uri - self.referrer = referrer - self.store = dict(store, **_meta_schemas()) - - @classmethod - def from_schema(cls, schema, *args, **kwargs): - """ - Construct a resolver from a JSON schema object. - - :argument schema schema: the referring schema - :rtype: :class:`RefResolver` - - """ - - return cls(schema.get("id", ""), schema, *args, **kwargs) - - def resolve(self, ref): - """ - Resolve a JSON ``ref``. - - :argument str ref: reference to resolve - :returns: the referrant document - - """ - - base_uri = self.base_uri - uri, fragment = urlparse.urldefrag(urlparse.urljoin(base_uri, ref)) - - if uri in self.store: - document = self.store[uri] - elif not uri or uri == self.base_uri: - document = self.referrer - else: - document = self.resolve_remote(uri) - - return self.resolve_fragment(document, fragment.lstrip("/")) - - def resolve_fragment(self, document, fragment): - """ - Resolve a ``fragment`` within the referenced ``document``. - - :argument document: the referrant document - :argument str fragment: a URI fragment to resolve within it - - """ - - parts = unquote(fragment).split("/") if fragment else [] - - for part in parts: - part = part.replace("~1", "/").replace("~0", "~") - - if part not in document: - raise RefResolutionError( - "Unresolvable JSON pointer: %r" % fragment - ) - - document = document[part] - - return document - - def resolve_remote(self, uri): - """ - Resolve a remote ``uri``. - - Does not check the store first. - - :argument str uri: the URI to resolve - :returns: the retrieved document - - """ - - return json.load(urlopen(uri)) - - -class ErrorTree(object): - """ - ErrorTrees make it easier to check which validations failed. - - """ - - def __init__(self, errors=()): - self.errors = {} - self._contents = collections.defaultdict(self.__class__) - - for error in errors: - container = self - for element in reversed(error.path): - container = container[element] - container.errors[error.validator] = error - - def __contains__(self, k): - return k in self._contents - - def __getitem__(self, k): - """ - Retrieve the child tree with key ``k``. - - """ - - return self._contents[k] - - def __setitem__(self, k, v): - self._contents[k] = v - - def __iter__(self): - return iter(self._contents) - - def __len__(self): - return self.total_errors - - def __repr__(self): - return "<%s (%s total errors)>" % (self.__class__.__name__, len(self)) - - @property - def total_errors(self): - """ - The total number of errors in the entire tree, including children. - - """ - - child_errors = sum(len(tree) for _, tree in iteritems(self._contents)) - return len(self.errors) + child_errors - - -def _meta_schemas(): - """ - Collect the urls and meta schemas from each known validator. - - """ - - meta_schemas = (v.META_SCHEMA for v in validators.values()) - return dict((urlparse.urldefrag(m["id"])[0], m) for m in meta_schemas) - - -def _find_additional_properties(instance, schema): - """ - Return the set of additional properties for the given ``instance``. - - Weeds out properties that should have been validated by ``properties`` and - / or ``patternProperties``. - - Assumes ``instance`` is dict-like already. - - """ - - properties = schema.get("properties", {}) - patterns = "|".join(schema.get("patternProperties", {})) - for property in instance: - if property not in properties: - if patterns and re.search(patterns, property): - continue - yield property - - -def _extras_msg(extras): - """ - Create an error message for extra items or properties. - - """ - - if len(extras) == 1: - verb = "was" - else: - verb = "were" - return ", ".join(repr(extra) for extra in extras), verb - - -def _types_msg(instance, types): - """ - Create an error message for a failure to match the given types. - - If the ``instance`` is an object and contains a ``name`` property, it will - be considered to be a description of that object and used as its type. - - Otherwise the message is simply the reprs of the given ``types``. - - """ - - reprs = [] - for type in types: - try: - reprs.append(repr(type["name"])) - except Exception: - reprs.append(repr(type)) - return "%r is not of type %s" % (instance, ", ".join(reprs)) - - -def _flatten(suitable_for_isinstance): - """ - isinstance() can accept a bunch of really annoying different types: - * a single type - * a tuple of types - * an arbitrary nested tree of tuples - - Return a flattened tuple of the given argument. - - """ - - types = set() - - if not isinstance(suitable_for_isinstance, tuple): - suitable_for_isinstance = (suitable_for_isinstance,) - for thing in suitable_for_isinstance: - if isinstance(thing, tuple): - types.update(_flatten(thing)) - else: - types.add(thing) - return tuple(types) - - -def _list(thing): - """ - Wrap ``thing`` in a list if it's a single str. - - Otherwise, return it unchanged. - - """ - - if isinstance(thing, basestring): - return [thing] - return thing - - -def _delist(thing): - """ - Unwrap ``thing`` to a single element if its a single str in a list. - - Otherwise, return it unchanged. - - """ - - if ( - isinstance(thing, list) and - len(thing) == 1 - and isinstance(thing[0], basestring) - ): - return thing[0] - return thing - - -def _unbool(element, true=object(), false=object()): - """ - A hack to make True and 1 and False and 0 unique for _uniq. - - """ - - if element is True: - return true - elif element is False: - return false - return element - - -def _uniq(container): - """ - Check if all of a container's elements are unique. - - Successively tries first to rely that the elements are hashable, then - falls back on them being sortable, and finally falls back on brute - force. - - """ - - try: - return len(set(_unbool(i) for i in container)) == len(container) - except TypeError: - try: - sort = sorted(_unbool(i) for i in container) - sliced = itertools.islice(sort, 1, None) - for i, j in zip(sort, sliced): - if i == j: - return False - except (NotImplementedError, TypeError): - seen = [] - for e in container: - e = _unbool(e) - if e in seen: - return False - seen.append(e) - return True - - -def validate(instance, schema, cls=Draft3Validator, *args, **kwargs): - """ - Validate an ``instance`` under the given ``schema``. - - >>> validate([2, 3, 4], {"maxItems" : 2}) - Traceback (most recent call last): - ... - ValidationError: [2, 3, 4] is too long - - :func:`validate` will first verify that the provided schema is itself - valid, since not doing so can lead to less obvious error messages and fail - in less obvious or consistent ways. If you know you have a valid schema - already or don't care, you might prefer using the ``validate`` method - directly on a specific validator (e.g. :meth:`Draft3Validator.validate`). - - ``cls`` is a validator class that will be used to validate the instance. - By default this is a draft 3 validator. Any other provided positional and - keyword arguments will be provided to this class when constructing a - validator. - - :raises: - :exc:`ValidationError` if the instance is invalid - - :exc:`SchemaError` if the schema itself is invalid - - """ - - cls.check_schema(schema) - cls(schema, *args, **kwargs).validate(instance) diff --git a/src/leap/base/network.py b/src/leap/base/network.py deleted file mode 100644 index d841e692..00000000 --- a/src/leap/base/network.py +++ /dev/null @@ -1,107 +0,0 @@ -# -*- coding: utf-8 -*- -from __future__ import (print_function) -import logging -import threading - -from leap.eip import config as eipconfig -from leap.base.checks import LeapNetworkChecker -from leap.base.constants import ROUTE_CHECK_INTERVAL -from leap.base.exceptions import TunnelNotDefaultRouteError -from leap.util.misc import null_check -from leap.util.coroutines import (launch_thread, process_events) - -from time import sleep - -logger = logging.getLogger(name=__name__) - - -class NetworkCheckerThread(object): - """ - Manages network checking thread that makes sure we have a working network - connection. - """ - def __init__(self, *args, **kwargs): - - self.status_signals = kwargs.pop('status_signals', None) - self.error_cb = kwargs.pop( - 'error_cb', - lambda exc: logger.error("%s", exc.message)) - self.shutdown = threading.Event() - - # XXX get provider passed here - provider = kwargs.pop('provider', None) - null_check(provider, 'provider') - - eipconf = eipconfig.EIPConfig(domain=provider) - eipconf.load() - eipserviceconf = eipconfig.EIPServiceConfig(domain=provider) - eipserviceconf.load() - - gw = eipconfig.get_eip_gateway( - eipconfig=eipconf, - eipserviceconfig=eipserviceconf) - self.checker = LeapNetworkChecker( - provider_gw=gw) - - def start(self): - self.process_handle = self._launch_recurrent_network_checks( - (self.error_cb,)) - - def stop(self): - self.process_handle.join(timeout=0.1) - self.shutdown.set() - logger.debug("network checked stopped.") - - def run_checks(self): - pass - - #private methods - - #here all the observers in fail_callbacks expect one positional argument, - #which is exception so we can try by passing a lambda with logger to - #check it works. - - def _network_checks_thread(self, fail_callbacks): - #TODO: replace this with waiting for a signal from openvpn - while True: - try: - self.checker.check_tunnel_default_interface() - break - except TunnelNotDefaultRouteError: - # XXX ??? why do we sleep here??? - # aa: If the openvpn isn't up and running yet, - # let's give it a moment to breath. - #logger.error('NOT DEFAULT ROUTE!----') - # Instead of this, we should flag when the - # iface IS SUPPOSED to be up imo. -- kali - sleep(1) - - fail_observer_dict = dict((( - observer, - process_events(observer)) for observer in fail_callbacks)) - - while not self.shutdown.is_set(): - try: - self.checker.check_tunnel_default_interface() - self.checker.check_internet_connection() - sleep(ROUTE_CHECK_INTERVAL) - except Exception as exc: - for obs in fail_observer_dict: - fail_observer_dict[obs].send(exc) - sleep(ROUTE_CHECK_INTERVAL) - - #reset event - # I see a problem with this. You cannot stop it, it - # resets itself forever. -- kali - - # XXX use QTimer for the recurrent triggers, - # and ditch the sleeps. - logger.debug('resetting event') - self.shutdown.clear() - - def _launch_recurrent_network_checks(self, fail_callbacks): - # XXX reimplement using QTimer -- kali - watcher = launch_thread( - self._network_checks_thread, - (fail_callbacks,)) - return watcher diff --git a/src/leap/base/pluggableconfig.py b/src/leap/base/pluggableconfig.py deleted file mode 100644 index 6f9f3f6f..00000000 --- a/src/leap/base/pluggableconfig.py +++ /dev/null @@ -1,462 +0,0 @@ -""" -generic configuration handlers -""" -import copy -import json -import logging -import os -import time -import urlparse - -import jsonschema - -from leap.util.translations import LEAPTranslatable - -logger = logging.getLogger(__name__) - - -__all__ = ['PluggableConfig', - 'adaptors', - 'types', - 'UnknownOptionException', - 'MissingValueException', - 'ConfigurationProviderException', - 'TypeCastException'] - -# exceptions - - -class ValidationError(Exception): - pass - - -class UnknownOptionException(Exception): - """exception raised when a non-configuration - value is present in the configuration""" - - -class MissingValueException(Exception): - """exception raised when a required value is missing""" - - -class ConfigurationProviderException(Exception): - """exception raised when a configuration provider is missing, etc""" - - -class TypeCastException(Exception): - """exception raised when a - configuration item cannot be coerced to a type""" - - -class ConfigAdaptor(object): - """ - abstract base class for config adaotors for - serialization/deserialization and custom validation - and type casting. - """ - def read(self, filename): - raise NotImplementedError("abstract base class") - - def write(self, config, filename): - with open(filename, 'w') as f: - self._write(f, config) - - def _write(self, fp, config): - raise NotImplementedError("abstract base class") - - def validate(self, config, schema): - raise NotImplementedError("abstract base class") - - -adaptors = {} - - -class JSONSchemaEncoder(json.JSONEncoder): - """ - custom default encoder that - casts python objects to json objects for - the schema validation - """ - def default(self, obj): - if obj is str: - return 'string' - if obj is unicode: - return 'string' - if obj is int: - return 'integer' - if obj is list: - return 'array' - if obj is dict: - return 'object' - if obj is bool: - return 'boolean' - - -class JSONAdaptor(ConfigAdaptor): - indent = 2 - extensions = ['json'] - - def read(self, _from): - if isinstance(_from, file): - _from_string = _from.read() - if isinstance(_from, str): - _from_string = _from - return json.loads(_from_string) - - def _write(self, fp, config): - fp.write(json.dumps(config, - indent=self.indent, - sort_keys=True)) - - def validate(self, config, schema_obj): - schema_json = JSONSchemaEncoder().encode(schema_obj) - schema = json.loads(schema_json) - try: - jsonschema.validate(config, schema) - except jsonschema.ValidationError: - raise ValidationError - - -adaptors['json'] = JSONAdaptor() - -# -# Adaptors -# -# Allow to apply a predefined set of types to the -# specs, so it checks the validity of formats and cast it -# to proper python types. - -# TODO: -# - HTTPS uri - - -class DateType(object): - fmt = '%Y-%m-%d' - - def to_python(self, data): - return time.strptime(data, self.fmt) - - def get_prep_value(self, data): - return time.strftime(self.fmt, data) - - -class TranslatableType(object): - """ - a type that casts to LEAPTranslatable objects. - Used for labels we get from providers and stuff. - """ - - def to_python(self, data): - return LEAPTranslatable(data) - - # needed? we already have an extended dict... - #def get_prep_value(self, data): - #return dict(data) - - -class URIType(object): - - def to_python(self, data): - parsed = urlparse.urlparse(data) - if not parsed.scheme: - raise TypeCastException("uri %s has no schema" % data) - return parsed - - def get_prep_value(self, data): - return data.geturl() - - -class HTTPSURIType(object): - - def to_python(self, data): - parsed = urlparse.urlparse(data) - if not parsed.scheme: - raise TypeCastException("uri %s has no schema" % data) - if parsed.scheme != "https": - raise TypeCastException( - "uri %s does not has " - "https schema" % data) - return parsed - - def get_prep_value(self, data): - return data.geturl() - - -types = { - 'date': DateType(), - 'uri': URIType(), - 'https-uri': HTTPSURIType(), - 'translatable': TranslatableType(), -} - - -class PluggableConfig(object): - - options = {} - - def __init__(self, - adaptors=adaptors, - types=types, - format=None): - - self.config = {} - self.adaptors = adaptors - self.types = types - self._format = format - self.mtime = None - self.dirty = False - - @property - def option_dict(self): - if hasattr(self, 'options') and isinstance(self.options, dict): - return self.options.get('properties', None) - - def items(self): - """ - act like an iterator - """ - if isinstance(self.option_dict, dict): - return self.option_dict.items() - return self.options - - def validate(self, config, format=None): - """ - validate config - """ - schema = self.options - if format is None: - format = self._format - - if format: - adaptor = self.get_adaptor(self._format) - adaptor.validate(config, schema) - else: - # we really should make format mandatory... - logger.error('no format passed to validate') - - # first round of validation is ok. - # now we proceed to cast types if any specified. - self.to_python(config) - - def to_python(self, config): - """ - cast types following first type and then format indications. - """ - unseen_options = [i for i in config if i not in self.option_dict] - if unseen_options: - raise UnknownOptionException( - "Unknown options: %s" % ', '.join(unseen_options)) - - for key, value in config.items(): - _type = self.option_dict[key].get('type') - if _type is None and 'default' in self.option_dict[key]: - _type = type(self.option_dict[key]['default']) - if _type is not None: - tocast = True - if not callable(_type) and isinstance(value, _type): - tocast = False - if tocast: - try: - config[key] = _type(value) - except BaseException, e: - raise TypeCastException( - "Could not coerce %s, %s, " - "to type %s: %s" % (key, value, _type.__name__, e)) - _format = self.option_dict[key].get('format', None) - _ftype = self.types.get(_format, None) - if _ftype: - try: - config[key] = _ftype.to_python(value) - except BaseException, e: - raise TypeCastException( - "Could not coerce %s, %s, " - "to format %s: %s" % (key, value, - _ftype.__class__.__name__, - e)) - - return config - - def prep_value(self, config): - """ - the inverse of to_python method, - called just before serialization - """ - for key, value in config.items(): - _format = self.option_dict[key].get('format', None) - _ftype = self.types.get(_format, None) - if _ftype and hasattr(_ftype, 'get_prep_value'): - try: - config[key] = _ftype.get_prep_value(value) - except BaseException, e: - raise TypeCastException( - "Could not serialize %s, %s, " - "by format %s: %s" % (key, value, - _ftype.__class__.__name__, - e)) - else: - config[key] = value - return config - - # methods for adding configuration - - def get_default_values(self): - """ - return a config options from configuration defaults - """ - defaults = {} - for key, value in self.items(): - if 'default' in value: - defaults[key] = value['default'] - return copy.deepcopy(defaults) - - def get_adaptor(self, format): - """ - get specified format adaptor or - guess for a given filename - """ - adaptor = self.adaptors.get(format, None) - if adaptor: - return adaptor - - # not registered in adaptors dict, let's try all - for adaptor in self.adaptors.values(): - if format in adaptor.extensions: - return adaptor - - def filename2format(self, filename): - extension = os.path.splitext(filename)[-1] - return extension.lstrip('.') or None - - def serialize(self, filename, format=None, full=False): - if not format: - format = self._format - if not format: - format = self.filename2format(filename) - if not format: - raise Exception('Please specify a format') - # TODO: more specific exception type - - adaptor = self.get_adaptor(format) - if not adaptor: - raise Exception("Adaptor not found for format: %s" % format) - - config = copy.deepcopy(self.config) - serializable = self.prep_value(config) - adaptor.write(serializable, filename) - - if self.mtime: - self.touch_mtime(filename) - - def touch_mtime(self, filename): - mtime = self.mtime - os.utime(filename, (mtime, mtime)) - - def deserialize(self, string=None, fromfile=None, format=None): - """ - load configuration from a file or string - """ - - def _try_deserialize(): - if fromfile: - with open(fromfile, 'r') as f: - content = adaptor.read(f) - elif string: - content = adaptor.read(string) - return content - - # XXX cleanup this! - - if fromfile: - assert os.path.exists(fromfile) - if not format: - format = self.filename2format(fromfile) - - if not format: - format = self._format - if format: - adaptor = self.get_adaptor(format) - else: - adaptor = None - - if adaptor: - content = _try_deserialize() - return content - - # no adaptor, let's try rest of adaptors - - adaptors = self.adaptors[:] - - if format: - adaptors.sort( - key=lambda x: int( - format in x.extensions), - reverse=True) - - for adaptor in adaptors: - content = _try_deserialize() - return content - - def set_dirty(self): - self.dirty = True - - def is_dirty(self): - return self.dirty - - def load(self, *args, **kwargs): - """ - load from string or file - if no string of fromfile option is given, - it will attempt to load from defaults - defined in the schema. - """ - string = args[0] if args else None - fromfile = kwargs.get("fromfile", None) - mtime = kwargs.pop("mtime", None) - self.mtime = mtime - content = None - - # start with defaults, so we can - # have partial values applied. - content = self.get_default_values() - if string and isinstance(string, str): - content = self.deserialize(string) - - if not string and fromfile is not None: - #import ipdb;ipdb.set_trace() - content = self.deserialize(fromfile=fromfile) - - if not content: - logger.error('no content could be loaded') - # XXX raise! - return - - # lazy evaluation until first level of nesting - # to allow lambdas with context-dependant info - # like os.path.expanduser - for k, v in content.iteritems(): - if callable(v): - content[k] = v() - - self.validate(content) - self.config = content - return True - - -def testmain(): # pragma: no cover - - from tests import test_validation as t - import pprint - - config = PluggableConfig(_format="json") - properties = copy.deepcopy(t.sample_spec) - - config.options = properties - config.load(fromfile='data.json') - - print 'config' - pprint.pprint(config.config) - - config.serialize('/tmp/testserial.json') - -if __name__ == "__main__": - testmain() diff --git a/src/leap/base/providers.py b/src/leap/base/providers.py deleted file mode 100644 index d41f3695..00000000 --- a/src/leap/base/providers.py +++ /dev/null @@ -1,29 +0,0 @@ -"""all dealing with leap-providers: definition files, updating""" -from leap.base import config as baseconfig -from leap.base import specs - - -class LeapProviderDefinition(baseconfig.JSONLeapConfig): - spec = specs.leap_provider_spec - - def _get_slug(self): - domain = getattr(self, 'domain', None) - if domain: - path = baseconfig.get_provider_path(domain) - else: - path = baseconfig.get_default_provider_path() - - return baseconfig.get_config_file( - 'provider.json', folder=path) - - def _set_slug(self, *args, **kwargs): - raise AttributeError("you cannot set slug") - - slug = property(_get_slug, _set_slug) - - -class LeapProviderSet(object): - # we gather them from the filesystem - # TODO: (MVS+) - def __init__(self): - self.count = 0 diff --git a/src/leap/base/tests/test_auth.py b/src/leap/base/tests/test_auth.py deleted file mode 100644 index b3009a9b..00000000 --- a/src/leap/base/tests/test_auth.py +++ /dev/null @@ -1,58 +0,0 @@ -from BaseHTTPServer import BaseHTTPRequestHandler -import urlparse -try: - import unittest2 as unittest -except ImportError: - import unittest - -import requests -#from mock import Mock - -from leap.base import auth -#from leap.base import exceptions -from leap.eip.tests.test_checks import NoLogRequestHandler -from leap.testing.basetest import BaseLeapTest -from leap.testing.https_server import BaseHTTPSServerTestCase - - -class LeapSRPRegisterTests(BaseHTTPSServerTestCase, BaseLeapTest): - __name__ = "leap_srp_register_test" - provider = "testprovider.example.org" - - class request_handler(NoLogRequestHandler, BaseHTTPRequestHandler): - responses = { - '/': ['OK', '']} - - def do_GET(self): - path = urlparse.urlparse(self.path) - message = '\n'.join(self.responses.get( - path.path, None)) - self.send_response(200) - self.end_headers() - self.wfile.write(message) - - def setUp(self): - pass - - def tearDown(self): - pass - - def test_srp_auth_should_implement_check_methods(self): - SERVER = "https://localhost:8443" - srp_auth = auth.LeapSRPRegister(provider=SERVER, verify=False) - - self.assertTrue(hasattr(srp_auth, "init_session"), - "missing meth") - self.assertTrue(hasattr(srp_auth, "get_registration_uri"), - "missing meth") - self.assertTrue(hasattr(srp_auth, "register_user"), - "missing meth") - - def test_srp_auth_basic_functionality(self): - SERVER = "https://localhost:8443" - srp_auth = auth.LeapSRPRegister(provider=SERVER, verify=False) - - self.assertIsInstance(srp_auth.session, requests.sessions.Session) - self.assertEqual( - srp_auth.get_registration_uri(), - "https://localhost:8443/1/users") diff --git a/src/leap/base/tests/test_checks.py b/src/leap/base/tests/test_checks.py deleted file mode 100644 index 8126755b..00000000 --- a/src/leap/base/tests/test_checks.py +++ /dev/null @@ -1,177 +0,0 @@ -try: - import unittest2 as unittest -except ImportError: - import unittest -import os -import sh - -from mock import (patch, Mock) -from StringIO import StringIO - -from leap.base import checks -from leap.base import exceptions -from leap.testing.basetest import BaseLeapTest - -_uid = os.getuid() - - -class LeapNetworkCheckTest(BaseLeapTest): - __name__ = "leap_network_check_tests" - - def setUp(self): - os.environ['PATH'] += ':/bin' - pass - - def tearDown(self): - pass - - def test_checker_should_implement_check_methods(self): - checker = checks.LeapNetworkChecker() - - self.assertTrue(hasattr(checker, "check_internet_connection"), - "missing meth") - self.assertTrue(hasattr(checker, "check_tunnel_default_interface"), - "missing meth") - self.assertTrue(hasattr(checker, "is_internet_up"), - "missing meth") - self.assertTrue(hasattr(checker, "ping_gateway"), - "missing meth") - self.assertTrue(hasattr(checker, "parse_log_and_react"), - "missing meth") - - def test_checker_should_actually_call_all_tests(self): - checker = checks.LeapNetworkChecker() - mc = Mock() - checker.run_all(checker=mc) - self.assertTrue(mc.check_internet_connection.called, "not called") - self.assertTrue(mc.check_tunnel_default_interface.called, "not called") - self.assertTrue(mc.is_internet_up.called, "not called") - self.assertTrue(mc.parse_log_and_react.called, "not called") - - # ping gateway only called if we pass provider_gw - checker = checks.LeapNetworkChecker(provider_gw="0.0.0.0") - mc = Mock() - checker.run_all(checker=mc) - self.assertTrue(mc.check_internet_connection.called, "not called") - self.assertTrue(mc.check_tunnel_default_interface.called, "not called") - self.assertTrue(mc.ping_gateway.called, "not called") - self.assertTrue(mc.is_internet_up.called, "not called") - self.assertTrue(mc.parse_log_and_react.called, "not called") - - def test_get_default_interface_no_interface(self): - checker = checks.LeapNetworkChecker() - with patch('leap.base.checks.open', create=True) as mock_open: - with self.assertRaises(exceptions.NoDefaultInterfaceFoundError): - mock_open.return_value = StringIO( - "Iface\tDestination Gateway\t" - "Flags\tRefCntd\tUse\tMetric\t" - "Mask\tMTU\tWindow\tIRTT") - checker.get_default_interface_gateway() - - def test_check_tunnel_default_interface(self): - checker = checks.LeapNetworkChecker() - with patch('leap.base.checks.open', create=True) as mock_open: - with self.assertRaises(exceptions.TunnelNotDefaultRouteError): - mock_open.return_value = StringIO( - "Iface\tDestination Gateway\t" - "Flags\tRefCntd\tUse\tMetric\t" - "Mask\tMTU\tWindow\tIRTT\n" - "wlan0\t00000000\t0102A8C0\t" - "0003\t0\t0\t0\t00000000\t0\t0\t0") - checker.check_tunnel_default_interface() - - with patch('leap.base.checks.open', create=True) as mock_open: - mock_open.return_value = StringIO( - "Iface\tDestination Gateway\t" - "Flags\tRefCntd\tUse\tMetric\t" - "Mask\tMTU\tWindow\tIRTT\n" - "tun0\t00000000\t01002A0A\t0003\t0\t0\t0\t00000080\t0\t0\t0") - checker.check_tunnel_default_interface() - - def test_ping_gateway_fail(self): - checker = checks.LeapNetworkChecker() - with patch.object(sh, "ping") as mocked_ping: - with self.assertRaises(exceptions.NoConnectionToGateway): - mocked_ping.return_value = Mock - mocked_ping.return_value.stdout = "11% packet loss" - checker.ping_gateway("4.2.2.2") - - def test_ping_gateway(self): - checker = checks.LeapNetworkChecker() - with patch.object(sh, "ping") as mocked_ping: - mocked_ping.return_value = Mock - mocked_ping.return_value.stdout = """ -PING 4.2.2.2 (4.2.2.2) 56(84) bytes of data. -64 bytes from 4.2.2.2: icmp_req=1 ttl=54 time=33.8 ms -64 bytes from 4.2.2.2: icmp_req=2 ttl=54 time=30.6 ms -64 bytes from 4.2.2.2: icmp_req=3 ttl=54 time=31.4 ms -64 bytes from 4.2.2.2: icmp_req=4 ttl=54 time=36.1 ms -64 bytes from 4.2.2.2: icmp_req=5 ttl=54 time=30.8 ms -64 bytes from 4.2.2.2: icmp_req=6 ttl=54 time=30.4 ms -64 bytes from 4.2.2.2: icmp_req=7 ttl=54 time=30.7 ms -64 bytes from 4.2.2.2: icmp_req=8 ttl=54 time=32.7 ms -64 bytes from 4.2.2.2: icmp_req=9 ttl=54 time=31.4 ms -64 bytes from 4.2.2.2: icmp_req=10 ttl=54 time=33.3 ms - ---- 4.2.2.2 ping statistics --- -10 packets transmitted, 10 received, 0% packet loss, time 9016ms -rtt min/avg/max/mdev = 30.497/32.172/36.161/1.755 ms""" - checker.ping_gateway("4.2.2.2") - - def test_check_internet_connection_failures(self): - checker = checks.LeapNetworkChecker() - TimeoutError = get_ping_timeout_error() - with patch.object(sh, "ping") as mocked_ping: - mocked_ping.side_effect = TimeoutError - with self.assertRaises(exceptions.NoInternetConnection): - with patch.object(checker, "ping_gateway") as mock_gateway: - mock_gateway.side_effect = exceptions.NoConnectionToGateway - checker.check_internet_connection() - - with patch.object(sh, "ping") as mocked_ping: - mocked_ping.side_effect = TimeoutError - with self.assertRaises(exceptions.NoInternetConnection): - with patch.object(checker, "ping_gateway") as mock_gateway: - mock_gateway.return_value = True - checker.check_internet_connection() - - def test_parse_log_and_react(self): - checker = checks.LeapNetworkChecker() - to_call = Mock() - log = [("leap.openvpn - INFO - Mon Nov 19 13:36:24 2012 " - "read UDPv4 [ECONNREFUSED]: Connection refused (code=111)")] - err_matrix = [(checks.EVENT_CONNECT_REFUSED, (to_call, ))] - checker.parse_log_and_react(log, err_matrix) - self.assertTrue(to_call.called) - - log = [("2012-11-19 13:36:26,177 - leap.openvpn - INFO - " - "Mon Nov 19 13:36:24 2012 ERROR: Linux route delete command " - "failed: external program exited"), - ("2012-11-19 13:36:26,178 - leap.openvpn - INFO - " - "Mon Nov 19 13:36:24 2012 ERROR: Linux route delete command " - "failed: external program exited"), - ("2012-11-19 13:36:26,180 - leap.openvpn - INFO - " - "Mon Nov 19 13:36:24 2012 ERROR: Linux route delete command " - "failed: external program exited"), - ("2012-11-19 13:36:26,181 - leap.openvpn - INFO - " - "Mon Nov 19 13:36:24 2012 /sbin/ifconfig tun0 0.0.0.0"), - ("2012-11-19 13:36:26,182 - leap.openvpn - INFO - " - "Mon Nov 19 13:36:24 2012 Linux ip addr del failed: external " - "program exited with error stat"), - ("2012-11-19 13:36:26,183 - leap.openvpn - INFO - " - "Mon Nov 19 13:36:26 2012 SIGTERM[hard,] received, process" - "exiting"), ] - to_call.reset_mock() - checker.parse_log_and_react(log, err_matrix) - self.assertFalse(to_call.called) - - to_call.reset_mock() - checker.parse_log_and_react([], err_matrix) - self.assertFalse(to_call.called) - - -def get_ping_timeout_error(): - try: - sh.ping("-c", "1", "-w", "1", "8.8.7.7") - except Exception as e: - return e diff --git a/src/leap/base/tests/test_config.py b/src/leap/base/tests/test_config.py deleted file mode 100644 index d03149b2..00000000 --- a/src/leap/base/tests/test_config.py +++ /dev/null @@ -1,247 +0,0 @@ -import json -import os -import platform -import socket -#import tempfile - -import mock -import requests - -from leap.base import config -from leap.base import constants -from leap.base import exceptions -from leap.eip import constants as eipconstants -from leap.util.fileutil import mkdir_p -from leap.testing.basetest import BaseLeapTest - - -try: - import unittest2 as unittest -except ImportError: - import unittest - -_system = platform.system() - - -class JSONLeapConfigTest(BaseLeapTest): - def setUp(self): - pass - - def tearDown(self): - pass - - def test_metaclass(self): - with self.assertRaises(exceptions.ImproperlyConfigured) as exc: - class DummyTestConfig(config.JSONLeapConfig): - __metaclass__ = config.MetaConfigWithSpec - exc.startswith("missing spec dict") - - class DummyTestConfig(config.JSONLeapConfig): - __metaclass__ = config.MetaConfigWithSpec - spec = {'properties': {}} - with self.assertRaises(exceptions.ImproperlyConfigured) as exc: - DummyTestConfig() - exc.startswith("missing slug") - - class DummyTestConfig(config.JSONLeapConfig): - __metaclass__ = config.MetaConfigWithSpec - spec = {'properties': {}} - slug = "foo" - DummyTestConfig() - -######################################3 -# -# provider fetch tests block -# - - -class ProviderTest(BaseLeapTest): - # override per test fixtures - - def setUp(self): - pass - - def tearDown(self): - pass - - -# XXX depreacated. similar test in eip.checks - -#class BareHomeTestCase(ProviderTest): -# - #__name__ = "provider_config_tests_bare_home" -# - #def test_should_raise_if_missing_eip_json(self): - #with self.assertRaises(exceptions.MissingConfigFileError): - #config.get_config_json(os.path.join(self.home, 'eip.json')) - - -class ProviderDefinitionTestCase(ProviderTest): - # XXX MOVE TO eip.test_checks - # -- kali 2012-08-24 00:38 - - __name__ = "provider_config_tests" - - def setUp(self): - # dump a sample eip file - # XXX Move to Use EIP Spec Instead!!! - # XXX tests to be moved to eip.checks and eip.providers - # XXX can use eipconfig.dump_default_eipconfig - - path = os.path.join(self.home, '.config', 'leap') - mkdir_p(path) - with open(os.path.join(path, 'eip.json'), 'w') as fp: - json.dump(eipconstants.EIP_SAMPLE_JSON, fp) - - -# these tests below should move to -# eip.checks -# config.Configuration has been deprecated - -# TODO: -# - We're instantiating a ProviderTest because we're doing the home wipeoff -# on setUpClass instead of the setUp (for speedup of the general cases). - -# We really should be testing all of them in the same testCase, and -# doing an extra wipe of the tempdir... but be careful!!!! do not mess with -# os.environ home more than needed... that could potentially bite! - -# XXX actually, another thing to fix here is separating tests: -# - test that requests has been called. -# - check deeper for error types/msgs - -# we SHOULD inject requests dep in the constructor -# (so we can pass mock easily). - - -#class ProviderFetchConError(ProviderTest): - #def test_connection_error(self): - #with mock.patch.object(requests, "get") as mock_method: - #mock_method.side_effect = requests.ConnectionError - #cf = config.Configuration() - #self.assertIsInstance(cf.error, str) -# -# -#class ProviderFetchHttpError(ProviderTest): - #def test_file_not_found(self): - #with mock.patch.object(requests, "get") as mock_method: - #mock_method.side_effect = requests.HTTPError - #cf = config.Configuration() - #self.assertIsInstance(cf.error, str) -# -# -#class ProviderFetchInvalidUrl(ProviderTest): - #def test_invalid_url(self): - #cf = config.Configuration("ht") - #self.assertTrue(cf.error) - - -# end provider fetch tests -########################################### - - -class ConfigHelperFunctions(BaseLeapTest): - - __name__ = "config_helper_tests" - - def setUp(self): - pass - - def tearDown(self): - pass - - # tests - - @unittest.skipUnless(_system == "Linux", "linux only") - def test_lin_get_config_file(self): - """ - config file path where expected? (linux) - """ - self.assertEqual( - config.get_config_file( - 'test', folder="foo/bar"), - os.path.expanduser( - '~/.config/leap/foo/bar/test') - ) - - @unittest.skipUnless(_system == "Darwin", "mac only") - def test_mac_get_config_file(self): - """ - config file path where expected? (mac) - """ - self._missing_test_for_plat(do_raise=True) - - @unittest.skipUnless(_system == "Windows", "win only") - def test_win_get_config_file(self): - """ - config file path where expected? - """ - self._missing_test_for_plat(do_raise=True) - - # - # XXX hey, I'm raising exceptions here - # on purpose. just wanted to make sure - # that the skip stuff is doing it right. - # If you're working on win/macos tests, - # feel free to remove tests that you see - # are too redundant. - - @unittest.skipUnless(_system == "Linux", "linux only") - def test_lin_get_config_dir(self): - """ - nice config dir? (linux) - """ - self.assertEqual( - config.get_config_dir(), - os.path.expanduser('~/.config/leap')) - - @unittest.skipUnless(_system == "Darwin", "mac only") - def test_mac_get_config_dir(self): - """ - nice config dir? (mac) - """ - self._missing_test_for_plat(do_raise=True) - - @unittest.skipUnless(_system == "Windows", "win only") - def test_win_get_config_dir(self): - """ - nice config dir? (win) - """ - self._missing_test_for_plat(do_raise=True) - - # provider paths - - @unittest.skipUnless(_system == "Linux", "linux only") - def test_get_default_provider_path(self): - """ - is default provider path ok? - """ - self.assertEqual( - config.get_default_provider_path(), - os.path.expanduser( - '~/.config/leap/providers/%s/' % - constants.DEFAULT_PROVIDER) - ) - - # validate ip - - def test_validate_ip(self): - """ - check our ip validation - """ - config.validate_ip('3.3.3.3') - with self.assertRaises(socket.error): - config.validate_ip('255.255.255.256') - with self.assertRaises(socket.error): - config.validate_ip('foobar') - - @unittest.skip - def test_validate_domain(self): - """ - code to be written yet - """ - raise NotImplementedError - - -if __name__ == "__main__": - unittest.main() diff --git a/src/leap/base/tests/test_providers.py b/src/leap/base/tests/test_providers.py deleted file mode 100644 index 92bc1f2f..00000000 --- a/src/leap/base/tests/test_providers.py +++ /dev/null @@ -1,148 +0,0 @@ -import copy -import json -try: - import unittest2 as unittest -except ImportError: - import unittest -import os - -from leap.base.pluggableconfig import ValidationError -from leap.testing.basetest import BaseLeapTest -from leap.base import providers - - -EXPECTED_DEFAULT_CONFIG = { - u"api_version": u"0.1.0", - #u"description": "LEAPTranslatable<{u'en': u'Test provider'}>", - u"description": {u'en': u'Test provider'}, - u"default_language": u"en", - #u"display_name": {u'en': u"Test Provider"}, - u"domain": u"testprovider.example.org", - #u'name': "LEAPTranslatable<{u'en': u'Test Provider'}>", - u'name': {u'en': u'Test Provider'}, - u"enrollment_policy": u"open", - #u"serial": 1, - u"services": [ - u"eip" - ], - u"languages": [u"en"], - u"version": u"0.1.0" -} - - -class TestLeapProviderDefinition(BaseLeapTest): - def setUp(self): - self.domain = "testprovider.example.org" - self.definition = providers.LeapProviderDefinition( - domain=self.domain) - self.definition.save(force=True) - self.definition.load() # why have to load after save?? - self.config = self.definition.config - - def tearDown(self): - if hasattr(self, 'testfile') and os.path.isfile(self.testfile): - os.remove(self.testfile) - - # tests - - # XXX most of these tests can be made more abstract - # and moved to test_baseconfig *triangulate!* - - def test_provider_slug_property(self): - slug = self.definition.slug - self.assertEquals( - slug, - os.path.join( - self.home, - '.config', 'leap', 'providers', - '%s' % self.domain, - 'provider.json')) - with self.assertRaises(AttributeError): - self.definition.slug = 23 - - def test_provider_dump(self): - # check a good provider definition is dumped to disk - self.testfile = self.get_tempfile('test.json') - self.definition.save(to=self.testfile, force=True) - deserialized = json.load(open(self.testfile, 'rb')) - self.maxDiff = None - #import ipdb;ipdb.set_trace() - self.assertEqual(deserialized, EXPECTED_DEFAULT_CONFIG) - - def test_provider_dump_to_slug(self): - # same as above, but we test the ability to save to a - # file generated from the slug. - # XXX THIS TEST SHOULD MOVE TO test_baseconfig - self.definition.save() - filename = self.definition.filename - self.assertTrue(os.path.isfile(filename)) - deserialized = json.load(open(filename, 'rb')) - self.assertEqual(deserialized, EXPECTED_DEFAULT_CONFIG) - - def test_provider_load(self): - # check loading provider from disk file - self.testfile = self.get_tempfile('test_load.json') - with open(self.testfile, 'w') as wf: - wf.write(json.dumps(EXPECTED_DEFAULT_CONFIG)) - self.definition.load(fromfile=self.testfile) - #self.assertDictEqual(self.config, - #EXPECTED_DEFAULT_CONFIG) - self.assertItemsEqual(self.config, EXPECTED_DEFAULT_CONFIG) - - def test_provider_validation(self): - self.definition.validate(self.config) - _config = copy.deepcopy(self.config) - # bad type, raise validation error - _config['domain'] = 111 - with self.assertRaises(ValidationError): - self.definition.validate(_config) - - @unittest.skip - def test_load_malformed_json_definition(self): - raise NotImplementedError - - @unittest.skip - def test_type_validation(self): - # check various type validation - # type cast - raise NotImplementedError - - -class TestLeapProviderSet(BaseLeapTest): - - def setUp(self): - self.providers = providers.LeapProviderSet() - - def tearDown(self): - pass - ### - - def test_get_zero_count(self): - self.assertEqual(self.providers.count, 0) - - @unittest.skip - def test_count_defined_providers(self): - # check the method used for making - # the list of providers - raise NotImplementedError - - @unittest.skip - def test_get_default_provider(self): - raise NotImplementedError - - @unittest.skip - def test_should_be_at_least_one_provider_after_init(self): - # when we init an empty environment, - # there should be at least one provider, - # that will be a dump of the default provider definition - # somehow a high level test - raise NotImplementedError - - @unittest.skip - def test_get_eip_remote_from_default_provider(self): - # from: default provider - # expect: remote eip domain - raise NotImplementedError - -if __name__ == "__main__": - unittest.main() diff --git a/src/leap/base/tests/test_validation.py b/src/leap/base/tests/test_validation.py deleted file mode 100644 index b45fbe3a..00000000 --- a/src/leap/base/tests/test_validation.py +++ /dev/null @@ -1,93 +0,0 @@ -import copy -import datetime -from functools import partial -#import json -try: - import unittest2 as unittest -except ImportError: - import unittest -import os - -from leap.base.config import JSONLeapConfig -from leap.base import pluggableconfig -from leap.testing.basetest import BaseLeapTest - -SAMPLE_CONFIG_DICT = { - 'prop_one': 1, - 'prop_uri': "http://example.org", - 'prop_date': '2012-12-12', -} - -EXPECTED_CONFIG = { - 'prop_one': 1, - 'prop_uri': "http://example.org", - 'prop_date': datetime.datetime(2012, 12, 12) -} - -sample_spec = { - 'description': 'sample schema definition', - 'type': 'object', - 'properties': { - 'prop_one': { - 'type': int, - 'default': 1, - 'required': True - }, - 'prop_uri': { - 'type': str, - 'default': 'http://example.org', - 'required': True, - 'format': 'uri' - }, - 'prop_date': { - 'type': str, - 'default': '2012-12-12', - 'format': 'date' - } - } -} - - -class SampleConfig(JSONLeapConfig): - spec = sample_spec - - @property - def slug(self): - return os.path.expanduser('~/sampleconfig.json') - - -class TestJSONLeapConfigValidation(BaseLeapTest): - def setUp(self): - self.sampleconfig = SampleConfig() - self.sampleconfig.save() - self.sampleconfig.load() - self.config = self.sampleconfig.config - - def tearDown(self): - if hasattr(self, 'testfile') and os.path.isfile(self.testfile): - os.remove(self.testfile) - - # tests - - def test_good_validation(self): - self.sampleconfig.validate(SAMPLE_CONFIG_DICT) - - def test_broken_int(self): - _config = copy.deepcopy(SAMPLE_CONFIG_DICT) - _config['prop_one'] = '1' - self.assertRaises( - pluggableconfig.ValidationError, - partial(self.sampleconfig.validate, _config)) - - def test_format_property(self): - # JsonSchema Validator does not check the format property. - # We should have to extend the Configuration class - blah = copy.deepcopy(SAMPLE_CONFIG_DICT) - blah['prop_uri'] = 'xxx' - self.assertRaises( - pluggableconfig.TypeCastException, - partial(self.sampleconfig.validate, blah)) - - -if __name__ == "__main__": - unittest.main() diff --git a/src/leap/baseapp/constants.py b/src/leap/baseapp/constants.py deleted file mode 100644 index e312be21..00000000 --- a/src/leap/baseapp/constants.py +++ /dev/null @@ -1,6 +0,0 @@ -# This timer used for polling vpn manager state. - -# XXX what is an optimum polling interval? -# too little will be overkill, too much will -# miss transition states. -TIMER_MILLISECONDS = 250.0 diff --git a/src/leap/baseapp/dialogs.py b/src/leap/baseapp/dialogs.py deleted file mode 100644 index d256fc99..00000000 --- a/src/leap/baseapp/dialogs.py +++ /dev/null @@ -1,61 +0,0 @@ -# vim: tabstop=8 expandtab shiftwidth=4 softtabstop=4 -import logging - -from PyQt4.QtGui import (QDialog, QFrame, QPushButton, QLabel, QMessageBox) - -logger = logging.getLogger(name=__name__) - - -class ErrorDialog(QDialog): - def __init__(self, parent=None, errtype=None, msg=None, label=None): - super(ErrorDialog, self).__init__(parent) - frameStyle = QFrame.Sunken | QFrame.Panel - self.warningLabel = QLabel() - self.warningLabel.setFrameStyle(frameStyle) - self.warningButton = QPushButton("QMessageBox.&warning()") - - if msg is not None: - self.msg = msg - if label is not None: - self.label = label - if errtype == "critical": - self.criticalMessage(self.msg, self.label) - - def warningMessage(self, msg, label): - msgBox = QMessageBox(QMessageBox.Warning, - "LEAP Client Error", - msg, - QMessageBox.NoButton, self) - msgBox.addButton("&Ok", QMessageBox.AcceptRole) - if msgBox.exec_() == QMessageBox.AcceptRole: - pass - # do whatever we want to do after - # closing the dialog. we can pass that - # in the constructor - - def criticalMessage(self, msg, label): - msgBox = QMessageBox(QMessageBox.Critical, - "LEAP Client Error", - msg, - QMessageBox.NoButton, self) - msgBox.addButton("&Ok", QMessageBox.AcceptRole) - msgBox.exec_() - - # It's critical, so we exit. - # We should better emit a signal and connect it - # with the proper shutdownAndQuit method, but - # this suffices for now. - logger.info('Quitting') - import sys - sys.exit() - - def confirmMessage(self, msg, label, action): - msgBox = QMessageBox(QMessageBox.Critical, - self.tr("LEAP Client Error"), - msg, - QMessageBox.NoButton, self) - msgBox.addButton("&Ok", QMessageBox.AcceptRole) - msgBox.addButton("&Cancel", QMessageBox.RejectRole) - - if msgBox.exec_() == QMessageBox.AcceptRole: - action() diff --git a/src/leap/baseapp/eip.py b/src/leap/baseapp/eip.py deleted file mode 100644 index b34cc82e..00000000 --- a/src/leap/baseapp/eip.py +++ /dev/null @@ -1,243 +0,0 @@ -from __future__ import print_function -import logging -import time -#import sys - -from PyQt4 import QtCore - -from leap.baseapp.dialogs import ErrorDialog -from leap.baseapp import constants -from leap.eip import exceptions as eip_exceptions -from leap.eip.eipconnection import EIPConnection -from leap.base.checks import EVENT_CONNECT_REFUSED -from leap.util import geo - -logger = logging.getLogger(name=__name__) - - -class EIPConductorAppMixin(object): - """ - initializes an instance of EIPConnection, - gathers errors, and passes status-change signals - from Qt land along to the conductor. - Connects the eip connect/disconnect logic - to the switches in the app (buttons/menu items). - """ - ERR_DIALOG = False - - def __init__(self, *args, **kwargs): - opts = kwargs.pop('opts') - config_file = getattr(opts, 'config_file', None) - provider = kwargs.pop('provider') - - self.eip_service_started = False - - # conductor (eip connection) is in charge of all - # vpn-related configuration / monitoring. - # we pass a tuple of signals that will be - # triggered when status changes. - - self.conductor = EIPConnection( - watcher_cb=self.newLogLine.emit, - config_file=config_file, - checker_signals=(self.eipStatusChange.emit, ), - status_signals=(self.openvpnStatusChange.emit, ), - debug=self.debugmode, - ovpn_verbosity=opts.openvpn_verb, - provider=provider) - - # Do we want to enable the skip checks w/o being - # in debug mode?? - #self.skip_download = opts.no_provider_checks - #self.skip_verify = opts.no_ca_verify - self.skip_download = False - self.skip_verify = False - - def run_eip_checks(self): - """ - runs eip checks and - the error checking loop - """ - logger.debug('running EIP CHECKS') - self.conductor.run_checks( - skip_download=self.skip_download, - skip_verify=self.skip_verify) - self.error_check() - - self.start_eipconnection.emit() - - def error_check(self): - """ - consumes the conductor error queue. - pops errors, and acts accordingly (launching user dialogs). - """ - logger.debug('error check') - - errq = self.conductor.error_queue - while errq.qsize() != 0: - logger.debug('%s errors left in conductor queue', errq.qsize()) - # we get exception and original traceback from queue - error, tb = errq.get() - - # redundant log, debugging the loop. - logger.error('%s: %s', error.__class__.__name__, error.message) - - if issubclass(error.__class__, eip_exceptions.EIPClientError): - self.triggerEIPError.emit(error) - - else: - # deprecated form of raising exception. - raise error, None, tb - - if error.failfirst is True: - break - - @QtCore.pyqtSlot(object) - def onEIPError(self, error): - """ - check severity and launches - dialogs informing user about the errors. - in the future we plan to derive errors to - our log viewer. - """ - if self.ERR_DIALOG: - logger.warning('another error dialog suppressed') - return - - # XXX this is actually a one-shot. - # On the dialog there should be - # a reset signal binded to the ok button - # or something like that. - self.ERR_DIALOG = True - - if getattr(error, 'usermessage', None): - message = error.usermessage - else: - message = error.message - - # XXX - # check headless = False before - # launching dialog. - # (so Qt tests can assert stuff) - - if error.critical: - logger.critical(error.message) - #critical error (non recoverable), - #we give user some info and quit. - #(critical error dialog will exit app) - ErrorDialog(errtype="critical", - msg=message, - label="critical error") - - elif error.warning: - logger.warning(error.message) - - else: - dialog = ErrorDialog() - dialog.warningMessage(message, 'error') - - @QtCore.pyqtSlot() - def statusUpdate(self): - """ - polls status and updates ui with real time - info about transferred bytes / connection state. - right now is triggered by a timer tick - (timer controlled by StatusAwareTrayIcon class) - """ - # TODO I guess it's too expensive to poll - # continously. move to signal events instead. - # (i.e., subscribe to connection status changes - # from openvpn manager) - - if not self.eip_service_started: - # there is a race condition - # going on here. Depending on how long we take - # to init the qt app, the management socket - # is not ready yet. - return - - #if self.conductor.with_errors: - #XXX how to wait on pkexec??? - #something better that this workaround, plz!! - #I removed the pkexec pass authentication at all. - #time.sleep(5) - #logger.debug('timeout') - #logger.error('errors. disconnect') - #self.start_or_stopVPN() # is stop - - state = self.conductor.poll_connection_state() - if not state: - return - - ts, con_status, ok, ip, remote = state - self.set_statusbarMessage(con_status) - self.setIconToolTip() - - ts = time.strftime("%a %b %d %X", ts) - if self.debugmode: - self.updateTS.setText(ts) - self.status_label.setText(con_status) - self.ip_label.setText(ip) - self.remote_label.setText(remote) - self.remote_country.setText( - geo.get_country_name(remote)) - - # status i/o - - status = self.conductor.get_status_io() - if status and self.debugmode: - #XXX move this to systray menu indicators - ts, (tun_read, tun_write, tcp_read, tcp_write, auth_read) = status - ts = time.strftime("%a %b %d %X", ts) - self.updateTS.setText(ts) - self.tun_read_bytes.setText(tun_read) - self.tun_write_bytes.setText(tun_write) - - # connection information via management interface - log = self.conductor.get_log() - error_matrix = [(EVENT_CONNECT_REFUSED, (self.start_or_stopVPN, ))] - if hasattr(self.network_checker, 'checker'): - self.network_checker.checker.parse_log_and_react(log, error_matrix) - - @QtCore.pyqtSlot() - def start_or_stopVPN(self, **kwargs): - """ - stub for running child process with vpn - """ - if self.conductor.has_errors(): - logger.debug('not starting vpn; conductor has errors') - return - - if self.eip_service_started is False: - try: - self.conductor.connect() - - except eip_exceptions.EIPNoCommandError as exc: - logger.error('tried to run openvpn but no command is set') - self.triggerEIPError.emit(exc) - - except Exception as err: - # raise generic exception (Bad Thing Happened?) - logger.exception(err) - else: - # no errors, so go on. - if self.debugmode: - self.startStopButton.setText(self.tr('&Disconnect')) - self.eip_service_started = True - self.toggleEIPAct() - - # XXX decouple! (timer is init by icons class). - # we could bring Timer Init to this Mixin - # or to its own Mixin. - self.timer.start(constants.TIMER_MILLISECONDS) - return - - if self.eip_service_started is True: - self.network_checker.stop() - self.conductor.disconnect() - if self.debugmode: - self.startStopButton.setText(self.tr('&Connect')) - self.eip_service_started = False - self.toggleEIPAct() - self.timer.stop() - return diff --git a/src/leap/baseapp/leap_app.py b/src/leap/baseapp/leap_app.py deleted file mode 100644 index 4d3aebd6..00000000 --- a/src/leap/baseapp/leap_app.py +++ /dev/null @@ -1,153 +0,0 @@ -import logging - -import sip -sip.setapi('QVariant', 2) - -from PyQt4 import QtCore -from PyQt4 import QtGui - -from leap.gui import mainwindow_rc - -logger = logging.getLogger(name=__name__) - - -APP_LOGO = ':/images/leap-color-small.png' - - -class MainWindowMixin(object): - """ - create the main window - for leap app - """ - - def __init__(self, *args, **kwargs): - # XXX set initial visibility - # debug = no visible - - widget = QtGui.QWidget() - self.setCentralWidget(widget) - - mainLayout = QtGui.QVBoxLayout() - # add widgets to layout - #self.createWindowHeader() - #mainLayout.addWidget(self.headerBox) - - # created in systray - mainLayout.addWidget(self.statusIconBox) - if self.debugmode: - mainLayout.addWidget(self.statusBox) - mainLayout.addWidget(self.loggerBox) - widget.setLayout(mainLayout) - - self.createMainActions() - self.createMainMenus() - - self.setWindowTitle("LEAP Client") - self.set_app_icon() - self.set_statusbarMessage('ready') - - def createMainActions(self): - #self.openAct = QtGui.QAction("&Open...", self, shortcut="Ctrl+O", - #triggered=self.open) - - self.firstRunWizardAct = QtGui.QAction( - "&First run wizard...", self, - triggered=self.stop_connection_and_launch_first_run_wizard) - self.aboutAct = QtGui.QAction("&About", self, triggered=self.about) - - #self.aboutQtAct = QtGui.QAction("About &Qt", self, - #triggered=QtGui.qApp.aboutQt) - - def createMainMenus(self): - self.connMenu = QtGui.QMenu("&Connections", self) - #self.viewMenu.addSeparator() - self.connMenu.addAction(self.quitAction) - - self.settingsMenu = QtGui.QMenu("&Settings", self) - self.settingsMenu.addAction(self.firstRunWizardAct) - - self.helpMenu = QtGui.QMenu("&Help", self) - self.helpMenu.addAction(self.aboutAct) - #self.helpMenu.addAction(self.aboutQtAct) - - self.menuBar().addMenu(self.connMenu) - self.menuBar().addMenu(self.settingsMenu) - self.menuBar().addMenu(self.helpMenu) - - def stop_connection_and_launch_first_run_wizard(self): - settings = QtCore.QSettings() - settings.setValue('FirstRunWizardDone', False) - logger.debug('should run first run wizard again...') - - status = self.conductor.get_icon_name() - if status != "disconnected": - self.start_or_stopVPN() - - self.launch_first_run_wizard() - #from leap.gui.firstrunwizard import FirstRunWizard - #wizard = FirstRunWizard( - #parent=self, - #success_cb=self.initReady.emit) - #wizard.show() - - def set_app_icon(self): - icon = QtGui.QIcon(APP_LOGO) - self.setWindowIcon(icon) - - #def createWindowHeader(self): - #""" - #description lines for main window - #""" - #self.headerBox = QtGui.QGroupBox() - #self.headerLabel = QtGui.QLabel( - #"<font size=40>LEAP Encryption Access Project</font>") - #self.headerLabelSub = QtGui.QLabel( - #"<br><i>your internet encryption toolkit</i>") -# - #pixmap = QtGui.QPixmap(APP_LOGO) - #leap_lbl = QtGui.QLabel() - #leap_lbl.setPixmap(pixmap) -# - #headerLayout = QtGui.QHBoxLayout() - #headerLayout.addWidget(leap_lbl) - #headerLayout.addWidget(self.headerLabel) - #headerLayout.addWidget(self.headerLabelSub) - #headerLayout.addStretch() - #self.headerBox.setLayout(headerLayout) - - def set_statusbarMessage(self, msg): - self.statusBar().showMessage(msg) - - def closeEvent(self, event): - """ - redefines close event (persistent window behaviour) - """ - if self.trayIcon.isVisible() and not self.debugmode: - QtGui.QMessageBox.information( - self, "Systray", - "The program will keep running " - "in the system tray. To " - "terminate the program, choose " - "<b>Quit</b> in the " - "context menu of the system tray entry.") - self.hide() - event.ignore() - return - self.cleanupAndQuit() - - def cleanupAndQuit(self): - """ - cleans state before shutting down app. - """ - # save geometry for restoring - settings = QtCore.QSettings() - geom_key = "DebugGeometry" if self.debugmode else "Geometry" - settings.setValue(geom_key, self.saveGeometry()) - - # TODO:make sure to shutdown all child process / threads - # in conductor - # XXX send signal instead? - logger.info('Shutting down') - self.conductor.disconnect(shutdown=True) - logger.info('Exiting. Bye.') - QtGui.qApp.quit() diff --git a/src/leap/baseapp/log.py b/src/leap/baseapp/log.py deleted file mode 100644 index 636e5bae..00000000 --- a/src/leap/baseapp/log.py +++ /dev/null @@ -1,69 +0,0 @@ -import logging - -from PyQt4 import QtGui -from PyQt4 import QtCore - -vpnlogger = logging.getLogger('leap.openvpn') - - -class LogPaneMixin(object): - """ - a simple log pane - that writes new lines as they come - """ - EXCLUDES = ('MANAGEMENT',) - - def createLogBrowser(self): - """ - creates Browser widget for displaying logs - (in debug mode only). - """ - self.loggerBox = QtGui.QGroupBox() - logging_layout = QtGui.QVBoxLayout() - self.logbrowser = QtGui.QTextBrowser() - - startStopButton = QtGui.QPushButton(self.tr("&Connect")) - self.startStopButton = startStopButton - - logging_layout.addWidget(self.logbrowser) - logging_layout.addWidget(self.startStopButton) - self.loggerBox.setLayout(logging_layout) - - # status box - - self.statusBox = QtGui.QGroupBox() - grid = QtGui.QGridLayout() - - self.updateTS = QtGui.QLabel('') - self.status_label = QtGui.QLabel(self.tr('Disconnected')) - self.ip_label = QtGui.QLabel('') - self.remote_label = QtGui.QLabel('') - self.remote_country = QtGui.QLabel('') - - tun_read_label = QtGui.QLabel("tun read") - self.tun_read_bytes = QtGui.QLabel("0") - tun_write_label = QtGui.QLabel("tun write") - self.tun_write_bytes = QtGui.QLabel("0") - - grid.addWidget(self.updateTS, 0, 0) - grid.addWidget(self.status_label, 0, 1) - grid.addWidget(self.ip_label, 1, 0) - grid.addWidget(self.remote_label, 1, 1) - grid.addWidget(self.remote_country, 2, 1) - grid.addWidget(tun_read_label, 3, 0) - grid.addWidget(self.tun_read_bytes, 3, 1) - grid.addWidget(tun_write_label, 4, 0) - grid.addWidget(self.tun_write_bytes, 4, 1) - - self.statusBox.setLayout(grid) - - @QtCore.pyqtSlot(str) - def onLoggerNewLine(self, line): - """ - simple slot: writes new line to logger Pane. - """ - msg = line[:-1] - if self.debugmode and all(map(lambda w: w not in msg, - LogPaneMixin.EXCLUDES)): - self.logbrowser.append(msg) - vpnlogger.info(msg) diff --git a/src/leap/baseapp/mainwindow.py b/src/leap/baseapp/mainwindow.py deleted file mode 100644 index 91b0dc61..00000000 --- a/src/leap/baseapp/mainwindow.py +++ /dev/null @@ -1,191 +0,0 @@ -# vim: set fileencoding=utf-8 : -#!/usr/bin/env python -import logging - -import sip -sip.setapi('QString', 2) -sip.setapi('QVariant', 2) - -from PyQt4 import QtCore -from PyQt4 import QtGui - -from leap.baseapp.eip import EIPConductorAppMixin -from leap.baseapp.log import LogPaneMixin -from leap.baseapp.systray import StatusAwareTrayIconMixin -from leap.baseapp.network import NetworkCheckerAppMixin -from leap.baseapp.leap_app import MainWindowMixin -from leap.eip.checks import ProviderCertChecker -from leap.gui.threads import FunThread - -logger = logging.getLogger(name=__name__) - - -class LeapWindow(QtGui.QMainWindow, - MainWindowMixin, EIPConductorAppMixin, - StatusAwareTrayIconMixin, - NetworkCheckerAppMixin, - LogPaneMixin): - """ - main window for the leap app. - Initializes all of its base classes - We keep here some signal initialization - that gets tricky otherwise. - """ - - # signals - - newLogLine = QtCore.pyqtSignal([str]) - mainappReady = QtCore.pyqtSignal([]) - initReady = QtCore.pyqtSignal([]) - networkError = QtCore.pyqtSignal([object]) - triggerEIPError = QtCore.pyqtSignal([object]) - start_eipconnection = QtCore.pyqtSignal([]) - shutdownSignal = QtCore.pyqtSignal([]) - initNetworkChecker = QtCore.pyqtSignal([]) - - # this is status change got from openvpn management - openvpnStatusChange = QtCore.pyqtSignal([object]) - # this is global eip status - eipStatusChange = QtCore.pyqtSignal([str]) - - def __init__(self, opts): - logger.debug('init leap window') - self.debugmode = getattr(opts, 'debug', False) - super(LeapWindow, self).__init__() - if self.debugmode: - self.createLogBrowser() - - settings = QtCore.QSettings() - self.provider_domain = settings.value("provider_domain", None) - self.username = settings.value("username", None) - - logger.debug('provider: %s', self.provider_domain) - logger.debug('username: %s', self.username) - - provider = self.provider_domain - EIPConductorAppMixin.__init__( - self, opts=opts, provider=provider) - StatusAwareTrayIconMixin.__init__(self) - - # XXX network checker should probably not - # trigger run_checks on init... but wait - # for ready signal instead... - NetworkCheckerAppMixin.__init__(self, provider=provider) - MainWindowMixin.__init__(self) - - geom_key = "DebugGeometry" if self.debugmode else "Geometry" - geom = settings.value(geom_key) - if geom: - self.restoreGeometry(geom) - - # XXX check for wizard - self.wizard_done = settings.value("FirstRunWizardDone") - - self.initchecks = FunThread(self.run_eip_checks) - - # bind signals - self.initchecks.finished.connect( - lambda: logger.debug('Initial checks thread finished')) - self.trayIcon.activated.connect(self.iconActivated) - self.newLogLine.connect( - lambda line: self.onLoggerNewLine(line)) - self.timer.timeout.connect( - lambda: self.onTimerTick()) - self.networkError.connect( - lambda exc: self.onNetworkError(exc)) - self.triggerEIPError.connect( - lambda exc: self.onEIPError(exc)) - - if self.debugmode: - self.startStopButton.clicked.connect( - lambda: self.start_or_stopVPN()) - self.start_eipconnection.connect( - self.do_start_eipconnection) - self.shutdownSignal.connect( - self.cleanupAndQuit) - self.initNetworkChecker.connect( - lambda: self.init_network_checker(self.conductor.provider)) - - # status change. - # TODO unify - self.openvpnStatusChange.connect( - lambda status: self.onOpenVPNStatusChange(status)) - self.eipStatusChange.connect( - lambda newstatus: self.onEIPConnStatusChange(newstatus)) - self.eipStatusChange.connect( - lambda newstatus: self.toggleEIPAct()) - - # do first run wizard and init signals - self.mainappReady.connect(self.do_first_run_wizard_check) - self.initReady.connect(self.runchecks_and_eipconnect) - - # ... all ready. go! - # connected to do_first_run_wizard_check - self.mainappReady.emit() - - def do_first_run_wizard_check(self): - """ - checks whether first run wizard needs to be run - launches it if needed - and emits initReady signal if not. - """ - - logger.debug('first run wizard check...') - need_wizard = False - - # do checks (can overlap if wizard was interrupted) - if not self.wizard_done: - need_wizard = True - - if not self.provider_domain: - need_wizard = True - else: - pcertchecker = ProviderCertChecker(domain=self.provider_domain) - if not pcertchecker.is_cert_valid(do_raise=False): - logger.warning('missing valid client cert. need wizard') - need_wizard = True - - # launch wizard if needed - if need_wizard: - logger.debug('running first run wizard') - self.launch_first_run_wizard() - else: # no wizard needed - self.initReady.emit() - - def launch_first_run_wizard(self): - """ - launches wizard and blocks - """ - from leap.gui.firstrun.wizard import FirstRunWizard - wizard = FirstRunWizard( - self.conductor, - parent=self, - username=self.username, - start_eipconnection_signal=self.start_eipconnection, - eip_statuschange_signal=self.eipStatusChange, - quitcallback=self.onWizardCancel) - wizard.show() - - def onWizardCancel(self): - if not self.wizard_done: - logger.debug( - 'clicked on Cancel during first ' - 'run wizard. shutting down') - self.cleanupAndQuit() - - def runchecks_and_eipconnect(self): - """ - shows icon and run init checks - """ - self.show_systray_icon() - self.initchecks.begin() - - def do_start_eipconnection(self): - """ - shows icon and init eip connection - called from the end of wizard - """ - self.show_systray_icon() - # this will setup the command - self.conductor.run_openvpn_checks() - self.start_or_stopVPN() diff --git a/src/leap/baseapp/network.py b/src/leap/baseapp/network.py deleted file mode 100644 index dc5182a4..00000000 --- a/src/leap/baseapp/network.py +++ /dev/null @@ -1,63 +0,0 @@ -from __future__ import print_function - -import logging - -logger = logging.getLogger(name=__name__) - -from PyQt4 import QtCore - -from leap.baseapp.dialogs import ErrorDialog -from leap.base.network import NetworkCheckerThread - -from leap.util.misc import null_check - - -class NetworkCheckerAppMixin(object): - """ - initialize an instance of the Network Checker, - which gathers error and passes them on. - """ - ERR_NETERR = False - - def __init__(self, *args, **kwargs): - provider = kwargs.pop('provider', None) - self.network_checker = None - if provider: - self.init_network_checker(provider) - - def init_network_checker(self, provider): - null_check(provider, "provider_domain") - if not self.network_checker: - self.network_checker = NetworkCheckerThread( - error_cb=self.networkError.emit, - debug=self.debugmode, - provider=provider) - self.network_checker.start() - - @QtCore.pyqtSlot(object) - def runNetworkChecks(self): - logger.debug('running checks (from NetworkChecker Mixin slot)') - self.network_checker.run_checks() - - @QtCore.pyqtSlot(object) - def onNetworkError(self, exc): - """ - slot that receives a network exceptions - and raises a user error message - """ - # FIXME this should not HANDLE anything after - # the network check thread has been stopped. - - logger.debug('handling network exception') - if not self.ERR_NETERR: - self.ERR_NETERR = True - - logger.error(exc.message) - dialog = ErrorDialog(parent=self) - if exc.critical: - dialog.criticalMessage(exc.usermessage, "network error") - else: - dialog.warningMessage(exc.usermessage, "network error") - - self.start_or_stopVPN() - self.network_checker.stop() diff --git a/src/leap/baseapp/permcheck.py b/src/leap/baseapp/permcheck.py deleted file mode 100644 index 6b74cb6e..00000000 --- a/src/leap/baseapp/permcheck.py +++ /dev/null @@ -1,17 +0,0 @@ -import commands -import os - -from leap.util.fileutil import which - - -def is_pkexec_in_system(): - pkexec_path = which('pkexec') - if not pkexec_path: - return False - return os.access(pkexec_path, os.X_OK) - - -def is_auth_agent_running(): - return bool( - commands.getoutput( - 'ps aux | grep polkit-[g]nome-authentication-agent-1')) diff --git a/src/leap/baseapp/systray.py b/src/leap/baseapp/systray.py deleted file mode 100644 index 77eb3fe9..00000000 --- a/src/leap/baseapp/systray.py +++ /dev/null @@ -1,268 +0,0 @@ -import logging -import sys - -import sip -sip.setapi('QString', 2) -sip.setapi('QVariant', 2) - -from PyQt4 import QtCore -from PyQt4 import QtGui - -from leap import __branding as BRANDING -from leap import __version__ as VERSION - -from leap.gui import mainwindow_rc - -logger = logging.getLogger(__name__) - - -class StatusAwareTrayIconMixin(object): - """ - a mix of several functions needed - to create a systray and make it - get updated from conductor status - polling. - """ - states = { - "disconnected": 0, - "connecting": 1, - "connected": 2} - - iconpath = { - "disconnected": ':/images/conn_error.png', - "connecting": ':/images/conn_connecting.png', - "connected": ':/images/conn_connected.png'} - - Icons = { - 'disconnected': lambda self: QtGui.QIcon( - self.iconpath['disconnected']), - 'connecting': lambda self: QtGui.QIcon( - self.iconpath['connecting']), - 'connected': lambda self: QtGui.QIcon( - self.iconpath['connected']) - } - - def __init__(self, *args, **kwargs): - self.createIconGroupBox() - self.createActions() - self.createTrayIcon() - - # not sure if this really belongs here, but... - self.timer = QtCore.QTimer() - - def show_systray_icon(self): - #logger.debug('showing tray icon................') - self.trayIcon.show() - - def createIconGroupBox(self): - """ - dummy icongroupbox - (to be removed from here -- reference only) - """ - con_widgets = { - 'disconnected': QtGui.QLabel(), - 'connecting': QtGui.QLabel(), - 'connected': QtGui.QLabel(), - } - con_widgets['disconnected'].setPixmap( - QtGui.QPixmap( - self.iconpath['disconnected'])) - con_widgets['connecting'].setPixmap( - QtGui.QPixmap( - self.iconpath['connecting'])) - con_widgets['connected'].setPixmap( - QtGui.QPixmap( - self.iconpath['connected'])), - self.ConnectionWidgets = con_widgets - - self.statusIconBox = QtGui.QGroupBox( - self.tr("EIP Connection Status")) - statusIconLayout = QtGui.QHBoxLayout() - statusIconLayout.addWidget(self.ConnectionWidgets['disconnected']) - statusIconLayout.addWidget(self.ConnectionWidgets['connecting']) - statusIconLayout.addWidget(self.ConnectionWidgets['connected']) - statusIconLayout.itemAt(1).widget().hide() - statusIconLayout.itemAt(2).widget().hide() - - self.leapConnStatus = QtGui.QLabel( - self.tr("<b>disconnected</b>")) - statusIconLayout.addWidget(self.leapConnStatus) - - self.statusIconBox.setLayout(statusIconLayout) - - def createTrayIcon(self): - """ - creates the tray icon - """ - self.trayIconMenu = QtGui.QMenu(self) - - self.trayIconMenu.addAction(self.connAct) - self.trayIconMenu.addSeparator() - self.trayIconMenu.addAction(self.detailsAct) - self.trayIconMenu.addSeparator() - self.trayIconMenu.addAction(self.aboutAct) - # we should get this hidden inside the "about" dialog - # (as a little button maybe) - #self.trayIconMenu.addAction(self.aboutQtAct) - self.trayIconMenu.addSeparator() - self.trayIconMenu.addAction(self.quitAction) - - self.trayIcon = QtGui.QSystemTrayIcon(self) - self.setIcon('disconnected') - self.trayIcon.setContextMenu(self.trayIconMenu) - - #self.trayIconMenu.setContextMenuPolicy(QtCore.Qt.CustomContextMenu) - #self.trayIconMenu.customContextMenuRequested.connect( - #self.on_context_menu) - - #def bad(self): - #logger.error('this should not be called') - - def createActions(self): - """ - creates actions to be binded to tray icon - """ - # XXX change action name on (dis)connect - self.connAct = QtGui.QAction( - self.tr("Encryption ON turn &off"), - self, - triggered=lambda: self.start_or_stopVPN()) - - self.detailsAct = QtGui.QAction( - self.tr("&Details..."), - self, - triggered=self.detailsWin) - self.aboutAct = QtGui.QAction( - self.tr("&About"), self, - triggered=self.about) - self.aboutQtAct = QtGui.QAction( - self.tr("About Q&t"), self, - triggered=QtGui.qApp.aboutQt) - self.quitAction = QtGui.QAction( - self.tr("&Quit"), self, - triggered=self.cleanupAndQuit) - - def toggleEIPAct(self): - # this is too simple by now. - # XXX get STATUS CONSTANTS INSTEAD - - icon_status = self.conductor.get_icon_name() - if icon_status == "connected": - self.connAct.setEnabled(True) - self.connAct.setText( - self.tr('Encryption ON turn o&ff')) - return - if icon_status == "disconnected": - self.connAct.setEnabled(True) - self.connAct.setText( - self.tr('Encryption OFF turn &on')) - return - if icon_status == "connecting": - self.connAct.setDisabled(True) - self.connAct.setText(self.tr('connecting...')) - return - - def detailsWin(self): - visible = self.isVisible() - if visible: - self.hide() - else: - self.show() - if sys.platform == "darwin": - self.raise_() - - def about(self): - # move to widget - flavor = BRANDING.get('short_name', None) - content = self.tr( - ("LEAP client<br>" - "(version <b>%s</b>)<br>" % VERSION)) - if flavor: - content = content + ('<br>Flavor: <i>%s</i><br>' % flavor) - content = content + ( - "<br><a href='https://leap.se/'>" - "https://leap.se</a>") - QtGui.QMessageBox.about(self, self.tr("About"), content) - - def setConnWidget(self, icon_name): - oldlayout = self.statusIconBox.layout() - - for i in range(3): - oldlayout.itemAt(i).widget().hide() - new = self.states[icon_name] - oldlayout.itemAt(new).widget().show() - - def setIcon(self, name): - icon_fun = self.Icons.get(name) - if icon_fun and callable(icon_fun): - icon = icon_fun(self) - self.trayIcon.setIcon(icon) - - def getIcon(self, icon_name): - return self.states.get(icon_name, None) - - def setIconToolTip(self): - """ - get readable status and place it on systray tooltip - """ - status = self.conductor.status.get_readable_status() - self.trayIcon.setToolTip(status) - - def iconActivated(self, reason): - """ - handles left click, left double click - showing the trayicon menu - """ - if reason in (QtGui.QSystemTrayIcon.Trigger, - QtGui.QSystemTrayIcon.DoubleClick): - context_menu = self.trayIcon.contextMenu() - # for some reason, context_menu.show() - # is failing in a way beyond my understanding. - # (not working the first time it's clicked). - # this works however. - # XXX in osx it shows some glitches. - context_menu.exec_(self.trayIcon.geometry().center()) - - @QtCore.pyqtSlot() - def onTimerTick(self): - self.statusUpdate() - - @QtCore.pyqtSlot(object) - def onOpenVPNStatusChange(self, status): - """ - updates icon, according to the openvpn status change. - """ - icon_name = self.conductor.get_icon_name() - if not icon_name: - return - - # XXX refactor. Use QStateMachine - - if icon_name in ("disconnected", "connected"): - self.eipStatusChange.emit(icon_name) - - if icon_name in ("connecting"): - # let's see how it matches - leap_status_name = self.conductor.get_leap_status() - self.eipStatusChange.emit(leap_status_name) - - if icon_name == "connected": - # When we change to "connected', we launch - # the network checker. - self.initNetworkChecker.emit() - - self.setIcon(icon_name) - # change connection pixmap widget - self.setConnWidget(icon_name) - - @QtCore.pyqtSlot(str) - def onEIPConnStatusChange(self, newstatus): - """ - slot for EIP status changes - not to be confused with onOpenVPNStatusChange. - this only updates the non-debug LEAP Status line - next to the connection icon. - """ - # XXX move bold to style sheet - self.leapConnStatus.setText( - "<b>%s</b>" % newstatus) diff --git a/src/leap/certs/__init__.py b/src/leap/certs/__init__.py deleted file mode 100644 index c4d009b1..00000000 --- a/src/leap/certs/__init__.py +++ /dev/null @@ -1,7 +0,0 @@ -import os - -_where = os.path.split(__file__)[0] - - -def where(filename): - return os.path.join(_where, filename) diff --git a/src/leap/base/__init__.py b/src/leap/config/__init__.py index e69de29b..e69de29b 100644 --- a/src/leap/base/__init__.py +++ b/src/leap/config/__init__.py diff --git a/src/leap/config/leapsettings.py b/src/leap/config/leapsettings.py new file mode 100644 index 00000000..35010280 --- /dev/null +++ b/src/leap/config/leapsettings.py @@ -0,0 +1,253 @@ +# -*- coding: utf-8 -*- +# leapsettings.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +""" +QSettings abstraction +""" +import os +import logging + +from PySide import QtCore + +from leap.common.check import leap_assert, leap_assert_type +from leap.common.config.prefixers import get_platform_prefixer + +logger = logging.getLogger(__name__) + + +def to_bool(val): + """ + Returns the boolean value corresponding to val. Will return False + in case val is not a string or something that behaves like one. + + :param val: value to cast + :type val: either bool already or str + + :rtype: bool + """ + if isinstance(val, bool): + return val + + bool_val = False + try: + bool_val = val.lower() == "true" + except: + pass + + return bool_val + + +class LeapSettings(object): + """ + Leap client QSettings wrapper + """ + + CONFIG_NAME = "leap.conf" + + # keys + GEOMETRY_KEY = "Geometry" + WINDOWSTATE_KEY = "WindowState" + USER_KEY = "User" + PROPERPROVIDER_KEY = "ProperProvider" + REMEMBER_KEY = "RememberUserAndPass" + DEFAULTPROVIDER_KEY = "DefaultProvider" + ALERTMISSING_KEY = "AlertMissingScripts" + + def __init__(self, standalone=False): + """ + Constructor + + :param standalone: parameter used to define the location of + the config + :type standalone: bool + """ + + settings_path = os.path.join(get_platform_prefixer() + .get_path_prefix(standalone=standalone), + "leap", + self.CONFIG_NAME) + self._settings = QtCore.QSettings(settings_path, + QtCore.QSettings.IniFormat) + + def get_geometry(self): + """ + Returns the saved geometry or None if it wasn't saved + + :rtype: bytearray or None + """ + return self._settings.value(self.GEOMETRY_KEY, None) + + def set_geometry(self, geometry): + """ + Saves the geometry to the settings + + :param geometry: bytearray representing the geometry + :type geometry: bytearray + """ + leap_assert(geometry, "We need a geometry") + self._settings.setValue(self.GEOMETRY_KEY, geometry) + + def get_windowstate(self): + """ + Returns the window state or None if it wasn't saved + + :rtype: bytearray or None + """ + return self._settings.value(self.WINDOWSTATE_KEY, None) + + def set_windowstate(self, windowstate): + """ + Saves the window state to the settings + + :param windowstate: bytearray representing the window state + :type windowstate: bytearray + """ + leap_assert(windowstate, "We need a window state") + self._settings.setValue(self.WINDOWSTATE_KEY, windowstate) + + def get_enabled_services(self, provider): + """ + Returns a list of enabled services for the given provider + + :param provider: provider domain + :type provider: str + + :rtype: list of str + """ + + leap_assert(len(provider) > 0, "We need a nonempty provider") + enabled_services = self._settings.value("%s/Services" % (provider,), + []) + if isinstance(enabled_services, (str, unicode)): + enabled_services = enabled_services.split(",") + + return enabled_services + + def set_enabled_services(self, provider, services): + """ + Saves the list of enabled services for the given provider + + :param provider: provider domain + :type provider: str + + :param services: list of services to save + :type services: list of str + """ + + leap_assert(len(provider) > 0, "We need a nonempty provider") + leap_assert_type(services, list) + + self._settings.setValue("%s/Services" % (provider,), + services) + + def get_user(self): + """ + Returns the configured user to remember, None if there isn't one + + :rtype: str or None + """ + return self._settings.value(self.USER_KEY, None) + + def set_user(self, user): + """ + Saves the user to remember + + :param user: user name to remember + :type user: str + """ + leap_assert(len(user) > 0, "We cannot save an empty user") + self._settings.setValue(self.USER_KEY, user) + + def get_remember(self): + """ + Returns the value of the remember selection. + + :rtype: bool + """ + return to_bool(self._settings.value(self.REMEMBER_KEY, False)) + + def set_remember(self, remember): + """ + Sets wheter the app should remember username and password + + :param remember: True if the app should remember username and + password, False otherwise + :rtype: bool + """ + leap_assert_type(remember, bool) + self._settings.setValue(self.REMEMBER_KEY, remember) + + # TODO: make this scale with multiple providers, we are assuming + # just one for now + def get_properprovider(self): + """ + Returns True if there is a properly configured provider. + + .. note:: this assumes only one provider for now. + + :rtype: bool + """ + return to_bool(self._settings.value(self.PROPERPROVIDER_KEY, False)) + + def set_properprovider(self, properprovider): + """ + Sets whether the app should automatically login. + + :param properprovider: True if the provider is properly configured, + False otherwise. + :type properprovider: bool + """ + leap_assert_type(properprovider, bool) + self._settings.setValue(self.PROPERPROVIDER_KEY, properprovider) + + def get_defaultprovider(self): + """ + Returns the default provider to be used for autostarting EIP + + :rtype: str or None + """ + return self._settings.value(self.DEFAULTPROVIDER_KEY, None) + + def set_defaultprovider(self, provider): + """ + Sets the default provider to be used for autostarting EIP + + :param provider: provider to use + :type provider: str or None + """ + if provider is None: + self._settings.remove(self.DEFAULTPROVIDER_KEY) + else: + self._settings.setValue(self.DEFAULTPROVIDER_KEY, provider) + + def get_alert_missing_scripts(self): + """ + Returns the setting for alerting of missing up/down scripts. + + :rtype: bool + """ + return to_bool(self._settings.value(self.ALERTMISSING_KEY, True)) + + def set_alert_missing_scripts(self, value): + """ + Sets the setting for alerting of missing up/down scripts. + + :param value: the value to set + :type value: bool + """ + leap_assert_type(value, bool) + self._settings.setValue(self.ALERTMISSING_KEY, value) diff --git a/src/leap/base/specs.py b/src/leap/config/provider_spec.py index fbe8a0e9..cf942c7b 100644 --- a/src/leap/base/specs.py +++ b/src/leap/config/provider_spec.py @@ -1,3 +1,20 @@ +# -*- coding: utf-8 -*- +# provider_spec.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + leap_provider_spec = { 'description': 'provider definition', 'type': 'object', @@ -5,7 +22,6 @@ leap_provider_spec = { 'version': { 'type': unicode, 'default': '0.1.0' - #'required': True }, "default_language": { 'type': unicode, @@ -14,14 +30,11 @@ leap_provider_spec = { 'domain': { 'type': unicode, # XXX define uri type 'default': 'testprovider.example.org' - #'required': True, }, 'name': { - #'type': LEAPTranslatable, 'type': dict, 'format': 'translatable', 'default': {u'en': u'Test Provider'} - #'required': True }, 'description': { #'type': LEAPTranslatable, @@ -57,6 +70,36 @@ leap_provider_spec = { 'languages': { 'type': list, 'default': ['en'] + }, + 'service': { + 'levels': { + 'type': list + }, + 'default_service_level': { + 'type': int, + 'default': 1 + }, + 'allow_free': { + 'type': unicode + }, + 'allow_paid': { + 'type': unicode + }, + 'allow_anonymous': { + 'type': unicode + }, + 'allow_registration': { + 'type': unicode + }, + 'bandwidth_limit': { + 'type': int + }, + 'allow_limited_bandwidth': { + 'type': unicode + }, + 'allow_unlimited_bandwidth': { + 'type': unicode + } } } } diff --git a/src/leap/config/providerconfig.py b/src/leap/config/providerconfig.py new file mode 100644 index 00000000..8b72153a --- /dev/null +++ b/src/leap/config/providerconfig.py @@ -0,0 +1,177 @@ +# -*- coding: utf-8 -*- +# providerconfig.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +""" +Provider configuration +""" +import logging +import os + +from leap.common.check import leap_assert +from leap.common.config.baseconfig import BaseConfig, LocalizedKey +from leap.config.provider_spec import leap_provider_spec + +logger = logging.getLogger(__name__) + + +class ProviderConfig(BaseConfig): + """ + Provider configuration abstraction class + """ + def __init__(self): + BaseConfig.__init__(self) + + def _get_spec(self): + """ + Returns the spec object for the specific configuration + """ + return leap_provider_spec + + def get_api_uri(self): + return self._safe_get_value("api_uri") + + def get_api_version(self): + return self._safe_get_value("api_version") + + def get_ca_cert_fingerprint(self): + return self._safe_get_value("ca_cert_fingerprint") + + def get_ca_cert_uri(self): + return self._safe_get_value("ca_cert_uri") + + def get_default_language(self): + return self._safe_get_value("default_language") + + @LocalizedKey + def get_description(self): + return self._safe_get_value("description") + + def get_domain(self): + return self._safe_get_value("domain") + + def get_enrollment_policy(self): + """ + Returns the enrollment policy + + :rtype: string + """ + return self._safe_get_value("enrollment_policy") + + def get_languages(self): + return self._safe_get_value("languages") + + @LocalizedKey + def get_name(self): + return self._safe_get_value("name") + + def get_services(self): + """ + Returns a list with the available services in the current provider. + + :rtype: list + """ + services = self._safe_get_value("services") + return services + + def get_services_string(self): + """ + Returns a string with the available services in the current + provider, ready to be shown to the user. + """ + services_str = ", ".join(self.get_services()) + services_str = services_str.replace( + "openvpn", "Encrypted Internet") + return services_str + + def get_ca_cert_path(self, about_to_download=False): + """ + Returns the path to the certificate for the current provider. + + :param about_to_download: defines wether we want the path to + download the cert or not. This helps avoid + checking if the cert exists because we + are about to write it. + :type about_to_download: bool + """ + + cert_path = os.path.join(self.get_path_prefix(), + "leap", + "providers", + self.get_domain(), + "keys", + "ca", + "cacert.pem") + + if not about_to_download: + leap_assert(os.path.exists(cert_path), + "You need to download the certificate first") + logger.debug("Going to verify SSL against %s" % (cert_path,)) + + return cert_path + + def provides_eip(self): + """ + Returns True if this particular provider has the EIP service, + False otherwise. + + :rtype: bool + """ + return "openvpn" in self.get_services() + + def provides_mx(self): + """ + Returns True if this particular provider has the MX service, + False otherwise. + + :rtype: bool + """ + return "mx" in self.get_services() + + +if __name__ == "__main__": + logger = logging.getLogger(name='leap') + logger.setLevel(logging.DEBUG) + console = logging.StreamHandler() + console.setLevel(logging.DEBUG) + formatter = logging.Formatter( + '%(asctime)s ' + '- %(name)s - %(levelname)s - %(message)s') + console.setFormatter(formatter) + logger.addHandler(console) + + provider = ProviderConfig() + + try: + provider.get_api_version() + except Exception as e: + assert isinstance(e, AssertionError), "Expected an assert" + print "Safe value getting is working" + + # standalone minitest + #if provider.load("provider_bad.json"): + if provider.load("leap/providers/bitmask.net/provider.json"): + print provider.get_api_version() + print provider.get_ca_cert_fingerprint() + print provider.get_ca_cert_uri() + print provider.get_default_language() + print provider.get_description() + print provider.get_description(lang="asd") + print provider.get_domain() + print provider.get_enrollment_policy() + print provider.get_languages() + print provider.get_name() + print provider.get_services() diff --git a/src/leap/config/tests/test_providerconfig.py b/src/leap/config/tests/test_providerconfig.py new file mode 100644 index 00000000..4e86a5f7 --- /dev/null +++ b/src/leap/config/tests/test_providerconfig.py @@ -0,0 +1,279 @@ +# -*- coding: utf-8 -*- +# test_providerconfig.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +""" +Tests for providerconfig +""" + +try: + import unittest2 as unittest +except ImportError: + import unittest + +import os +import json +import copy + +from leap.common.testing.basetest import BaseLeapTest +from leap.config.providerconfig import ProviderConfig +from leap.services import get_supported + +from mock import Mock + + +sample_config = { + "api_uri": "https://api.test.bitmask.net:4430", + "api_version": "1", + "ca_cert_fingerprint": + "SHA256: 0f17c033115f6b76ff67871872303ff65034efe7dd1b910062ca323eb4da5c7e", + "ca_cert_uri": "https://test.bitmask.net/ca.crt", + "default_language": "en", + "description": { + "en": "Test description for provider", + "es": "Descripcion de prueba para el proveedor" + }, + "domain": "test.bitmask.net", + "enrollment_policy": "open", + "languages": [ + "en", + "es" + ], + "name": { + "en": "Bitmask testing environment", + "es": "Entorno de pruebas de Bitmask" + }, + "service": { + "allow_anonymous": True, + "allow_free": True, + "allow_limited_bandwidth": True, + "allow_paid": False, + "allow_registration": True, + "allow_unlimited_bandwidth": False, + "bandwidth_limit": 400000, + "default_service_level": 1, + "levels": [ + { + "bandwidth": "limited", + "id": 1, + "name": "anonymous" + }, + { + "bandwidth": "limited", + "id": 2, + "name": "free", + "storage": 50 + } + ] + }, + "services": [ + "openvpn" + ] +} + + +class ProviderConfigTest(BaseLeapTest): + """Tests for ProviderConfig""" + + def setUp(self): + self._provider_config = ProviderConfig() + json_string = json.dumps(sample_config) + self._provider_config.load(data=json_string) + + # At certain points we are going to be replacing these method + # to avoid creating a file. + # We need to save the old implementation and restore it in + # tearDown so we are sure everything is as expected for each + # test. If we do it inside each specific test, a failure in + # the test will leave the implementation with the mock. + self._old_ospath_exists = os.path.exists + + def tearDown(self): + os.path.exists = self._old_ospath_exists + + def test_configs_ok(self): + """ + Test if the configs loads ok + """ + # TODO: this test should go to the BaseConfig tests + pc = self._provider_config + self.assertEqual(pc.get_api_uri(), sample_config['api_uri']) + self.assertEqual(pc.get_api_version(), sample_config['api_version']) + self.assertEqual(pc.get_ca_cert_fingerprint(), + sample_config['ca_cert_fingerprint']) + self.assertEqual(pc.get_ca_cert_uri(), sample_config['ca_cert_uri']) + self.assertEqual(pc.get_default_language(), + sample_config['default_language']) + + self.assertEqual(pc.get_domain(), sample_config['domain']) + self.assertEqual(pc.get_enrollment_policy(), + sample_config['enrollment_policy']) + self.assertEqual(pc.get_languages(), sample_config['languages']) + + def test_localizations(self): + pc = self._provider_config + + self.assertEqual(pc.get_description(lang='en'), + sample_config['description']['en']) + self.assertEqual(pc.get_description(lang='es'), + sample_config['description']['es']) + + self.assertEqual(pc.get_name(lang='en'), sample_config['name']['en']) + self.assertEqual(pc.get_name(lang='es'), sample_config['name']['es']) + + def _localize(self, lang): + """ + Helper to change default language of the provider config. + """ + pc = self._provider_config + config = copy.deepcopy(sample_config) + config['default_language'] = lang + json_string = json.dumps(config) + pc.load(data=json_string) + + return config + + def test_default_localization1(self): + pc = self._provider_config + config = self._localize(sample_config['languages'][0]) + + default_language = config['default_language'] + default_description = config['description'][default_language] + default_name = config['name'][default_language] + + self.assertEqual(pc.get_description(lang='xx'), default_description) + self.assertEqual(pc.get_description(), default_description) + + self.assertEqual(pc.get_name(lang='xx'), default_name) + self.assertEqual(pc.get_name(), default_name) + + def test_default_localization2(self): + pc = self._provider_config + config = self._localize(sample_config['languages'][1]) + + default_language = config['default_language'] + default_description = config['description'][default_language] + default_name = config['name'][default_language] + + self.assertEqual(pc.get_description(lang='xx'), default_description) + self.assertEqual(pc.get_description(), default_description) + + self.assertEqual(pc.get_name(lang='xx'), default_name) + self.assertEqual(pc.get_name(), default_name) + + def test_get_ca_cert_path_as_expected(self): + pc = self._provider_config + pc.get_path_prefix = Mock(return_value='test') + + provider_domain = sample_config['domain'] + expected_path = os.path.join('test', 'leap', 'providers', + provider_domain, 'keys', 'ca', + 'cacert.pem') + + # mock 'os.path.exists' so we don't get an error for unexisting file + os.path.exists = Mock(return_value=True) + cert_path = pc.get_ca_cert_path() + + self.assertEqual(cert_path, expected_path) + + def test_get_ca_cert_path_about_to_download(self): + pc = self._provider_config + pc.get_path_prefix = Mock(return_value='test') + + provider_domain = sample_config['domain'] + expected_path = os.path.join('test', 'leap', 'providers', + provider_domain, 'keys', 'ca', + 'cacert.pem') + + cert_path = pc.get_ca_cert_path(about_to_download=True) + + self.assertEqual(cert_path, expected_path) + + def test_get_ca_cert_path_fails(self): + pc = self._provider_config + pc.get_path_prefix = Mock(return_value='test') + + # mock 'get_domain' so we don't need to load a config + provider_domain = 'test.provider.com' + pc.get_domain = Mock(return_value=provider_domain) + + with self.assertRaises(AssertionError): + pc.get_ca_cert_path() + + def test_provides_eip(self): + pc = self._provider_config + config = copy.deepcopy(sample_config) + + # It provides + config['services'] = ['openvpn', 'test_service'] + json_string = json.dumps(config) + pc.load(data=json_string) + self.assertTrue(pc.provides_eip()) + + # It does not provides + config['services'] = ['test_service', 'other_service'] + json_string = json.dumps(config) + pc.load(data=json_string) + self.assertFalse(pc.provides_eip()) + + def test_provides_mx(self): + pc = self._provider_config + config = copy.deepcopy(sample_config) + + # It provides + config['services'] = ['mx', 'other_service'] + json_string = json.dumps(config) + pc.load(data=json_string) + self.assertTrue(pc.provides_mx()) + + # It does not provides + config['services'] = ['test_service', 'other_service'] + json_string = json.dumps(config) + pc.load(data=json_string) + self.assertFalse(pc.provides_mx()) + + def test_supports_unknown_service(self): + pc = self._provider_config + config = copy.deepcopy(sample_config) + + config['services'] = ['unknown'] + json_string = json.dumps(config) + pc.load(data=json_string) + self.assertFalse('unknown' in get_supported(pc.get_services())) + + def test_provides_unknown_service(self): + pc = self._provider_config + config = copy.deepcopy(sample_config) + + config['services'] = ['unknown'] + json_string = json.dumps(config) + pc.load(data=json_string) + self.assertTrue('unknown' in pc.get_services()) + + def test_get_services_string(self): + pc = self._provider_config + config = copy.deepcopy(sample_config) + config['services'] = [ + 'openvpn', 'asdf', 'openvpn', 'not_supported_service'] + json_string = json.dumps(config) + pc.load(data=json_string) + + self.assertEqual(pc.get_services_string(), + "Encrypted Internet, asdf, Encrypted Internet," + " not_supported_service") + + +if __name__ == "__main__": + unittest.main() diff --git a/src/leap/crypto/certs.py b/src/leap/crypto/certs.py deleted file mode 100644 index cbb5725a..00000000 --- a/src/leap/crypto/certs.py +++ /dev/null @@ -1,112 +0,0 @@ -import logging -import os -from StringIO import StringIO -import ssl -import time - -from dateutil.parser import parse -from OpenSSL import crypto - -from leap.util.misc import null_check - -logger = logging.getLogger(__name__) - - -class BadCertError(Exception): - """ - raised for malformed certs - """ - - -class NoCertError(Exception): - """ - raised for cert not found in given path - """ - - -def get_https_cert_from_domain(domain, port=443): - """ - @param domain: a domain name to get a certificate from. - """ - cert = ssl.get_server_certificate((domain, port)) - x509 = crypto.load_certificate(crypto.FILETYPE_PEM, cert) - return x509 - - -def get_cert_from_file(_file): - null_check(_file, "pem file") - if isinstance(_file, (str, unicode)): - if not os.path.isfile(_file): - raise NoCertError - with open(_file) as f: - cert = f.read() - else: - cert = _file.read() - x509 = crypto.load_certificate(crypto.FILETYPE_PEM, cert) - return x509 - - -def get_pkey_from_file(_file): - getkey = lambda f: crypto.load_privatekey( - crypto.FILETYPE_PEM, f.read()) - - if isinstance(_file, str): - with open(_file) as f: - key = getkey(f) - else: - key = getkey(_file) - return key - - -def can_load_cert_and_pkey(string): - """ - loads certificate and private key from - a buffer - """ - try: - f = StringIO(string) - cert = get_cert_from_file(f) - - f = StringIO(string) - key = get_pkey_from_file(f) - - null_check(cert, 'certificate') - null_check(key, 'private key') - except Exception as exc: - logger.error(type(exc), exc.message) - raise BadCertError - else: - return True - - -def get_cert_fingerprint(domain=None, port=443, filepath=None, - hash_type="SHA256", sep=":"): - """ - @param domain: a domain name to get a fingerprint from - @type domain: str - @param filepath: path to a file containing a PEM file - @type filepath: str - @param hash_type: the hash function to be used in the fingerprint. - must be one of SHA1, SHA224, SHA256, SHA384, SHA512 - @type hash_type: str - @rparam: hex_fpr, a hexadecimal representation of a bytestring - containing the fingerprint. - @rtype: string - """ - if domain: - cert = get_https_cert_from_domain(domain, port=port) - if filepath: - cert = get_cert_from_file(filepath) - hex_fpr = cert.digest(hash_type) - return hex_fpr - - -def get_time_boundaries(certfile): - cert = get_cert_from_file(certfile) - null_check(cert, 'certificate') - - fromts, tots = (cert.get_notBefore(), cert.get_notAfter()) - from_, to_ = map( - lambda ts: time.gmtime(time.mktime(parse(ts).timetuple())), - (fromts, tots)) - return from_, to_ diff --git a/src/leap/crypto/certs_gnutls.py b/src/leap/crypto/certs_gnutls.py deleted file mode 100644 index 20c0e043..00000000 --- a/src/leap/crypto/certs_gnutls.py +++ /dev/null @@ -1,112 +0,0 @@ -''' -We're using PyOpenSSL now - -import ctypes -from StringIO import StringIO -import socket - -import gnutls.connection -import gnutls.crypto -import gnutls.library - -from leap.util.misc import null_check - - -class BadCertError(Exception): - """raised for malformed certs""" - - -def get_https_cert_from_domain(domain): - """ - @param domain: a domain name to get a certificate from. - """ - sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - cred = gnutls.connection.X509Credentials() - - session = gnutls.connection.ClientSession(sock, cred) - session.connect((domain, 443)) - session.handshake() - cert = session.peer_certificate - return cert - - -def get_cert_from_file(_file): - getcert = lambda f: gnutls.crypto.X509Certificate(f.read()) - if isinstance(_file, str): - with open(_file) as f: - cert = getcert(f) - else: - cert = getcert(_file) - return cert - - -def get_pkey_from_file(_file): - getkey = lambda f: gnutls.crypto.X509PrivateKey(f.read()) - if isinstance(_file, str): - with open(_file) as f: - key = getkey(f) - else: - key = getkey(_file) - return key - - -def can_load_cert_and_pkey(string): - try: - f = StringIO(string) - cert = get_cert_from_file(f) - - f = StringIO(string) - key = get_pkey_from_file(f) - - null_check(cert, 'certificate') - null_check(key, 'private key') - except: - # XXX catch GNUTLSError? - raise BadCertError - else: - return True - -def get_cert_fingerprint(domain=None, filepath=None, - hash_type="SHA256", sep=":"): - """ - @param domain: a domain name to get a fingerprint from - @type domain: str - @param filepath: path to a file containing a PEM file - @type filepath: str - @param hash_type: the hash function to be used in the fingerprint. - must be one of SHA1, SHA224, SHA256, SHA384, SHA512 - @type hash_type: str - @rparam: hex_fpr, a hexadecimal representation of a bytestring - containing the fingerprint. - @rtype: string - """ - if domain: - cert = get_https_cert_from_domain(domain) - if filepath: - cert = get_cert_from_file(filepath) - - _buffer = ctypes.create_string_buffer(64) - buffer_length = ctypes.c_size_t(64) - - SUPPORTED_DIGEST_FUN = ("SHA1", "SHA224", "SHA256", "SHA384", "SHA512") - if hash_type in SUPPORTED_DIGEST_FUN: - digestfunction = getattr( - gnutls.library.constants, - "GNUTLS_DIG_%s" % hash_type) - else: - # XXX improperlyconfigured or something - raise Exception("digest function not supported") - - gnutls.library.functions.gnutls_x509_crt_get_fingerprint( - cert._c_object, digestfunction, - ctypes.byref(_buffer), ctypes.byref(buffer_length)) - - # deinit - #server_cert._X509Certificate__deinit(server_cert._c_object) - # needed? is segfaulting - - fpr = ctypes.string_at(_buffer, buffer_length.value) - hex_fpr = sep.join(u"%02X" % ord(char) for char in fpr) - - return hex_fpr -''' diff --git a/src/leap/crypto/constants.py b/src/leap/crypto/constants.py new file mode 100644 index 00000000..c5eaef1f --- /dev/null +++ b/src/leap/crypto/constants.py @@ -0,0 +1,18 @@ +# -*- coding: utf-8 -*- +# constants.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +SIGNUP_TIMEOUT = 5 diff --git a/src/leap/crypto/leapkeyring.py b/src/leap/crypto/leapkeyring.py deleted file mode 100644 index c241d0bc..00000000 --- a/src/leap/crypto/leapkeyring.py +++ /dev/null @@ -1,70 +0,0 @@ -import keyring - -from leap.base.config import get_config_file - -############# -# Disclaimer -############# -# This currently is not a keyring, it's more like a joke. -# No, seriously. -# We're affected by this **bug** - -# https://bitbucket.org/kang/python-keyring-lib/ -# issue/65/dbusexception-method-opensession-with - -# so using the gnome keyring does not seem feasible right now. -# I thought this was the next best option to store secrets in plain sight. - -# in the future we should move to use the gnome/kde/macosx/win keyrings. - - -class LeapCryptedFileKeyring(keyring.backend.CryptedFileKeyring): - - filename = ".secrets" - - @property - def file_path(self): - return get_config_file(self.filename) - - def __init__(self, seed=None): - self.seed = seed - - def _get_new_password(self): - # XXX every time this method is called, - # $deity kills a kitten. - return "secret%s" % self.seed - - def _init_file(self): - self.keyring_key = self._get_new_password() - self.set_password('keyring_setting', 'pass_ref', 'pass_ref_value') - - def _unlock(self): - self.keyring_key = self._get_new_password() - print 'keyring key ', self.keyring_key - try: - ref_pw = self.get_password( - 'keyring_setting', - 'pass_ref') - print 'ref pw ', ref_pw - assert ref_pw == "pass_ref_value" - except AssertionError: - self._lock() - raise ValueError('Incorrect password') - - -def leap_set_password(key, value, seed="xxx"): - key, value = map(unicode, (key, value)) - keyring.set_keyring(LeapCryptedFileKeyring(seed=seed)) - keyring.set_password('leap', key, value) - - -def leap_get_password(key, seed="xxx"): - keyring.set_keyring(LeapCryptedFileKeyring(seed=seed)) - #import ipdb;ipdb.set_trace() - return keyring.get_password('leap', key) - - -if __name__ == "__main__": - leap_set_password('test', 'bar') - passwd = leap_get_password('test') - assert passwd == 'bar' diff --git a/src/leap/crypto/srpauth.py b/src/leap/crypto/srpauth.py new file mode 100644 index 00000000..0e95ae64 --- /dev/null +++ b/src/leap/crypto/srpauth.py @@ -0,0 +1,496 @@ +# -*- coding: utf-8 -*- +# srpauth.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import binascii +import logging + +import requests +import srp +import json + +#this error is raised from requests +from simplejson.decoder import JSONDecodeError +from functools import partial + +from PySide import QtCore +from twisted.internet import threads + +from leap.common.check import leap_assert +from leap.util.request_helpers import get_content +from leap.common.events import signal as events_signal +from leap.common.events import events_pb2 as proto + +logger = logging.getLogger(__name__) + + +class SRPAuthenticationError(Exception): + """ + Exception raised for authentication errors + """ + pass + + +class SRPAuth(QtCore.QObject): + """ + SRPAuth singleton + """ + + class __impl(QtCore.QObject): + """ + Implementation of the SRPAuth interface + """ + + LOGIN_KEY = "login" + A_KEY = "A" + CLIENT_AUTH_KEY = "client_auth" + SESSION_ID_KEY = "_session_id" + + def __init__(self, provider_config): + """ + Constructor for SRPAuth implementation + + :param server: Server to which we will authenticate + :type server: str + """ + QtCore.QObject.__init__(self) + + leap_assert(provider_config, + "We need a provider config to authenticate") + + self._provider_config = provider_config + + # **************************************************** # + # Dependency injection helpers, override this for more + # granular testing + self._fetcher = requests + self._srp = srp + self._hashfun = self._srp.SHA256 + self._ng = self._srp.NG_1024 + # **************************************************** # + + self._session = self._fetcher.session() + self._session_id = None + self._session_id_lock = QtCore.QMutex() + self._uid = None + self._uid_lock = QtCore.QMutex() + self._token = None + self._token_lock = QtCore.QMutex() + + self._srp_user = None + self._srp_a = None + + def _safe_unhexlify(self, val): + """ + Rounds the val to a multiple of 2 and returns the + unhexlified value + + :param val: hexlified value + :type val: str + + :rtype: binary hex data + :return: unhexlified val + """ + return binascii.unhexlify(val) \ + if (len(val) % 2 == 0) else binascii.unhexlify('0' + val) + + def _authentication_preprocessing(self, username, password): + """ + Generates the SRP.User to get the A SRP parameter + + :param username: username to login + :type username: str + :param password: password for the username + :type password: str + """ + logger.debug("Authentication preprocessing...") + self._srp_user = self._srp.User(username, + password, + self._hashfun, + self._ng) + _, A = self._srp_user.start_authentication() + + self._srp_a = A + + def _start_authentication(self, _, username, password): + """ + Sends the first request for authentication to retrieve the + salt and B parameter + + Might raise SRPAuthenticationError + + :param _: IGNORED, output from the previous callback (None) + :type _: IGNORED + :param username: username to login + :type username: str + :param password: password for the username + :type password: str + + :return: salt and B parameters + :rtype: tuple + """ + logger.debug("Starting authentication process...") + try: + auth_data = { + self.LOGIN_KEY: username, + self.A_KEY: binascii.hexlify(self._srp_a) + } + sessions_url = "%s/%s/%s/" % \ + (self._provider_config.get_api_uri(), + self._provider_config.get_api_version(), + "sessions") + init_session = self._session.post(sessions_url, + data=auth_data, + verify=self._provider_config. + get_ca_cert_path()) + except requests.exceptions.ConnectionError as e: + logger.error("No connection made (salt): %r" % + (e,)) + raise SRPAuthenticationError("Could not establish a " + "connection") + except Exception as e: + logger.error("Unknown error: %r" % (e,)) + raise SRPAuthenticationError("Unknown error: %r" % + (e,)) + + content, mtime = get_content(init_session) + + if init_session.status_code not in (200,): + logger.error("No valid response (salt): " + "Status code = %r. Content: %r" % + (init_session.status_code, content)) + if init_session.status_code == 422: + raise SRPAuthenticationError(self.tr("Unknown user")) + + json_content = json.loads(content) + salt = json_content.get("salt", None) + B = json_content.get("B", None) + + if salt is None: + logger.error("No salt parameter sent") + raise SRPAuthenticationError(self.tr("The server did not send " + "the salt parameter")) + if B is None: + logger.error("No B parameter sent") + raise SRPAuthenticationError(self.tr("The server did not send " + "the B parameter")) + + return salt, B + + def _process_challenge(self, salt_B, username): + """ + Given the salt and B processes the auth challenge and + generates the M2 parameter + + Might throw SRPAuthenticationError + + :param salt_B: salt and B parameters for the username + :type salt_B: tuple + :param username: username for this session + :type username: str + + :return: the M2 SRP parameter + :rtype: str + """ + logger.debug("Processing challenge...") + try: + salt, B = salt_B + unhex_salt = self._safe_unhexlify(salt) + unhex_B = self._safe_unhexlify(B) + except TypeError as e: + logger.error("Bad data from server: %r" % (e,)) + raise SRPAuthenticationError(self.tr("The data sent from " + "the server had errors")) + M = self._srp_user.process_challenge(unhex_salt, unhex_B) + + auth_url = "%s/%s/%s/%s" % (self._provider_config.get_api_uri(), + self._provider_config. + get_api_version(), + "sessions", + username) + + auth_data = { + self.CLIENT_AUTH_KEY: binascii.hexlify(M) + } + + try: + auth_result = self._session.put(auth_url, + data=auth_data, + verify=self._provider_config. + get_ca_cert_path()) + except requests.exceptions.ConnectionError as e: + logger.error("No connection made (HAMK): %r" % (e,)) + raise SRPAuthenticationError(self.tr("Could not connect to " + "the server")) + + try: + content, mtime = get_content(auth_result) + except JSONDecodeError: + raise SRPAuthenticationError("Bad JSON content in auth result") + + if auth_result.status_code == 422: + error = "" + try: + error = json.loads(content).get("errors", "") + except ValueError: + logger.error("Problem parsing the received response: %s" + % (content,)) + except AttributeError: + logger.error("Expecting a dict but something else was " + "received: %s", (content,)) + logger.error("[%s] Wrong password (HAMK): [%s]" % + (auth_result.status_code, error)) + raise SRPAuthenticationError(self.tr("Wrong password")) + + if auth_result.status_code not in (200,): + logger.error("No valid response (HAMK): " + "Status code = %s. Content = %r" % + (auth_result.status_code, content)) + raise SRPAuthenticationError(self.tr("Unknown error (%s)") % + (auth_result.status_code,)) + + json_content = json.loads(content) + + try: + M2 = json_content.get("M2", None) + uid = json_content.get("id", None) + token = json_content.get("token", None) + except Exception as e: + logger.error(e) + raise Exception("Something went wrong with the login") + + events_signal(proto.CLIENT_UID, content=uid) + + self.set_uid(uid) + self.set_token(token) + + if M2 is None or self.get_uid() is None: + logger.error("Something went wrong. Content = %r" % + (content,)) + raise SRPAuthenticationError(self.tr("Problem getting data " + "from server")) + + return M2 + + def _verify_session(self, M2): + """ + Verifies the session based on the M2 parameter. If the + verification succeeds, it sets the session_id for this + session + + Might throw SRPAuthenticationError + + :param M2: M2 SRP parameter + :type M2: str + """ + logger.debug("Verifying session...") + try: + unhex_M2 = self._safe_unhexlify(M2) + except TypeError: + logger.error("Bad data from server (HAWK)") + raise SRPAuthenticationError(self.tr("Bad data from server")) + + self._srp_user.verify_session(unhex_M2) + + if not self._srp_user.authenticated(): + logger.error("Auth verification failed") + raise SRPAuthenticationError(self.tr("Auth verification " + "failed")) + logger.debug("Session verified.") + + session_id = self._session.cookies.get(self.SESSION_ID_KEY, None) + if not session_id: + logger.error("Bad cookie from server (missing _session_id)") + raise SRPAuthenticationError(self.tr("Session cookie " + "verification " + "failed")) + + events_signal(proto.CLIENT_SESSION_ID, content=session_id) + + self.set_session_id(session_id) + + def _threader(self, cb, res, *args, **kwargs): + return threads.deferToThread(cb, res, *args, **kwargs) + + def authenticate(self, username, password): + """ + Executes the whole authentication process for a user + + Might raise SRPAuthenticationError + + :param username: username for this session + :type username: str + :param password: password for this user + :type password: str + + :returns: A defer on a different thread + :rtype: twisted.internet.defer.Deferred + """ + leap_assert(self.get_session_id() is None, "Already logged in") + + d = threads.deferToThread(self._authentication_preprocessing, + username=username, + password=password) + + d.addCallback( + partial(self._threader, + self._start_authentication), + username=username, + password=password) + d.addCallback( + partial(self._threader, + self._process_challenge), + username=username) + d.addCallback(partial(self._threader, + self._verify_session)) + + return d + + def logout(self): + """ + Logs out the current session. + Expects a session_id to exists, might raise AssertionError + """ + logger.debug("Starting logout...") + + leap_assert(self.get_session_id(), + "Cannot logout an unexisting session") + + logout_url = "%s/%s/%s/" % (self._provider_config.get_api_uri(), + self._provider_config. + get_api_version(), + "sessions") + try: + self._session.delete(logout_url, + data=self.get_session_id(), + verify=self._provider_config. + get_ca_cert_path()) + except Exception as e: + logger.warning("Something went wrong with the logout: %r" % + (e,)) + + self.set_session_id(None) + self.set_uid(None) + # Also reset the session + self._session = self._fetcher.session() + logger.debug("Successfully logged out.") + + def set_session_id(self, session_id): + QtCore.QMutexLocker(self._session_id_lock) + self._session_id = session_id + + def get_session_id(self): + QtCore.QMutexLocker(self._session_id_lock) + return self._session_id + + def set_uid(self, uid): + QtCore.QMutexLocker(self._uid_lock) + self._uid = uid + + def get_uid(self): + QtCore.QMutexLocker(self._uid_lock) + return self._uid + + def set_token(self, token): + QtCore.QMutexLocker(self._token_lock) + self._token = token + + def get_token(self): + QtCore.QMutexLocker(self._token_lock) + return self._token + + __instance = None + + authentication_finished = QtCore.Signal(bool, str) + logout_finished = QtCore.Signal(bool, str) + + def __init__(self, provider_config): + """ + Creates a singleton instance if needed + """ + QtCore.QObject.__init__(self) + + # Check whether we already have an instance + if SRPAuth.__instance is None: + # Create and remember instance + SRPAuth.__instance = SRPAuth.__impl(provider_config) + + # Store instance reference as the only member in the handle + self.__dict__['_SRPAuth__instance'] = SRPAuth.__instance + + self._username = None + self._password = None + + def authenticate(self, username, password): + """ + Executes the whole authentication process for a user + + Might raise SRPAuthenticationError + + :param username: username for this session + :type username: str + :param password: password for this user + :type password: str + """ + + d = self.__instance.authenticate(username, password) + d.addCallback(self._gui_notify) + d.addErrback(self._errback) + return d + + def _gui_notify(self, _): + """ + Callback that notifies the UI with the proper signal. + + :param _: IGNORED, output from the previous callback (None) + :type _: IGNORED + """ + logger.debug("Successful login!") + self.authentication_finished.emit(True, self.tr("Succeeded")) + + def _errback(self, failure): + """ + General errback for the whole login process. Will notify the + UI with the proper signal. + + :param failure: Failure object captured from a callback. + :type failure: twisted.python.failure.Failure + """ + logger.error("Error logging in %s" % (failure,)) + self.authentication_finished.emit(False, "%s" % (failure.value,)) + failure.trap(Exception) + + def get_session_id(self): + return self.__instance.get_session_id() + + def get_uid(self): + return self.__instance.get_uid() + + def get_token(self): + return self.__instance.get_token() + + def logout(self): + """ + Logs out the current session. + Expects a session_id to exists, might raise AssertionError + """ + try: + self.__instance.logout() + self.logout_finished.emit(True, self.tr("Succeeded")) + return True + except Exception as e: + self.logout_finished.emit(False, "%s" % (e,)) + return False diff --git a/src/leap/crypto/srpregister.py b/src/leap/crypto/srpregister.py new file mode 100644 index 00000000..07b3c917 --- /dev/null +++ b/src/leap/crypto/srpregister.py @@ -0,0 +1,163 @@ +# -*- coding: utf-8 -*- +# srpregister.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import binascii +import logging + +import requests +import srp + +from PySide import QtCore +from urlparse import urlparse + +from leap.config.providerconfig import ProviderConfig +from leap.crypto.constants import SIGNUP_TIMEOUT +from leap.common.check import leap_assert, leap_assert_type + +logger = logging.getLogger(__name__) + + +class SRPRegister(QtCore.QObject): + """ + Registers a user to a specific provider using SRP + """ + + USER_LOGIN_KEY = 'user[login]' + USER_VERIFIER_KEY = 'user[password_verifier]' + USER_SALT_KEY = 'user[password_salt]' + + registration_finished = QtCore.Signal(bool, object) + + def __init__(self, + provider_config=None, + register_path="users"): + """ + Constructor + + :param provider_config: provider configuration instance, + properly loaded + :type privider_config: ProviderConfig + :param register_path: webapp path for registering users + :type register_path; str + """ + QtCore.QObject.__init__(self) + leap_assert(provider_config, "Please provide a provider") + leap_assert_type(provider_config, ProviderConfig) + + self._provider_config = provider_config + + # **************************************************** # + # Dependency injection helpers, override this for more + # granular testing + self._fetcher = requests + self._srp = srp + self._hashfun = self._srp.SHA256 + self._ng = self._srp.NG_1024 + # **************************************************** # + + parsed_url = urlparse(provider_config.get_api_uri()) + self._provider = parsed_url.hostname + self._port = parsed_url.port + if self._port is None: + self._port = "443" + + self._register_path = register_path + + self._session = self._fetcher.session() + + def _get_registration_uri(self): + """ + Returns the URI where the register request should be made for + the provider + + :rtype: str + """ + + uri = "https://%s:%s/%s/%s" % ( + self._provider, + self._port, + self._provider_config.get_api_version(), + self._register_path) + + return uri + + def register_user(self, username, password): + """ + Registers a user with the validator based on the password provider + + :param username: username to register + :type username: str + :param password: password for this username + :type password: str + + :rtype: tuple + :rparam: (ok, request) + """ + salt, verifier = self._srp.create_salted_verification_key( + username, + password, + self._hashfun, + self._ng) + + user_data = { + self.USER_LOGIN_KEY: username, + self.USER_VERIFIER_KEY: binascii.hexlify(verifier), + self.USER_SALT_KEY: binascii.hexlify(salt) + } + + uri = self._get_registration_uri() + + logger.debug('Post to uri: %s' % uri) + logger.debug("Will try to register user = %s" % (username,)) + logger.debug("user_data => %r" % (user_data,)) + + ok = None + try: + req = self._session.post(uri, + data=user_data, + timeout=SIGNUP_TIMEOUT, + verify=self._provider_config. + get_ca_cert_path()) + + except requests.exceptions.SSLError as exc: + logger.error("SSLError: %s" % exc.message) + req = None + ok = False + else: + ok = req.ok + self.registration_finished.emit(ok, req) + return ok + + +if __name__ == "__main__": + logger = logging.getLogger(name='leap') + logger.setLevel(logging.DEBUG) + console = logging.StreamHandler() + console.setLevel(logging.DEBUG) + formatter = logging.Formatter( + '%(asctime)s ' + '- %(name)s - %(levelname)s - %(message)s') + console.setFormatter(formatter) + logger.addHandler(console) + + provider = ProviderConfig() + + if provider.load("leap/providers/bitmask.net/provider.json"): + register = SRPRegister(provider_config=provider) + print "Registering user..." + print register.register_user("test1", "sarasaaaa") + print register.register_user("test2", "sarasaaaa") diff --git a/src/leap/crypto/tests/__init__.py b/src/leap/crypto/tests/__init__.py index e69de29b..7f118735 100644 --- a/src/leap/crypto/tests/__init__.py +++ b/src/leap/crypto/tests/__init__.py @@ -0,0 +1,16 @@ +# -*- coding: utf-8 -*- +# __init__.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. diff --git a/src/leap/crypto/tests/eip-service.json b/src/leap/crypto/tests/eip-service.json new file mode 100644 index 00000000..24df42a2 --- /dev/null +++ b/src/leap/crypto/tests/eip-service.json @@ -0,0 +1,43 @@ +{ + "gateways": [ + { + "capabilities": { + "adblock": false, + "filter_dns": false, + "limited": true, + "ports": [ + "1194", + "443", + "53", + "80" + ], + "protocols": [ + "tcp", + "udp" + ], + "transport": [ + "openvpn" + ], + "user_ips": false + }, + "host": "harrier.cdev.bitmask.net", + "ip_address": "199.254.238.50", + "location": "seattle__wa" + } + ], + "locations": { + "seattle__wa": { + "country_code": "US", + "hemisphere": "N", + "name": "Seattle, WA", + "timezone": "-7" + } + }, + "openvpn_configuration": { + "auth": "SHA1", + "cipher": "AES-128-CBC", + "tls-cipher": "DHE-RSA-AES128-SHA" + }, + "serial": 1, + "version": 1 +}
\ No newline at end of file diff --git a/src/leap/crypto/tests/fake_provider.py b/src/leap/crypto/tests/fake_provider.py new file mode 100755 index 00000000..54af485d --- /dev/null +++ b/src/leap/crypto/tests/fake_provider.py @@ -0,0 +1,376 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- +# fake_provider.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +"""A server faking some of the provider resources and apis, +used for testing Leap Client requests + +It needs that you create a subfolder named 'certs', +and that you place the following files: + +XXX check if in use + +[ ] test-openvpn.pem +[ ] test-provider.json +[ ] test-eip-service.json +""" +import binascii +import json +import os +import sys +import time + +import srp + +from OpenSSL import SSL + +from zope.interface import Interface, Attribute, implements + +from twisted.web.server import Site, Request +from twisted.web.static import File, Data +from twisted.web.resource import Resource +from twisted.internet import reactor + +from leap.common.testing.https_server import where + +# See +# http://twistedmatrix.com/documents/current/web/howto/web-in-60/index.html +# for more examples + +""" +Testing the FAKE_API: +##################### + + 1) register an user + >> curl -d "user[login]=me" -d "user[password_salt]=foo" \ + -d "user[password_verifier]=beef" http://localhost:8000/1/users + << {"errors": null} + + 2) check that if you try to register again, it will fail: + >> curl -d "user[login]=me" -d "user[password_salt]=foo" \ + -d "user[password_verifier]=beef" http://localhost:8000/1/users + << {"errors": {"login": "already taken!"}} + +""" + +# Globals to mock user/sessiondb + +_USERDB = {} +_SESSIONDB = {} + +_here = os.path.split(__file__)[0] + + +safe_unhexlify = lambda x: binascii.unhexlify(x) \ + if (len(x) % 2 == 0) else binascii.unhexlify('0' + x) + + +class IUser(Interface): + """ + Defines the User Interface + """ + login = Attribute("User login.") + salt = Attribute("Password salt.") + verifier = Attribute("Password verifier.") + session = Attribute("Session.") + svr = Attribute("Server verifier.") + + +class User(object): + """ + User object. + We store it in our simple session mocks + """ + + implements(IUser) + + def __init__(self, login, salt, verifier): + self.login = login + self.salt = salt + self.verifier = verifier + self.session = None + self.svr = None + + def set_server_verifier(self, svr): + """ + Adds a svr verifier object to this + User instance + """ + self.svr = svr + + def set_session(self, session): + """ + Adds this instance of User to the + global session dict + """ + _SESSIONDB[session] = self + self.session = session + + +class FakeUsers(Resource): + """ + Resource that handles user registration. + """ + + def __init__(self, name): + self.name = name + + def render_POST(self, request): + """ + Handles POST to the users api resource + Simulates a login. + """ + args = request.args + + login = args['user[login]'][0] + salt = args['user[password_salt]'][0] + verifier = args['user[password_verifier]'][0] + + if login in _USERDB: + request.setResponseCode(422) + return "%s\n" % json.dumps( + {'errors': {'login': 'already taken!'}}) + + print '[server]', login, verifier, salt + user = User(login, salt, verifier) + _USERDB[login] = user + return json.dumps({'errors': None}) + + +def getSession(self, sessionInterface=None): + """ + we overwrite twisted.web.server.Request.getSession method to + put the right cookie name in place + """ + if not self.session: + #cookiename = b"_".join([b'TWISTED_SESSION'] + self.sitepath) + cookiename = b"_".join([b'_session_id'] + self.sitepath) + sessionCookie = self.getCookie(cookiename) + if sessionCookie: + try: + self.session = self.site.getSession(sessionCookie) + except KeyError: + pass + # if it still hasn't been set, fix it up. + if not self.session: + self.session = self.site.makeSession() + self.addCookie(cookiename, self.session.uid, path=b'/') + self.session.touch() + if sessionInterface: + return self.session.getComponent(sessionInterface) + return self.session + + +def get_user(request): + """ + Returns user from the session dict + """ + login = request.args.get('login') + if login: + user = _USERDB.get(login[0], None) + if user: + return user + + request.getSession = getSession.__get__(request, Request) + session = request.getSession() + + user = _SESSIONDB.get(session, None) + return user + + +class FakeSession(Resource): + def __init__(self, name): + """ + Initializes session + """ + self.name = name + + def render_GET(self, request): + """ + Handles GET requests. + """ + return "%s\n" % json.dumps({'errors': None}) + + def render_POST(self, request): + """ + Handles POST requests. + """ + user = get_user(request) + + if not user: + # XXX get real error from demo provider + return json.dumps({'errors': 'no such user'}) + + A = request.args['A'][0] + + _A = safe_unhexlify(A) + _salt = safe_unhexlify(user.salt) + _verifier = safe_unhexlify(user.verifier) + + svr = srp.Verifier( + user.login, + _salt, + _verifier, + _A, + hash_alg=srp.SHA256, + ng_type=srp.NG_1024) + + s, B = svr.get_challenge() + + _B = binascii.hexlify(B) + + print '[server] login = %s' % user.login + print '[server] salt = %s' % user.salt + print '[server] len(_salt) = %s' % len(_salt) + print '[server] vkey = %s' % user.verifier + print '[server] len(vkey) = %s' % len(_verifier) + print '[server] s = %s' % binascii.hexlify(s) + print '[server] B = %s' % _B + print '[server] len(B) = %s' % len(_B) + + # override Request.getSession + request.getSession = getSession.__get__(request, Request) + session = request.getSession() + + user.set_session(session) + user.set_server_verifier(svr) + + # yep, this is tricky. + # some things are *already* unhexlified. + data = { + 'salt': user.salt, + 'B': _B, + 'errors': None} + + return json.dumps(data) + + def render_PUT(self, request): + """ + Handles PUT requests. + """ + # XXX check session??? + user = get_user(request) + + if not user: + print '[server] NO USER' + return json.dumps({'errors': 'no such user'}) + + data = request.content.read() + auth = data.split("client_auth=") + M = auth[1] if len(auth) > 1 else None + # if not H, return + if not M: + return json.dumps({'errors': 'no M proof passed by client'}) + + svr = user.svr + HAMK = svr.verify_session(binascii.unhexlify(M)) + if HAMK is None: + print '[server] verification failed!!!' + raise Exception("Authentication failed!") + #import ipdb;ipdb.set_trace() + + assert svr.authenticated() + print "***" + print '[server] User successfully authenticated using SRP!' + print "***" + + return json.dumps( + {'M2': binascii.hexlify(HAMK), + 'id': '9c943eb9d96a6ff1b7a7030bdeadbeef', + 'errors': None}) + + +class API_Sessions(Resource): + """ + Top resource for the API v1 + """ + def getChild(self, name, request): + return FakeSession(name) + + +class FileModified(File): + def render_GET(self, request): + since = request.getHeader('if-modified-since') + if since: + tsince = time.strptime(since.replace(" GMT", "")) + tfrom = time.strptime(time.ctime(os.path.getmtime(self.path))) + if tfrom > tsince: + return File.render_GET(self, request) + else: + request.setResponseCode(304) + return "" + return File.render_GET(self, request) + + +class OpenSSLServerContextFactory(object): + + def getContext(self): + """ + Create an SSL context. + """ + ctx = SSL.Context(SSL.SSLv23_METHOD) + #ctx = SSL.Context(SSL.TLSv1_METHOD) + ctx.use_certificate_file(where('leaptestscert.pem')) + ctx.use_privatekey_file(where('leaptestskey.pem')) + + return ctx + + +def get_provider_factory(): + """ + Instantiates a Site that serves the resources + that we expect from a valid provider. + Listens on: + * port 8000 for http connections + * port 8443 for https connections + + :rparam: factory for a site + :rtype: Site instance + """ + root = Data("", "") + root.putChild("", root) + root.putChild("provider.json", FileModified( + os.path.join(_here, + "test_provider.json"))) + config = Resource() + config.putChild( + "eip-service.json", + FileModified( + os.path.join(_here, "eip-service.json"))) + apiv1 = Resource() + apiv1.putChild("config", config) + apiv1.putChild("sessions", API_Sessions()) + apiv1.putChild("users", FakeUsers(None)) + apiv1.putChild("cert", FileModified( + os.path.join(_here, + 'openvpn.pem'))) + root.putChild("1", apiv1) + + factory = Site(root) + return factory + + +if __name__ == "__main__": + + from twisted.python import log + log.startLogging(sys.stdout) + + factory = get_provider_factory() + + # regular http (for debugging with curl) + reactor.listenTCP(8000, factory) + reactor.listenSSL(8443, factory, OpenSSLServerContextFactory()) + reactor.run() diff --git a/src/leap/crypto/tests/openvpn.pem b/src/leap/crypto/tests/openvpn.pem new file mode 100644 index 00000000..a95e9370 --- /dev/null +++ b/src/leap/crypto/tests/openvpn.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFtTCCA52gAwIBAgIJAIGJ8Dg+DtemMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQwHhcNMTMwNjI2MjAyMDIyWhcNMTgwNjI2MjAyMDIyWjBF +MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50 +ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAxJaN0lWjFu+3j48c0WG8BvmPUf026Xli5d5NE4EjGsirwfre0oTeWZT9 +WRxqLGd2wDh6Mc9r6UqH6dwqLZKbsgwB5zI2lag7UWFttJF1U1c6AJynhaLMoy73 +sL9USTmQ57iYRFrVP/nGj9/L6I1XnV6midPi7a5aZreH9q8dWaAhmc9eFDU+Y4vS +sTFS6aomajLrI6YWo5toKqLq8IMryD03IM78a7gJtLgfWs+pYZRUBlM5JaYX98eX +mVPAYYH9krWxLVN3hTt1ngECzK+epo275zQJh960/2fNCfVJSXqSXcficLs+bR7t +FEkNuOP1hFV6LuoLL+k5Su+hp5kXMYZTvYYDpW4nPJoBdSG1w5O5IxO6zh+9VLB7 +oLrlgoyWvBoou5coCBpZVU6UyWcOx58kuZF8wNr0GgdvWAFwOGVuVG5jmcVdhaKC +0C8NxHrxlhcrcp0zwtDaOxfmZfcxiXs35iwUip5vS18Nv+XBK8ad9T79Ox8nSzP3 +RGPVDpExz7gPbZglqSe47XBIk0ZuIzgOgYpJj4JrpoewoIYb+OmUgI7UZjoGsMrV ++B2BqOKs7kF0HW3i5bR9YAi0ZYvnhQgjBtwCKm4zvLqwuPZHz9VWgIk6uezgStCP +WyzQ8IcopK49fOjcKa6JT5JRU+27paIZf1BkQsTkJy/Nti4TvwMCAwEAAaOBpzCB +pDAdBgNVHQ4EFgQUEgXSd3Yl3xAzbkWa7xeNe27d99cwdQYDVR0jBG4wbIAUEgXS +d3Yl3xAzbkWa7xeNe27d99ehSaRHMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpT +b21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGSCCQCB +ifA4Pg7XpjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4ICAQA6Vl9Ve4Qe +ewzXAxr0BabFRhtIuF7DV+/niT46qJhW2KgYe6rwZqdAhEbgH3kTPJ5JmmcUnAEH +nmrfoku/YAb5ObfdHUACsHy4cvSvFwBUQ9vXP6+oOFJhrGW4uzRI2pHGvnqB3lQ0 +JEPmPwduBCI5reRYauPbd4Wl4VhLGrjELb4JQZL24Q5ehXMnv415m7+aMkLzT2IA +p6B2xgRR+JAeUdyCNOV1f5AqJWyAUJPWGR0e1OTKNfc49+2skK0NmzrpGsoktSHa +uN6vGBCVGiZh7BTYblWMG5q9Am7idcdmC2fdpIf5yj7CKzV7WIPxPs0I7TuRcr41 +pUBLCAElcyCPB89lySol2BDs4gk4wZs4y2shUs3o0+mIpw/6o8tQF/9IL8ALkLqr +q9SuND7O1RXcg74o3HeVmRKtoI/KdgaVhJ0rFvcq83ftfu3KMyWB6SOKOu6ZYON8 +AcSjsDDpnDrwGFvjAYHiTkS9NaaJC1/g7Y6jjhxmbTkXPA6V8MvLKQiOvqk/9gCh +85FHsFkElIYnH6fbHIRxg20cnqmddTd+H5HgBIlhiKWuydtuoQFwzR/D3ypgLBaB +OWLcBP7I+RYhKlJFIWnfiyB0xbyI4W/UfL8p8jQI8TE9oIlm3WqxJXfebDEDEstj +8nS4Fb3G5Wr4pZMjfbtmBSAgHeWH6B90jg== +-----END CERTIFICATE----- diff --git a/src/leap/crypto/tests/test_certs.py b/src/leap/crypto/tests/test_certs.py deleted file mode 100644 index e476b630..00000000 --- a/src/leap/crypto/tests/test_certs.py +++ /dev/null @@ -1,22 +0,0 @@ -import unittest - -from leap.testing.https_server import where -from leap.crypto import certs - - -class CertTestCase(unittest.TestCase): - - def test_can_load_client_and_pkey(self): - with open(where('leaptestscert.pem')) as cf: - cs = cf.read() - with open(where('leaptestskey.pem')) as kf: - ks = kf.read() - certs.can_load_cert_and_pkey(cs + ks) - - with self.assertRaises(certs.BadCertError): - # screw header - certs.can_load_cert_and_pkey(cs.replace("BEGIN", "BEGINN") + ks) - - -if __name__ == "__main__": - unittest.main() diff --git a/src/leap/crypto/tests/test_provider.json b/src/leap/crypto/tests/test_provider.json new file mode 100644 index 00000000..c37bef8f --- /dev/null +++ b/src/leap/crypto/tests/test_provider.json @@ -0,0 +1,15 @@ +{ + "api_uri": "https://localhost:8443", + "api_version": "1", + "ca_cert_fingerprint": "SHA256: 0f17c033115f6b76ff67871872303ff65034efe7dd1b910062ca323eb4da5c7e", + "ca_cert_uri": "https://bitmask.net/ca.crt", + "default_language": "en", + "domain": "example.com", + "enrollment_policy": "open", + "name": { + "en": "Bitmask" + }, + "services": [ + "openvpn" + ] +} diff --git a/src/leap/crypto/tests/test_srpregister.py b/src/leap/crypto/tests/test_srpregister.py new file mode 100644 index 00000000..6d2b52e8 --- /dev/null +++ b/src/leap/crypto/tests/test_srpregister.py @@ -0,0 +1,202 @@ +# -*- coding: utf-8 -*- +# test_srpregister.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +""" +Tests for: + * leap/crypto/srpregister.py + * leap/crypto/srpauth.py +""" +try: + import unittest2 as unittest +except ImportError: + import unittest +import os +import sys + +from mock import MagicMock +from nose.twistedtools import reactor, deferred +from twisted.python import log +from twisted.internet import threads + +from leap.common.testing.https_server import where +from leap.config.providerconfig import ProviderConfig +from leap.crypto import srpregister, srpauth +from leap.crypto.tests import fake_provider + +log.startLogging(sys.stdout) + + +def _get_capath(): + return where("cacert.pem") + +_here = os.path.split(__file__)[0] + + +class ImproperlyConfiguredError(Exception): + """ + Raised if the test provider is missing configuration + """ + + +class SRPTestCase(unittest.TestCase): + """ + Tests for the SRP Register and Auth classes + """ + __name__ = "SRPRegister and SRPAuth tests" + + @classmethod + def setUpClass(cls): + """ + Sets up this TestCase with a simple and faked provider instance: + + * runs a threaded reactor + * loads a mocked ProviderConfig that points to the certs in the + leap.common.testing module. + """ + factory = fake_provider.get_provider_factory() + http = reactor.listenTCP(8001, factory) + https = reactor.listenSSL( + 0, factory, + fake_provider.OpenSSLServerContextFactory()) + get_port = lambda p: p.getHost().port + cls.http_port = get_port(http) + cls.https_port = get_port(https) + + provider = ProviderConfig() + provider.get_ca_cert_path = MagicMock() + provider.get_ca_cert_path.return_value = _get_capath() + + provider.get_api_uri = MagicMock() + provider.get_api_uri.return_value = cls._get_https_uri() + + loaded = provider.load(path=os.path.join( + _here, "test_provider.json")) + if not loaded: + raise ImproperlyConfiguredError( + "Could not load test provider config") + cls.register = srpregister.SRPRegister(provider_config=provider) + + cls.auth = srpauth.SRPAuth(provider) + + # helper methods + + @classmethod + def _get_https_uri(cls): + """ + Returns a https uri with the right https port initialized + """ + return "https://localhost:%s" % (cls.https_port,) + + # Register tests + + def test_none_port(self): + provider = ProviderConfig() + provider.get_api_uri = MagicMock() + provider.get_api_uri.return_value = "http://localhost/" + loaded = provider.load(path=os.path.join( + _here, "test_provider.json")) + if not loaded: + raise ImproperlyConfiguredError( + "Could not load test provider config") + + register = srpregister.SRPRegister(provider_config=provider) + self.assertEquals(register._port, "443") + + @deferred() + def test_wrong_cert(self): + provider = ProviderConfig() + loaded = provider.load(path=os.path.join( + _here, "test_provider.json")) + provider.get_ca_cert_path = MagicMock() + provider.get_ca_cert_path.return_value = os.path.join( + _here, + "wrongcert.pem") + provider.get_api_uri = MagicMock() + provider.get_api_uri.return_value = self._get_https_uri() + if not loaded: + raise ImproperlyConfiguredError( + "Could not load test provider config") + + register = srpregister.SRPRegister(provider_config=provider) + d = threads.deferToThread(register.register_user, "foouser_firsttime", + "barpass") + d.addCallback(self.assertFalse) + return d + + @deferred() + def test_register_user(self): + """ + Checks if the registration of an unused name works as expected when + it is the first time that we attempt to register that user, as well as + when we request a user that is taken. + """ + # pristine registration + d = threads.deferToThread(self.register.register_user, + "foouser_firsttime", + "barpass") + d.addCallback(self.assertTrue) + return d + + @deferred() + def test_second_register_user(self): + # second registration attempt with the same user should return errors + d = threads.deferToThread(self.register.register_user, + "foouser_second", + "barpass") + d.addCallback(self.assertTrue) + + # FIXME currently we are catching this in an upper layer, + # we could bring the error validation to the SRPRegister class + def register_wrapper(_): + return threads.deferToThread(self.register.register_user, + "foouser_second", + "barpass") + d.addCallback(register_wrapper) + d.addCallback(self.assertFalse) + return d + + @deferred() + def test_correct_http_uri(self): + """ + Checks that registration autocorrect http uris to https ones. + """ + HTTP_URI = "http://localhost:%s" % (self.https_port, ) + HTTPS_URI = "https://localhost:%s/1/users" % (self.https_port, ) + provider = ProviderConfig() + provider.get_ca_cert_path = MagicMock() + provider.get_ca_cert_path.return_value = _get_capath() + provider.get_api_uri = MagicMock() + + # we introduce a http uri in the config file... + provider.get_api_uri.return_value = HTTP_URI + loaded = provider.load(path=os.path.join( + _here, "test_provider.json")) + if not loaded: + raise ImproperlyConfiguredError( + "Could not load test provider config") + + register = srpregister.SRPRegister(provider_config=provider) + + # ... and we check that we're correctly taking the HTTPS protocol + # instead + reg_uri = register._get_registration_uri() + self.assertEquals(reg_uri, HTTPS_URI) + register._get_registration_uri = MagicMock(return_value=HTTPS_URI) + d = threads.deferToThread(register.register_user, "test_failhttp", + "barpass") + d.addCallback(self.assertTrue) + + return d diff --git a/src/leap/crypto/tests/wrongcert.pem b/src/leap/crypto/tests/wrongcert.pem new file mode 100644 index 00000000..e6cff38a --- /dev/null +++ b/src/leap/crypto/tests/wrongcert.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFtTCCA52gAwIBAgIJAIWZus5EIXNtMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQwHhcNMTMwNjI1MTc0NjExWhcNMTgwNjI1MTc0NjExWjBF +MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50 +ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEA2ObM7ESjyuxFZYD/Y68qOPQgjgggW+cdXfBpU2p4n7clsrUeMhWdW40Y +77Phzor9VOeqs3ZpHuyLzsYVp/kFDm8tKyo2ah5fJwzL0VCSLYaZkUQQ7GNUmTCk +furaxl8cQx/fg395V7/EngsS9B3/y5iHbctbA4MnH3jaotO5EGeo6hw7/eyCotQ9 +KbBV9GJMcY94FsXBCmUB+XypKklWTLhSaS6Cu4Fo8YLW6WmcnsyEOGS2F7WVf5at +7CBWFQZHaSgIBLmc818/mDYCnYmCVMFn/6Ndx7V2NTlz+HctWrQn0dmIOnCUeCwS +wXq9PnBR1rSx/WxwyF/WpyjOFkcIo7vm72kS70pfrYsXcZD4BQqkXYj3FyKnPt3O +ibLKtCxL8/83wOtErPcYpG6LgFkgAAlHQ9MkUi5dbmjCJtpqQmlZeK1RALdDPiB3 +K1KZimrGsmcE624dJxUIOJJpuwJDy21F8kh5ZAsAtE1prWETrQYNElNFjQxM83rS +ZR1Ql2MPSB4usEZT57+KvpEzlOnAT3elgCg21XrjSFGi14hCEao4g2OEZH5GAwm5 +frf6UlSRZ/g3tLTfI8Hv1prw15W2qO+7q7SBAplTODCRk+Yb0YoA2mMM/QXBUcXs +vKEDLSSxzNIBi3T62l39RB/ml+gPKo87ZMDivex1ZhrcJc3Yu3sCAwEAAaOBpzCB +pDAdBgNVHQ4EFgQUPjE+4pun+8FreIdpoR8v6N7xKtUwdQYDVR0jBG4wbIAUPjE+ +4pun+8FreIdpoR8v6N7xKtWhSaRHMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpT +b21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGSCCQCF +mbrORCFzbTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4ICAQCpvCPdtvXJ +muTj379TZuCJs7/l0FhA7AHa1WAlHjsXHaA7N0+3ZWAbdtXDsowal6S+ldgU/kfV +Lq7NrRq+amJWC7SYj6cvVwhrSwSvu01fe/TWuOzHrRv1uTfJ/VXLonVufMDd9opo +bhqYxMaxLdIx6t/MYmZH4Wpiq0yfZuv//M8i7BBl/qvaWbLhg0yVAKRwjFvf59h6 +6tRFCLddELOIhLDQtk8zMbioPEbfAlKdwwP8kYGtDGj6/9/YTd/oTKRdgHuwyup3 +m0L20Y6LddC+tb0WpK5EyrNbCbEqj1L4/U7r6f/FKNA3bx6nfdXbscaMfYonKAKg +1cRrRg45sErmCz0QyTnWzXyvbjR4oQRzyW3kJ1JZudZ+AwOi00J5FYa3NiLuxl1u +gIGKWSrASQWhEdpa1nlCgX7PhdaQgYjEMpQvA0GCA0OF5JDu8en1yZqsOt1hCLIN +lkz/5jKPqrclY5hV99bE3hgCHRmIPNHCZG3wbZv2yJKxJX1YLMmQwAmSh2N7YwGG +yXRvCxQs5ChPHyRairuf/5MZCZnSVb45ppTVuNUijsbflKRUgfj/XvfqQ22f+C9N +Om2dmNvAiS2TOIfuP47CF2OUa5q4plUwmr+nyXQGM0SIoHNCj+MBdFfb3oxxAtI+ +SLhbnzQv5e84Doqz3YF0XW8jyR7q8GFLNA== +-----END CERTIFICATE----- diff --git a/src/leap/eip/checks.py b/src/leap/eip/checks.py deleted file mode 100644 index af824c57..00000000 --- a/src/leap/eip/checks.py +++ /dev/null @@ -1,542 +0,0 @@ -import logging -import time -import os -import sys - -import requests - -from leap import __branding as BRANDING -from leap import certs as leapcerts -from leap.base.auth import srpauth_protected, magick_srpauth -from leap.base import config as baseconfig -from leap.base import constants as baseconstants -from leap.base import providers -from leap.crypto import certs -from leap.eip import config as eipconfig -from leap.eip import constants as eipconstants -from leap.eip import exceptions as eipexceptions -from leap.eip import specs as eipspecs -from leap.util.certs import get_mac_cabundle -from leap.util.fileutil import mkdir_p -from leap.util.web import get_https_domain_and_port - -logger = logging.getLogger(name=__name__) - -""" -ProviderCertChecker -------------------- -Checks on certificates. To be moved to base. -docs TBD - -EIPConfigChecker ----------- -It is used from the eip conductor (a instance of EIPConnection that is -managed from the QtApp), running `run_all` method before trying to call -`connect` or any other of the state-changing methods. - -It checks that the needed files are provided or can be discovered over the -net. Much of these tests are not specific to EIP module, and can be splitted -into base.tests to be invoked by the base leap init routines. -However, I'm testing them alltogether for the sake of having the whole unit -reachable and testable as a whole. - -""" - - -def get_branding_ca_cert(domain): - # deprecated - ca_file = BRANDING.get('provider_ca_file') - if ca_file: - return leapcerts.where(ca_file) - - -class ProviderCertChecker(object): - """ - Several checks needed for getting - client certs and checking tls connection - with provider. - """ - def __init__(self, fetcher=requests, - domain=None): - - self.fetcher = fetcher - self.domain = domain - #XXX needs some kind of autoinit - #right now we set by hand - #by loading and reading provider config - self.apidomain = None - self.cacert = eipspecs.provider_ca_path(domain) - - def run_all( - self, checker=None, - skip_download=False, skip_verify=False): - - if not checker: - checker = self - - do_verify = not skip_verify - logger.debug('do_verify: %s', do_verify) - # checker.download_ca_cert() - - # For MVS+ - # checker.download_ca_signature() - # checker.get_ca_signatures() - # checker.is_there_trust_path() - - # For MVS - checker.is_there_provider_ca() - - checker.is_https_working(verify=do_verify, autocacert=False) - checker.check_new_cert_needed(verify=do_verify) - - def download_ca_cert(self, uri=None, verify=True): - req = self.fetcher.get(uri, verify=verify) - req.raise_for_status() - - # should check domain exists - capath = self._get_ca_cert_path(self.domain) - with open(capath, 'w') as f: - f.write(req.content) - - def check_ca_cert_fingerprint( - self, hash_type="SHA256", - fingerprint=None): - """ - compares the fingerprint in - the ca cert with a string - we are passed - returns True if they are equal, False if not. - @param hash_type: digest function - @type hash_type: str - @param fingerprint: the fingerprint to compare with. - @type fingerprint: str (with : separator) - @rtype bool - """ - ca_cert_path = self.ca_cert_path - ca_cert_fpr = certs.get_cert_fingerprint( - filepath=ca_cert_path) - return ca_cert_fpr == fingerprint - - def verify_api_https(self, uri): - assert uri.startswith('https://') - cacert = self.ca_cert_path - verify = cacert or True - - # DEBUG - logger.debug('uri -> %s' % uri) - logger.debug('cacertpath -> %s' % cacert) - - req = self.fetcher.get(uri, verify=verify) - req.raise_for_status() - return True - - def download_ca_signature(self): - # MVS+ - raise NotImplementedError - - def get_ca_signatures(self): - # MVS+ - raise NotImplementedError - - def is_there_trust_path(self): - # MVS+ - raise NotImplementedError - - def is_there_provider_ca(self): - if not self.cacert: - return False - cacert_exists = os.path.isfile(self.cacert) - if cacert_exists: - logger.debug('True') - return True - logger.debug('False!') - return False - - def is_https_working( - self, uri=None, verify=True, - autocacert=False): - if uri is None: - uri = self._get_root_uri() - # XXX raise InsecureURI or something better - try: - assert uri.startswith('https') - except AssertionError: - raise AssertionError( - "uri passed should start with https") - if autocacert and verify is True and self.cacert is not None: - logger.debug('verify cert: %s', self.cacert) - verify = self.cacert - if sys.platform == "darwin": - verify = get_mac_cabundle() - logger.debug('checking https connection') - logger.debug('uri: %s (verify:%s)', uri, verify) - - try: - self.fetcher.get(uri, verify=verify) - - except requests.exceptions.SSLError as exc: - raise eipexceptions.HttpsBadCertError - - except requests.exceptions.ConnectionError: - logger.error('ConnectionError') - raise eipexceptions.HttpsNotSupported - - else: - return True - - def check_new_cert_needed(self, skip_download=False, verify=True): - # XXX add autocacert - if not self.is_cert_valid(do_raise=False): - logger.debug('cert needed: true') - self.download_new_client_cert( - skip_download=skip_download, - verify=verify) - return True - logger.debug('cert needed: false') - return False - - def download_new_client_cert(self, uri=None, verify=True, - skip_download=False, - credentials=None): - logger.debug('download new client cert') - if skip_download: - return True - if uri is None: - uri = self._get_client_cert_uri() - # XXX raise InsecureURI or something better - #assert uri.startswith('https') - - if verify is True and self.cacert is not None: - verify = self.cacert - logger.debug('verify = %s', verify) - - fgetfn = self.fetcher.get - - if credentials: - user, passwd = credentials - logger.debug('apidomain = %s', self.apidomain) - - @srpauth_protected(user, passwd, - server="https://%s" % self.apidomain, - verify=verify) - def getfn(*args, **kwargs): - return fgetfn(*args, **kwargs) - - else: - # XXX FIXME fix decorated args - @magick_srpauth(verify) - def getfn(*args, **kwargs): - return fgetfn(*args, **kwargs) - try: - - req = getfn(uri, verify=verify) - req.raise_for_status() - - except requests.exceptions.SSLError: - logger.warning('SSLError while fetching cert. ' - 'Look below for stack trace.') - # XXX raise better exception - return self.fail("SSLError") - except Exception as exc: - return self.fail(exc.message) - - try: - logger.debug('validating cert...') - pemfile_content = req.content - valid = self.is_valid_pemfile(pemfile_content) - if not valid: - logger.warning('invalid cert') - return False - cert_path = self._get_client_cert_path() - self.write_cert(pemfile_content, to=cert_path) - except: - logger.warning('Error while validating cert') - raise - return True - - def is_cert_valid(self, cert_path=None, do_raise=True): - exists = lambda: self.is_certificate_exists() - valid_pemfile = lambda: self.is_valid_pemfile() - not_expired = lambda: self.is_cert_not_expired() - - valid = exists() and valid_pemfile() and not_expired() - if not valid: - if do_raise: - raise Exception('missing valid cert') - else: - return False - return True - - def is_certificate_exists(self, certfile=None): - if certfile is None: - certfile = self._get_client_cert_path() - return os.path.isfile(certfile) - - def is_cert_not_expired(self, certfile=None, now=time.gmtime): - if certfile is None: - certfile = self._get_client_cert_path() - from_, to_ = certs.get_time_boundaries(certfile) - - return from_ < now() < to_ - - def is_valid_pemfile(self, cert_s=None): - """ - checks that the passed string - is a valid pem certificate - @param cert_s: string containing pem content - @type cert_s: string - @rtype: bool - """ - if cert_s is None: - certfile = self._get_client_cert_path() - with open(certfile) as cf: - cert_s = cf.read() - try: - valid = certs.can_load_cert_and_pkey(cert_s) - except certs.BadCertError: - logger.warning("Not valid pemfile") - valid = False - return valid - - @property - def ca_cert_path(self): - return self._get_ca_cert_path(self.domain) - - def _get_root_uri(self): - return u"https://%s/" % self.domain - - def _get_client_cert_uri(self): - return "https://%s/1/cert" % self.apidomain - - def _get_client_cert_path(self): - return eipspecs.client_cert_path(domain=self.domain) - - def _get_ca_cert_path(self, domain): - # XXX this folder path will be broken for win - # and this should be moved to eipspecs.ca_path - - # XXX use baseconfig.get_provider_path(folder=Foo) - # !!! - - capath = baseconfig.get_config_file( - 'cacert.pem', - folder='providers/%s/keys/ca' % domain) - folder, fname = os.path.split(capath) - if not os.path.isdir(folder): - mkdir_p(folder) - return capath - - def write_cert(self, pemfile_content, to=None): - folder, filename = os.path.split(to) - if not os.path.isdir(folder): - mkdir_p(folder) - with open(to, 'w') as cert_f: - cert_f.write(pemfile_content) - - def set_api_domain(self, domain): - self.apidomain = domain - - -class EIPConfigChecker(object): - """ - Several checks needed - to ensure a EIPConnection - can be sucessfully established. - use run_all to run all checks. - """ - - def __init__(self, fetcher=requests, domain=None): - # we do not want to accept too many - # argument on init. - # we want tests - # to be explicitely run. - - self.fetcher = fetcher - - # if not domain, get from config - self.domain = domain - self.apidomain = None - self.cacert = eipspecs.provider_ca_path(domain) - - self.defaultprovider = providers.LeapProviderDefinition(domain=domain) - self.defaultprovider.load() - self.eipconfig = eipconfig.EIPConfig(domain=domain) - self.set_api_domain() - self.eipserviceconfig = eipconfig.EIPServiceConfig(domain=domain) - self.eipserviceconfig.load() - - def run_all(self, checker=None, skip_download=False): - """ - runs all checks in a row. - will raise if some error encountered. - catching those exceptions is not - our responsibility at this moment - """ - if not checker: - checker = self - - # let's call all tests - # needed for a sane eip session. - - # TODO: get rid of check_default. - # check_complete should - # be enough. but here to make early tests easier. - checker.check_default_eipconfig() - - checker.check_is_there_default_provider() - checker.fetch_definition(skip_download=skip_download) - checker.fetch_eip_service_config(skip_download=skip_download) - checker.check_complete_eip_config() - #checker.ping_gateway() - - # public checks - - def check_default_eipconfig(self): - """ - checks if default eipconfig exists, - and dumps a default file if not - """ - # XXX ONLY a transient check - # because some old function still checks - # for eip config at the beginning. - - # it *really* does not make sense to - # dump it right now, we can get an in-memory - # config object and dump it to disk in a - # later moment - logger.debug('checking default eip config') - if not self._is_there_default_eipconfig(): - self._dump_default_eipconfig() - - def check_is_there_default_provider(self, config=None): - """ - raises EIPMissingDefaultProvider if no - default provider found on eip config. - This is catched by ui and runs FirstRunWizard (MVS+) - """ - if config is None: - config = self.eipconfig.config - logger.debug('checking default provider') - provider = config.get('provider', None) - if provider is None: - raise eipexceptions.EIPMissingDefaultProvider - # XXX raise also if malformed ProviderDefinition? - return True - - def fetch_definition(self, skip_download=False, - force_download=False, - config=None, uri=None, - domain=None): - """ - fetches a definition file from server - """ - # TODO: - # - Implement diff - # - overwrite only if different. - # (attend to serial field different, for instance) - - logger.debug('fetching definition') - - if skip_download: - logger.debug('(fetching def skipped)') - return True - if config is None: - config = self.defaultprovider.config - if uri is None: - if not domain: - domain = config.get('provider', None) - uri = self._get_provider_definition_uri(domain=domain) - - if sys.platform == "darwin": - verify = get_mac_cabundle() - else: - verify = True - - self.defaultprovider.load( - from_uri=uri, - fetcher=self.fetcher, - verify=verify) - self.defaultprovider.save() - - def fetch_eip_service_config(self, skip_download=False, - force_download=False, - config=None, uri=None, # domain=None, - autocacert=True, verify=True): - if skip_download: - return True - if config is None: - self.eipserviceconfig.load() - config = self.eipserviceconfig.config - if uri is None: - #XXX - #if not domain: - #domain = self.domain or config.get('provider', None) - uri = self._get_eip_service_uri( - domain=self.apidomain) - - if autocacert and self.cacert is not None: - verify = self.cacert - - self.eipserviceconfig.load( - from_uri=uri, - fetcher=self.fetcher, - force_download=force_download, - verify=verify) - self.eipserviceconfig.save() - - def check_complete_eip_config(self, config=None): - # TODO check for gateway - if config is None: - config = self.eipconfig.config - try: - assert 'provider' in config - assert config['provider'] is not None - # XXX assert there is gateway !! - except AssertionError: - raise eipexceptions.EIPConfigurationError - - # XXX TODO: - # We should WRITE eip config if missing or - # incomplete at this point - #self.eipconfig.save() - - # - # private helpers - # - - def _is_there_default_eipconfig(self): - return self.eipconfig.exists() - - def _dump_default_eipconfig(self): - self.eipconfig.save(force=True) - - def _get_provider_definition_uri(self, domain=None, path=None): - if domain is None: - domain = self.domain or baseconstants.DEFAULT_PROVIDER - if path is None: - path = baseconstants.DEFINITION_EXPECTED_PATH - uri = u"https://%s/%s" % (domain, path) - logger.debug('getting provider definition from %s' % uri) - return uri - - def _get_eip_service_uri(self, domain=None, path=None): - if domain is None: - domain = self.domain or baseconstants.DEFAULT_PROVIDER - if path is None: - path = eipconstants.EIP_SERVICE_EXPECTED_PATH - uri = "https://%s/%s" % (domain, path) - logger.debug('getting eip service file from %s', uri) - return uri - - def set_api_domain(self): - """sets api domain from defaultprovider config object""" - api = self.defaultprovider.config.get('api_uri', None) - # the caller is responsible for having loaded the config - # object at this point - if api: - api_dom = get_https_domain_and_port(api) - self.apidomain = "%s:%s" % api_dom - - def get_api_domain(self): - """gets api domain""" - return self.apidomain diff --git a/src/leap/eip/config.py b/src/leap/eip/config.py deleted file mode 100644 index 917871da..00000000 --- a/src/leap/eip/config.py +++ /dev/null @@ -1,398 +0,0 @@ -import logging -import os -import platform -import re -import tempfile - -from leap import __branding as BRANDING -from leap import certs -from leap.util.misc import null_check -from leap.util.fileutil import (which, mkdir_p, check_and_fix_urw_only) - -from leap.base import config as baseconfig -from leap.baseapp.permcheck import (is_pkexec_in_system, - is_auth_agent_running) -from leap.eip import exceptions as eip_exceptions -from leap.eip import specs as eipspecs - -logger = logging.getLogger(name=__name__) -provider_ca_file = BRANDING.get('provider_ca_file', None) - -_platform = platform.system() - - -class EIPConfig(baseconfig.JSONLeapConfig): - spec = eipspecs.eipconfig_spec - - def _get_slug(self): - eipjsonpath = baseconfig.get_config_file( - 'eip.json') - return eipjsonpath - - def _set_slug(self, *args, **kwargs): - raise AttributeError("you cannot set slug") - - slug = property(_get_slug, _set_slug) - - -class EIPServiceConfig(baseconfig.JSONLeapConfig): - spec = eipspecs.eipservice_config_spec - - def _get_slug(self): - domain = getattr(self, 'domain', None) - if domain: - path = baseconfig.get_provider_path(domain) - else: - path = baseconfig.get_default_provider_path() - return baseconfig.get_config_file( - 'eip-service.json', folder=path) - - def _set_slug(self): - raise AttributeError("you cannot set slug") - - slug = property(_get_slug, _set_slug) - - -def get_socket_path(): - socket_path = os.path.join( - tempfile.mkdtemp(prefix="leap-tmp"), - 'openvpn.socket') - #logger.debug('socket path: %s', socket_path) - return socket_path - - -def get_eip_gateway(eipconfig=None, eipserviceconfig=None): - """ - return the first host in eip service config - that matches the name defined in the eip.json config - file. - """ - # XXX eventually we should move to a more clever - # gateway selection. maybe we could return - # all gateways that match our cluster. - - null_check(eipconfig, "eipconfig") - null_check(eipserviceconfig, "eipserviceconfig") - PLACEHOLDER = "testprovider.example.org" - - conf = eipconfig.config - eipsconf = eipserviceconfig.config - - primary_gateway = conf.get('primary_gateway', None) - if not primary_gateway: - return PLACEHOLDER - - gateways = eipsconf.get('gateways', None) - if not gateways: - logger.error('missing gateways in eip service config') - return PLACEHOLDER - - if len(gateways) > 0: - for gw in gateways: - clustername = gw.get('cluster', None) - if not clustername: - logger.error('no cluster name') - return - - if clustername == primary_gateway: - # XXX at some moment, we must - # make this a more generic function, - # and return ports, protocols... - ipaddress = gw.get('ip_address', None) - if not ipaddress: - logger.error('no ip_address') - return - return ipaddress - logger.error('could not find primary gateway in provider' - 'gateway list') - - -def get_cipher_options(eipserviceconfig=None): - """ - gathers optional cipher options from eip-service config. - :param eipserviceconfig: EIPServiceConfig instance - """ - null_check(eipserviceconfig, 'eipserviceconfig') - eipsconf = eipserviceconfig.get_config() - - ALLOWED_KEYS = ("auth", "cipher", "tls-cipher") - CIPHERS_REGEX = re.compile("[A-Z0-9\-]+") - opts = [] - if 'openvpn_configuration' in eipsconf: - config = eipserviceconfig.config.get( - "openvpn_configuration", {}) - for key, value in config.items(): - if key in ALLOWED_KEYS and value is not None: - sanitized_val = CIPHERS_REGEX.findall(value) - if len(sanitized_val) != 0: - _val = sanitized_val[0] - opts.append('--%s' % key) - opts.append('%s' % _val) - return opts - -LINUX_UP_DOWN_SCRIPT = "/etc/leap/resolv-update" -OPENVPN_DOWN_ROOT = "/usr/lib/openvpn/openvpn-down-root.so" - - -def has_updown_scripts(): - """ - checks the existence of the up/down scripts - """ - # XXX should check permissions too - is_file = os.path.isfile(LINUX_UP_DOWN_SCRIPT) - if not is_file: - logger.warning( - "Could not find up/down scripts at %s! " - "Risk of DNS Leaks!!!") - return is_file - - -def build_ovpn_options(daemon=False, socket_path=None, **kwargs): - """ - build a list of options - to be passed in the - openvpn invocation - @rtype: list - @rparam: options - """ - # XXX review which of the - # options we don't need. - - # TODO pass also the config file, - # since we will need to take some - # things from there if present. - - provider = kwargs.pop('provider', None) - eipconfig = EIPConfig(domain=provider) - eipconfig.load() - eipserviceconfig = EIPServiceConfig(domain=provider) - eipserviceconfig.load() - - # get user/group name - # also from config. - user = baseconfig.get_username() - group = baseconfig.get_groupname() - - opts = [] - - opts.append('--client') - - opts.append('--dev') - # XXX same in win? - opts.append('tun') - opts.append('--persist-tun') - opts.append('--persist-key') - - verbosity = kwargs.get('ovpn_verbosity', None) - if verbosity and 1 <= verbosity <= 6: - opts.append('--verb') - opts.append("%s" % verbosity) - - # remote ############################## - # (server, port, protocol) - - opts.append('--remote') - - gw = get_eip_gateway(eipconfig=eipconfig, - eipserviceconfig=eipserviceconfig) - logger.debug('setting eip gateway to %s', gw) - opts.append(str(gw)) - - # get port/protocol from eipservice too - opts.append('1194') - #opts.append('80') - opts.append('udp') - - opts.append('--tls-client') - opts.append('--remote-cert-tls') - opts.append('server') - - # get ciphers ####################### - - ciphers = get_cipher_options( - eipserviceconfig=eipserviceconfig) - for cipheropt in ciphers: - opts.append(str(cipheropt)) - - # set user and group - opts.append('--user') - opts.append('%s' % user) - opts.append('--group') - opts.append('%s' % group) - - opts.append('--management-client-user') - opts.append('%s' % user) - opts.append('--management-signal') - - # set default options for management - # interface. unix sockets or telnet interface for win. - # XXX take them from the config object. - - if _platform == "Windows": - opts.append('--management') - opts.append('localhost') - # XXX which is a good choice? - opts.append('7777') - - if _platform in ("Linux", "Darwin"): - opts.append('--management') - - if socket_path is None: - socket_path = get_socket_path() - opts.append(socket_path) - opts.append('unix') - - opts.append('--script-security') - opts.append('2') - - if _platform == "Linux": - if has_updown_scripts(): - opts.append("--up") - opts.append(LINUX_UP_DOWN_SCRIPT) - opts.append("--down") - opts.append(LINUX_UP_DOWN_SCRIPT) - opts.append("--plugin") - opts.append(OPENVPN_DOWN_ROOT) - opts.append("'script_type=down %s'" % LINUX_UP_DOWN_SCRIPT) - - # certs - client_cert_path = eipspecs.client_cert_path(provider) - ca_cert_path = eipspecs.provider_ca_path(provider) - - # XXX FIX paths for MAC - opts.append('--cert') - opts.append(client_cert_path) - opts.append('--key') - opts.append(client_cert_path) - opts.append('--ca') - opts.append(ca_cert_path) - - # we cannot run in daemon mode - # with the current subp setting. - # see: https://leap.se/code/issues/383 - #if daemon is True: - #opts.append('--daemon') - - logger.debug('vpn options: %s', ' '.join(opts)) - return opts - - -def build_ovpn_command(debug=False, do_pkexec_check=True, vpnbin=None, - socket_path=None, **kwargs): - """ - build a string with the - complete openvpn invocation - - @rtype [string, [list of strings]] - @rparam: a list containing the command string - and a list of options. - """ - command = [] - use_pkexec = True - ovpn = None - - # XXX get use_pkexec from config instead. - - if _platform == "Linux" and use_pkexec and do_pkexec_check: - - # check for both pkexec - # AND a suitable authentication - # agent running. - logger.info('use_pkexec set to True') - - if not is_pkexec_in_system(): - logger.error('no pkexec in system') - raise eip_exceptions.EIPNoPkexecAvailable - - if not is_auth_agent_running(): - logger.warning( - "no polkit auth agent found. " - "pkexec will use its own text " - "based authentication agent. " - "that's probably a bad idea") - raise eip_exceptions.EIPNoPolkitAuthAgentAvailable - - command.append('pkexec') - - if vpnbin is None: - if _platform == "Darwin": - # XXX Should hardcode our installed path - # /Applications/LEAPClient.app/Contents/Resources/openvpn.leap - openvpn_bin = "openvpn.leap" - else: - openvpn_bin = "openvpn" - #XXX hardcode for darwin - ovpn = which(openvpn_bin) - else: - ovpn = vpnbin - if ovpn: - vpn_command = ovpn - else: - vpn_command = "openvpn" - command.append(vpn_command) - daemon_mode = not debug - - for opt in build_ovpn_options(daemon=daemon_mode, socket_path=socket_path, - **kwargs): - command.append(opt) - - # XXX check len and raise proper error - - if _platform == "Darwin": - OSX_ASADMIN = 'do shell script "%s" with administrator privileges' - # XXX fix workaround for Nones - _command = [x if x else " " for x in command] - # XXX debugging! - # XXX get openvpn log path from debug flags - _command.append('--log') - _command.append('/tmp/leap_openvpn.log') - return ["osascript", ["-e", OSX_ASADMIN % ' '.join(_command)]] - else: - return [command[0], command[1:]] - - -def check_vpn_keys(provider=None): - """ - performs an existance and permission check - over the openvpn keys file. - Currently we're expecting a single file - per provider, containing the CA cert, - the provider key, and our client certificate - """ - assert provider is not None - provider_ca = eipspecs.provider_ca_path(provider) - client_cert = eipspecs.client_cert_path(provider) - - logger.debug('provider ca = %s', provider_ca) - logger.debug('client cert = %s', client_cert) - - # if no keys, raise error. - # it's catched by the ui and signal user. - - if not os.path.isfile(provider_ca): - # not there. let's try to copy. - folder, filename = os.path.split(provider_ca) - if not os.path.isdir(folder): - mkdir_p(folder) - if provider_ca_file: - cacert = certs.where(provider_ca_file) - with open(provider_ca, 'w') as pca: - with open(cacert, 'r') as cac: - pca.write(cac.read()) - - if not os.path.isfile(provider_ca): - logger.error('key file %s not found. aborting.', - provider_ca) - raise eip_exceptions.EIPInitNoKeyFileError - - if not os.path.isfile(client_cert): - logger.error('key file %s not found. aborting.', - client_cert) - raise eip_exceptions.EIPInitNoKeyFileError - - for keyfile in (provider_ca, client_cert): - # bad perms? try to fix them - try: - check_and_fix_urw_only(keyfile) - except OSError: - raise eip_exceptions.EIPInitBadKeyFilePermError diff --git a/src/leap/eip/constants.py b/src/leap/eip/constants.py deleted file mode 100644 index 9af5a947..00000000 --- a/src/leap/eip/constants.py +++ /dev/null @@ -1,3 +0,0 @@ -# not used anymore with the new JSONConfig.slug -EIP_CONFIG = "eip.json" -EIP_SERVICE_EXPECTED_PATH = "1/config/eip-service.json" diff --git a/src/leap/eip/eipconnection.py b/src/leap/eip/eipconnection.py deleted file mode 100644 index d012c567..00000000 --- a/src/leap/eip/eipconnection.py +++ /dev/null @@ -1,405 +0,0 @@ -""" -EIP Connection Class -""" -from __future__ import (absolute_import,) -import logging -import Queue -import sys -import time - -from dateutil.parser import parse as dateparse - -from leap.eip.checks import ProviderCertChecker -from leap.eip.checks import EIPConfigChecker -from leap.eip import config as eipconfig -from leap.eip import exceptions as eip_exceptions -from leap.eip.openvpnconnection import OpenVPNConnection - -logger = logging.getLogger(name=__name__) - - -class StatusMixIn(object): - - # a bunch of methods related with querying the connection - # state/status and displaying useful info. - # Needs to get clear on what is what, and - # separate functions. - # Should separate EIPConnectionStatus (self.status) - # from the OpenVPN state/status command and parsing. - - ERR_CONNREFUSED = False - - def connection_state(self): - """ - returns the current connection state - """ - return self.status.current - - def get_icon_name(self): - """ - get icon name from status object - """ - return self.status.get_state_icon() - - def get_leap_status(self): - return self.status.get_leap_status() - - def poll_connection_state(self): - """ - """ - try: - state = self.get_connection_state() - except eip_exceptions.ConnectionRefusedError: - # connection refused. might be not ready yet. - if not self.ERR_CONNREFUSED: - logger.warning('connection refused') - self.ERR_CONNREFUSED = True - return - if not state: - #logger.debug('no state') - return - (ts, status_step, - ok, ip, remote) = state - self.status.set_vpn_state(status_step) - status_step = self.status.get_readable_status() - return (ts, status_step, ok, ip, remote) - - def make_error(self): - """ - capture error and wrap it in an - understandable format - """ - # mostly a hack to display errors in the debug UI - # w/o breaking the polling. - #XXX get helpful error codes - self.with_errors = True - now = int(time.time()) - return '%s,LAUNCHER ERROR,ERROR,-,-' % now - - def state(self): - """ - Sends OpenVPN command: state - """ - state = self._send_command("state") - if not state: - return None - if isinstance(state, str): - return state - if isinstance(state, list): - if len(state) == 1: - return state[0] - else: - return state[-1] - - def vpn_status(self): - """ - OpenVPN command: status - """ - status = self._send_command("status") - return status - - def vpn_status2(self): - """ - OpenVPN command: last 2 statuses - """ - return self._send_command("status 2") - - # - # parse info as the UI expects - # - - def get_status_io(self): - status = self.vpn_status() - if isinstance(status, str): - lines = status.split('\n') - if isinstance(status, list): - lines = status - try: - (header, when, tun_read, tun_write, - tcp_read, tcp_write, auth_read) = tuple(lines) - except ValueError: - return None - - when_ts = dateparse(when.split(',')[1]).timetuple() - sep = ',' - # XXX clean up this! - tun_read = tun_read.split(sep)[1] - tun_write = tun_write.split(sep)[1] - tcp_read = tcp_read.split(sep)[1] - tcp_write = tcp_write.split(sep)[1] - auth_read = auth_read.split(sep)[1] - - # XXX this could be a named tuple. prettier. - return when_ts, (tun_read, tun_write, tcp_read, tcp_write, auth_read) - - def get_connection_state(self): - state = self.state() - if state is not None: - ts, status_step, ok, ip, remote = state.split(',') - ts = time.gmtime(float(ts)) - # XXX this could be a named tuple. prettier. - return ts, status_step, ok, ip, remote - - -class EIPConnection(OpenVPNConnection, StatusMixIn): - """ - Aka conductor. - Manages the execution of the OpenVPN process, auto starts, monitors the - network connection, handles configuration, fixes leaky hosts, handles - errors, etc. - Status updates (connected, bandwidth, etc) are signaled to the GUI. - """ - - # XXX change name to EIPConductor ?? - - def __init__(self, - provider_cert_checker=ProviderCertChecker, - config_checker=EIPConfigChecker, - *args, **kwargs): - #self.settingsfile = kwargs.get('settingsfile', None) - #self.logfile = kwargs.get('logfile', None) - self.provider = kwargs.pop('provider', None) - self._providercertchecker = provider_cert_checker - self._configchecker = config_checker - - self.error_queue = Queue.Queue() - - status_signals = kwargs.pop('status_signals', None) - self.status = EIPConnectionStatus(callbacks=status_signals) - - checker_signals = kwargs.pop('checker_signals', None) - self.checker_signals = checker_signals - - self.init_checkers() - - host = eipconfig.get_socket_path() - kwargs['host'] = host - - super(EIPConnection, self).__init__(*args, **kwargs) - - def connect(self, **kwargs): - """ - entry point for connection process - """ - # in OpenVPNConnection - self.try_openvpn_connection() - - def disconnect(self, shutdown=False): - """ - disconnects client - """ - self.terminate_openvpn_connection(shutdown=shutdown) - self.status.change_to(self.status.DISCONNECTED) - - def has_errors(self): - return True if self.error_queue.qsize() != 0 else False - - def init_checkers(self): - """ - initialize checkers - """ - self.provider_cert_checker = self._providercertchecker( - domain=self.provider) - self.config_checker = self._configchecker(domain=self.provider) - - def set_provider_domain(self, domain): - """ - sets the provider domain. - used from the first run wizard when we launch the run_checks - and connect process after having initialized the conductor. - """ - # This looks convoluted, right. - # We have to reinstantiate checkers cause we're passing - # the domain param that we did not know at the beginning - # (only for the firstrunwizard case) - self.provider = domain - self.init_checkers() - - def run_checks(self, skip_download=False, skip_verify=False): - """ - run all eip checks previous to attempting a connection - """ - logger.debug('running conductor checks') - - def push_err(exc): - # keep the original traceback! - exc_traceback = sys.exc_info()[2] - self.error_queue.put((exc, exc_traceback)) - - try: - # network (1) - if self.checker_signals: - for signal in self.checker_signals: - signal('checking encryption keys') - self.provider_cert_checker.run_all(skip_verify=skip_verify) - except Exception as exc: - push_err(exc) - try: - if self.checker_signals: - for signal in self.checker_signals: - signal('checking provider config') - self.config_checker.run_all(skip_download=skip_download) - except Exception as exc: - push_err(exc) - try: - self.run_openvpn_checks() - except Exception as exc: - push_err(exc) - - -class EIPConnectionStatus(object): - """ - Keep track of client (gui) and openvpn - states. - - These are the OpenVPN states: - CONNECTING -- OpenVPN's initial state. - WAIT -- (Client only) Waiting for initial response - from server. - AUTH -- (Client only) Authenticating with server. - GET_CONFIG -- (Client only) Downloading configuration options - from server. - ASSIGN_IP -- Assigning IP address to virtual network - interface. - ADD_ROUTES -- Adding routes to system. - CONNECTED -- Initialization Sequence Completed. - RECONNECTING -- A restart has occurred. - EXITING -- A graceful exit is in progress. - - We add some extra states: - - DISCONNECTED -- GUI initial state. - UNRECOVERABLE -- An unrecoverable error has been raised - while invoking openvpn service. - """ - CONNECTING = 1 - WAIT = 2 - AUTH = 3 - GET_CONFIG = 4 - ASSIGN_IP = 5 - ADD_ROUTES = 6 - CONNECTED = 7 - RECONNECTING = 8 - EXITING = 9 - - # gui specific states: - UNRECOVERABLE = 11 - DISCONNECTED = 0 - - def __init__(self, callbacks=None): - """ - EIPConnectionStatus is initialized with a tuple - of signals to be triggered. - :param callbacks: a tuple of (callable) observers - :type callbacks: tuple - """ - self.current = self.DISCONNECTED - self.previous = None - # (callbacks to connect to signals in Qt-land) - self.callbacks = callbacks - - def get_readable_status(self): - # XXX DRY status / labels a little bit. - # think we'll want to i18n this. - human_status = { - 0: 'disconnected', - 1: 'connecting', - 2: 'waiting', - 3: 'authenticating', - 4: 'getting config', - 5: 'assigning ip', - 6: 'adding routes', - 7: 'connected', - 8: 'reconnecting', - 9: 'exiting', - 11: 'unrecoverable error', - } - return human_status[self.current] - - def get_leap_status(self): - # XXX improve nomenclature - leap_status = { - 0: 'disconnected', - 1: 'connecting to gateway', - 2: 'connecting to gateway', - 3: 'authenticating', - 4: 'establishing network encryption', - 5: 'establishing network encryption', - 6: 'establishing network encryption', - 7: 'connected', - 8: 'reconnecting', - 9: 'exiting', - 11: 'unrecoverable error', - } - return leap_status[self.current] - - def get_state_icon(self): - """ - returns the high level icon - for each fine-grain openvpn state - """ - connecting = (self.CONNECTING, - self.WAIT, - self.AUTH, - self.GET_CONFIG, - self.ASSIGN_IP, - self.ADD_ROUTES) - connected = (self.CONNECTED,) - disconnected = (self.DISCONNECTED, - self.UNRECOVERABLE) - - # this can be made smarter, - # but it's like it'll change, - # so +readability. - - if self.current in connecting: - return "connecting" - if self.current in connected: - return "connected" - if self.current in disconnected: - return "disconnected" - - def set_vpn_state(self, status): - """ - accepts a state string from the management - interface, and sets the internal state. - :param status: openvpn STATE (uppercase). - :type status: str - """ - if hasattr(self, status): - self.change_to(getattr(self, status)) - - def set_current(self, to): - """ - setter for the 'current' property - :param to: destination state - :type to: int - """ - self.current = to - - def change_to(self, to): - """ - :param to: destination state - :type to: int - """ - if to == self.current: - return - changed = False - from_ = self.current - self.current = to - - # We can add transition restrictions - # here to ensure no transitions are - # allowed outside the fsm. - - self.set_current(to) - changed = True - - #trigger signals (as callbacks) - #print('current state: %s' % self.current) - if changed: - self.previous = from_ - if self.callbacks: - for cb in self.callbacks: - if callable(cb): - cb(self) diff --git a/src/leap/eip/exceptions.py b/src/leap/eip/exceptions.py deleted file mode 100644 index b7d398c3..00000000 --- a/src/leap/eip/exceptions.py +++ /dev/null @@ -1,175 +0,0 @@ -""" -Generic error hierarchy -Leap/EIP exceptions used for exception handling, -logging, and notifying user of errors -during leap operation. - -Exception hierarchy -------------------- -All EIP Errors must inherit from EIPClientError (note: move that to -a more generic LEAPClientBaseError). - -Exception attributes and their meaning/uses -------------------------------------------- - -* critical: if True, will abort execution prematurely, - after attempting any cleaning - action. - -* failfirst: breaks any error_check loop that is examining - the error queue. - -* message: the message that will be used in the __repr__ of the exception. - -* usermessage: the message that will be passed to user in ErrorDialogs - in Qt-land. - -TODO: - -* EIPClientError: - Should inherit from LeapException - -* gettext / i18n for user messages. - -""" -from leap.base.exceptions import LeapException -from leap.util.translations import translate - - -# This should inherit from LeapException -class EIPClientError(Exception): - """ - base EIPClient exception - """ - critical = False - failfirst = False - warning = False - - -class CriticalError(EIPClientError): - """ - we cannot do anything about it, sorry - """ - critical = True - failfirst = True - - -class Warning(EIPClientError): - """ - just that, warnings - """ - warning = True - - -class EIPNoPolkitAuthAgentAvailable(CriticalError): - message = "No polkit authentication agent could be found" - usermessage = translate( - "EIPErrors", - "We could not find any authentication " - "agent in your system.<br/>" - "Make sure you have " - "<b>polkit-gnome-authentication-agent-1</b> " - "running and try again.") - - -class EIPNoPkexecAvailable(Warning): - message = "No pkexec binary found" - usermessage = translate( - "EIPErrors", - "We could not find <b>pkexec</b> in your " - "system.<br/> Do you want to try " - "<b>setuid workaround</b>? " - "(<i>DOES NOTHING YET</i>)") - failfirst = True - - -class EIPNoCommandError(EIPClientError): - message = "no suitable openvpn command found" - usermessage = translate( - "EIPErrors", - "No suitable openvpn command found. " - "<br/>(Might be a permissions problem)") - - -class EIPBadCertError(Warning): - # XXX this should be critical and fail close - message = "cert verification failed" - usermessage = translate( - "EIPErrors", - "there is a problem with provider certificate") - - -class LeapBadConfigFetchedError(Warning): - message = "provider sent a malformed json file" - usermessage = translate( - "EIPErrors", - "an error occurred during configuratio of leap services") - - -class OpenVPNAlreadyRunning(CriticalError): - message = "Another OpenVPN Process is already running." - usermessage = translate( - "EIPErrors", - "Another OpenVPN Process has been detected. " - "Please close it before starting leap-client") - - -class HttpsNotSupported(LeapException): - message = "connection refused while accessing via https" - usermessage = translate( - "EIPErrors", - "Server does not allow secure connections") - - -class HttpsBadCertError(LeapException): - message = "verification error on cert" - usermessage = translate( - "EIPErrors", - "Server certificate could not be verified") - -# -# errors still needing some love -# - - -class EIPInitNoKeyFileError(CriticalError): - message = "No vpn keys found in the expected path" - usermessage = translate( - "EIPErrors", - "We could not find your eip certs in the expected path") - - -class EIPInitBadKeyFilePermError(Warning): - # I don't know if we should be telling user or not, - # we try to fix permissions and should only re-raise - # if permission check failed. - pass - - -class EIPInitNoProviderError(EIPClientError): - pass - - -class EIPInitBadProviderError(EIPClientError): - pass - - -class EIPConfigurationError(EIPClientError): - pass - -# -# Errors that probably we don't need anymore -# chase down for them and check. -# - - -class MissingSocketError(Exception): - pass - - -class ConnectionRefusedError(Exception): - pass - - -class EIPMissingDefaultProvider(Exception): - pass diff --git a/src/leap/eip/openvpnconnection.py b/src/leap/eip/openvpnconnection.py deleted file mode 100644 index bee8c010..00000000 --- a/src/leap/eip/openvpnconnection.py +++ /dev/null @@ -1,410 +0,0 @@ -""" -OpenVPN Connection -""" -from __future__ import (print_function) -from functools import partial -import logging -import os -import psutil -import shutil -import select -import socket -from time import sleep - -logger = logging.getLogger(name=__name__) - -from leap.base.connection import Connection -from leap.base.constants import OPENVPN_BIN -from leap.util.coroutines import spawn_and_watch_process -from leap.util.misc import get_openvpn_pids - -from leap.eip.udstelnet import UDSTelnet -from leap.eip import config as eip_config -from leap.eip import exceptions as eip_exceptions - - -class OpenVPNManagement(object): - - # TODO explain a little bit how management interface works - # and our telnet interface with support for unix sockets. - - """ - for more information, read openvpn management notes. - zcat `dpkg -L openvpn | grep management` - """ - - def _connect_to_management(self): - """ - Connect to openvpn management interface - """ - if hasattr(self, 'tn'): - self._close_management_socket() - self.tn = UDSTelnet(self.host, self.port) - - # XXX make password optional - # specially for win. we should generate - # the pass on the fly when invoking manager - # from conductor - - #self.tn.read_until('ENTER PASSWORD:', 2) - #self.tn.write(self.password + '\n') - #self.tn.read_until('SUCCESS:', 2) - if self.tn: - self._seek_to_eof() - return True - - def _close_management_socket(self, announce=True): - """ - Close connection to openvpn management interface - """ - logger.debug('closing socket') - if announce: - self.tn.write("quit\n") - self.tn.read_all() - self.tn.get_socket().close() - del self.tn - - def _seek_to_eof(self): - """ - Read as much as available. Position seek pointer to end of stream - """ - try: - b = self.tn.read_eager() - except EOFError: - logger.debug("Could not read from socket. Assuming it died.") - return - while b: - try: - b = self.tn.read_eager() - except EOFError: - logger.debug("Could not read from socket. Assuming it died.") - - def _send_command(self, cmd): - """ - Send a command to openvpn and return response as list - """ - if not self.connected(): - try: - self._connect_to_management() - except eip_exceptions.MissingSocketError: - #logger.warning('missing management socket') - return [] - try: - if hasattr(self, 'tn'): - self.tn.write(cmd + "\n") - except socket.error: - logger.error('socket error') - self._close_management_socket(announce=False) - return [] - try: - buf = self.tn.read_until(b"END", 2) - self._seek_to_eof() - blist = buf.split('\r\n') - if blist[-1].startswith('END'): - del blist[-1] - return blist - else: - return [] - except socket.error as exc: - logger.debug('socket error: %s' % exc.message) - except select.error as exc: - logger.debug('select error: %s' % exc.message) - - def _send_short_command(self, cmd): - """ - parse output from commands that are - delimited by "success" instead - """ - if not self.connected(): - self.connect() - self.tn.write(cmd + "\n") - # XXX not working? - buf = self.tn.read_until(b"SUCCESS", 2) - self._seek_to_eof() - blist = buf.split('\r\n') - return blist - - # - # random maybe useful vpn commands - # - - def pid(self): - #XXX broken - return self._send_short_command("pid") - - -class OpenVPNConnection(Connection, OpenVPNManagement): - """ - All related to invocation - of the openvpn binary. - It's extended by EIPConnection. - """ - - # XXX Inheriting from Connection was an early design idea - # but currently that's an empty class. - # We can get rid of that if we don't use it for sharing - # state with other leap modules. - - def __init__(self, - watcher_cb=None, - debug=False, - host=None, - port="unix", - password=None, - *args, **kwargs): - """ - :param watcher_cb: callback to be \ -called for each line in watched stdout - :param signal_map: dictionary of signal names and callables \ -to be triggered for each one of them. - :type watcher_cb: function - :type signal_map: dict - """ - #XXX FIXME - #change watcher_cb to line_observer - # XXX if not host: raise ImproperlyConfigured - - logger.debug('init openvpn connection') - self.debug = debug - self.ovpn_verbosity = kwargs.get('ovpn_verbosity', None) - - self.watcher_cb = watcher_cb - #self.signal_maps = signal_maps - - self.subp = None - self.watcher = None - - self.server = None - self.port = None - self.proto = None - - self.command = None - self.args = None - - # XXX get autostart from config - self.autostart = True - - # management interface init - self.host = host - if isinstance(port, str) and port.isdigit(): - port = int(port) - elif port == "unix": - port = "unix" - else: - port = None - self.port = port - self.password = password - - def run_openvpn_checks(self): - """ - runs check needed before launching - openvpn subprocess. will raise if errors found. - """ - logger.debug('running openvpn checks') - # XXX I think that "check_if_running" should be called - # from try openvpn connection instead. -- kali. - # let's prepare tests for that before changing it... - self._check_if_running_instance() - self._set_ovpn_command() - self._check_vpn_keys() - - def try_openvpn_connection(self): - """ - attempts to connect - """ - # XXX should make public method - if self.command is None: - raise eip_exceptions.EIPNoCommandError - if self.subp is not None: - logger.debug('cowardly refusing to launch subprocess again') - # XXX this is not returning ???!! - # FIXME -- so it's calling it all the same!! - - self._launch_openvpn() - - def connected(self): - """ - Returns True if connected - rtype: bool - """ - # XXX make a property - return hasattr(self, 'tn') - - def terminate_openvpn_connection(self, shutdown=False): - """ - terminates openvpn child subprocess - """ - if self.subp: - try: - self._stop_openvpn() - except eip_exceptions.ConnectionRefusedError: - logger.warning( - 'unable to send sigterm signal to openvpn: ' - 'connection refused.') - - # XXX kali -- - # XXX review-me - # I think this will block if child process - # does not return. - # Maybe we can .poll() for a given - # interval and exit in any case. - - RETCODE = self.subp.wait() - if RETCODE: - logger.error( - 'cannot terminate subprocess! Retcode %s' - '(We might have left openvpn running)' % RETCODE) - - if shutdown: - self._cleanup_tempfiles() - - def _cleanup_tempfiles(self): - """ - remove all temporal files - we might have left behind - """ - # if self.port is 'unix', we have - # created a temporal socket path that, under - # normal circumstances, we should be able to - # delete - - if self.port == "unix": - logger.debug('cleaning socket file temp folder') - - tempfolder = os.path.split(self.host)[0] - if os.path.isdir(tempfolder): - try: - shutil.rmtree(tempfolder) - except OSError: - logger.error('could not delete tmpfolder %s' % tempfolder) - - # checks - - def _check_if_running_instance(self): - """ - check if openvpn is already running - """ - openvpn_pids = get_openvpn_pids() - if openvpn_pids: - logger.debug('an openvpn instance is already running.') - logger.debug('attempting to stop openvpn instance.') - if not self._stop_openvpn(): - raise eip_exceptions.OpenVPNAlreadyRunning - return - else: - logger.debug('no openvpn instance found.') - - def _set_ovpn_command(self): - try: - command, args = eip_config.build_ovpn_command( - provider=self.provider, - debug=self.debug, - socket_path=self.host, - ovpn_verbosity=self.ovpn_verbosity) - except eip_exceptions.EIPNoPolkitAuthAgentAvailable: - command = args = None - raise - except eip_exceptions.EIPNoPkexecAvailable: - command = args = None - raise - - # XXX if not command, signal error. - self.command = command - self.args = args - - def _check_vpn_keys(self): - """ - checks for correct permissions on vpn keys - """ - try: - eip_config.check_vpn_keys(provider=self.provider) - except eip_exceptions.EIPInitBadKeyFilePermError: - logger.error('Bad VPN Keys permission!') - # do nothing now - # and raise the rest ... - - # starting and stopping openvpn subprocess - - def _launch_openvpn(self): - """ - invocation of openvpn binaries in a subprocess. - """ - #XXX TODO: - #deprecate watcher_cb, - #use _only_ signal_maps instead - - #logger.debug('_launch_openvpn called') - if self.watcher_cb is not None: - linewrite_callback = self.watcher_cb - else: - #XXX get logger instead - linewrite_callback = lambda line: logger.debug( - 'watcher: %s' % line) - - # the partial is not - # being applied now because we're not observing the process - # stdout like we did in the early stages. but I leave it - # here since it will be handy for observing patterns in the - # thru-the-manager updates (with regex) - observers = (linewrite_callback, - partial(lambda con_status, - line: linewrite_callback, self.status)) - subp, watcher = spawn_and_watch_process( - self.command, - self.args, - observers=observers) - self.subp = subp - self.watcher = watcher - - def _stop_openvpn(self): - """ - stop openvpn process - by sending SIGTERM to the management - interface - """ - # XXX method a bit too long, split - logger.debug("atempting to terminate openvpn process...") - if self.connected(): - try: - self._send_command("signal SIGTERM\n") - sleep(1) - if not self.subp: # XXX ??? - return True - except socket.error: - logger.warning('management socket died') - return - - #shutting openvpn failured - #try patching in old openvpn host and trying again - # XXX could be more than one! - process = self._get_openvpn_process() - if process: - logger.debug('process: %s' % process.name) - cmdline = process.cmdline - - manag_flag = "--management" - if isinstance(cmdline, list) and manag_flag in cmdline: - _index = cmdline.index(manag_flag) - self.host = cmdline[_index + 1] - self._send_command("signal SIGTERM\n") - - #make sure the process was terminated - process = self._get_openvpn_process() - if not process: - logger.debug("Existing OpenVPN Process Terminated") - return True - else: - logger.error("Unable to terminate existing OpenVPN Process.") - return False - - return True - - def _get_openvpn_process(self): - for process in psutil.process_iter(): - if OPENVPN_BIN in process.name: - return process - return None - - def get_log(self, lines=1): - log = self._send_command("log %s" % lines) - return log diff --git a/src/leap/eip/specs.py b/src/leap/eip/specs.py deleted file mode 100644 index c41fd29b..00000000 --- a/src/leap/eip/specs.py +++ /dev/null @@ -1,136 +0,0 @@ -from __future__ import (unicode_literals) -import os - -from leap import __branding -from leap.base import config as baseconfig - -# XXX move provider stuff to base config - -PROVIDER_CA_CERT = __branding.get( - 'provider_ca_file', - 'cacert.pem') - -provider_ca_path = lambda domain: str(os.path.join( - #baseconfig.get_default_provider_path(), - baseconfig.get_provider_path(domain), - 'keys', 'ca', - 'cacert.pem' -)) if domain else None - -default_provider_ca_path = lambda: str(os.path.join( - baseconfig.get_default_provider_path(), - 'keys', 'ca', - PROVIDER_CA_CERT -)) - -PROVIDER_DOMAIN = __branding.get('provider_domain', 'testprovider.example.org') - - -client_cert_path = lambda domain: unicode(os.path.join( - baseconfig.get_provider_path(domain), - 'keys', 'client', - 'openvpn.pem' -)) if domain else None - -default_client_cert_path = lambda: unicode(os.path.join( - baseconfig.get_default_provider_path(), - 'keys', 'client', - 'openvpn.pem' -)) - -eipconfig_spec = { - 'description': 'sample eipconfig', - 'type': 'object', - 'properties': { - 'provider': { - 'type': unicode, - 'default': u"%s" % PROVIDER_DOMAIN, - 'required': True, - }, - 'transport': { - 'type': unicode, - 'default': u"openvpn", - }, - 'openvpn_protocol': { - 'type': unicode, - 'default': u"tcp" - }, - 'openvpn_port': { - 'type': int, - 'default': 80 - }, - 'openvpn_ca_certificate': { - 'type': unicode, # path - 'default': default_provider_ca_path - }, - 'openvpn_client_certificate': { - 'type': unicode, # path - 'default': default_client_cert_path - }, - 'connect_on_login': { - 'type': bool, - 'default': True - }, - 'block_cleartext_traffic': { - 'type': bool, - 'default': True - }, - 'primary_gateway': { - 'type': unicode, - 'default': u"location_unknown", - #'required': True - }, - 'secondary_gateway': { - 'type': unicode, - 'default': u"location_unknown2" - }, - 'management_password': { - 'type': unicode - } - } -} - -eipservice_config_spec = { - 'description': 'sample eip service config', - 'type': 'object', - 'properties': { - 'serial': { - 'type': int, - 'required': True, - 'default': 1 - }, - 'version': { - 'type': int, - 'required': True, - 'default': 1 - }, - 'clusters': { - 'type': list, - 'default': [ - {"label": { - "en": "Location Unknown"}, - "name": "location_unknown"}] - }, - 'gateways': { - 'type': list, - 'default': [ - {"capabilities": { - "adblock": True, - "filter_dns": True, - "ports": ["80", "53", "443", "1194"], - "protocols": ["udp", "tcp"], - "transport": ["openvpn"], - "user_ips": False}, - "cluster": "location_unknown", - "host": "location.example.org", - "ip_address": "127.0.0.1"}] - }, - 'openvpn_configuration': { - 'type': dict, - 'default': { - "auth": None, - "cipher": None, - "tls-cipher": None} - } - } -} diff --git a/src/leap/eip/tests/data.py b/src/leap/eip/tests/data.py deleted file mode 100644 index a7fe1853..00000000 --- a/src/leap/eip/tests/data.py +++ /dev/null @@ -1,51 +0,0 @@ -from __future__ import unicode_literals -import os - -#from leap import __branding - -# sample data used in tests - -#PROVIDER = __branding.get('provider_domain') -PROVIDER = "testprovider.example.org" - -EIP_SAMPLE_CONFIG = { - "provider": "%s" % PROVIDER, - "transport": "openvpn", - "openvpn_protocol": "tcp", - "openvpn_port": 80, - "openvpn_ca_certificate": os.path.expanduser( - "~/.config/leap/providers/" - "%s/" - "keys/ca/cacert.pem" % PROVIDER), - "openvpn_client_certificate": os.path.expanduser( - "~/.config/leap/providers/" - "%s/" - "keys/client/openvpn.pem" % PROVIDER), - "connect_on_login": True, - "block_cleartext_traffic": True, - "primary_gateway": "location_unknown", - "secondary_gateway": "location_unknown2", - #"management_password": "oph7Que1othahwiech6J" -} - -EIP_SAMPLE_SERVICE = { - "serial": 1, - "version": 1, - "clusters": [ - {"label": { - "en": "Location Unknown"}, - "name": "location_unknown"} - ], - "gateways": [ - {"capabilities": { - "adblock": True, - "filter_dns": True, - "ports": ["80", "53", "443", "1194"], - "protocols": ["udp", "tcp"], - "transport": ["openvpn"], - "user_ips": False}, - "cluster": "location_unknown", - "host": "location.example.org", - "ip_address": "192.0.43.10"} - ] -} diff --git a/src/leap/eip/tests/test_checks.py b/src/leap/eip/tests/test_checks.py deleted file mode 100644 index f42a0eeb..00000000 --- a/src/leap/eip/tests/test_checks.py +++ /dev/null @@ -1,372 +0,0 @@ -from BaseHTTPServer import BaseHTTPRequestHandler -import copy -import json -try: - import unittest2 as unittest -except ImportError: - import unittest -import os -import time -import urlparse - -from mock import (patch, Mock) - -import requests - -from leap.base import config as baseconfig -from leap.base import pluggableconfig -from leap.base.constants import (DEFAULT_PROVIDER_DEFINITION, - DEFINITION_EXPECTED_PATH) -from leap.eip import checks as eipchecks -from leap.eip import specs as eipspecs -from leap.eip import exceptions as eipexceptions -from leap.eip.tests import data as testdata -from leap.testing.basetest import BaseLeapTest -from leap.testing.https_server import BaseHTTPSServerTestCase -from leap.testing.https_server import where as where_cert -from leap.util.fileutil import mkdir_f - - -class NoLogRequestHandler: - def log_message(self, *args): - # don't write log msg to stderr - pass - - def read(self, n=None): - return '' - - -class EIPCheckTest(BaseLeapTest): - - __name__ = "eip_check_tests" - provider = "testprovider.example.org" - maxDiff = None - - def setUp(self): - pass - - def tearDown(self): - pass - - # test methods are there, and can be called from run_all - - def test_checker_should_implement_check_methods(self): - checker = eipchecks.EIPConfigChecker(domain=self.provider) - - self.assertTrue(hasattr(checker, "check_default_eipconfig"), - "missing meth") - self.assertTrue(hasattr(checker, "check_is_there_default_provider"), - "missing meth") - self.assertTrue(hasattr(checker, "fetch_definition"), "missing meth") - self.assertTrue(hasattr(checker, "fetch_eip_service_config"), - "missing meth") - self.assertTrue(hasattr(checker, "check_complete_eip_config"), - "missing meth") - - def test_checker_should_actually_call_all_tests(self): - checker = eipchecks.EIPConfigChecker(domain=self.provider) - - mc = Mock() - checker.run_all(checker=mc) - self.assertTrue(mc.check_default_eipconfig.called, "not called") - self.assertTrue(mc.check_is_there_default_provider.called, - "not called") - self.assertTrue(mc.fetch_definition.called, - "not called") - self.assertTrue(mc.fetch_eip_service_config.called, - "not called") - self.assertTrue(mc.check_complete_eip_config.called, - "not called") - - # test individual check methods - - def test_check_default_eipconfig(self): - checker = eipchecks.EIPConfigChecker(domain=self.provider) - # no eip config (empty home) - eipconfig_path = checker.eipconfig.filename - self.assertFalse(os.path.isfile(eipconfig_path)) - checker.check_default_eipconfig() - # we've written one, so it should be there. - self.assertTrue(os.path.isfile(eipconfig_path)) - with open(eipconfig_path, 'rb') as fp: - deserialized = json.load(fp) - - # force re-evaluation of the paths - # small workaround for evaluating home dirs correctly - EIP_SAMPLE_CONFIG = copy.copy(testdata.EIP_SAMPLE_CONFIG) - EIP_SAMPLE_CONFIG['openvpn_client_certificate'] = \ - eipspecs.client_cert_path(self.provider) - EIP_SAMPLE_CONFIG['openvpn_ca_certificate'] = \ - eipspecs.provider_ca_path(self.provider) - self.assertEqual(deserialized, EIP_SAMPLE_CONFIG) - - # TODO: shold ALSO run validation methods. - - def test_check_is_there_default_provider(self): - checker = eipchecks.EIPConfigChecker(domain=self.provider) - # we do dump a sample eip config, but lacking a - # default provider entry. - # This error will be possible catched in a different - # place, when JSONConfig does validation of required fields. - - # passing direct config - with self.assertRaises(eipexceptions.EIPMissingDefaultProvider): - checker.check_is_there_default_provider(config={}) - - # ok. now, messing with real files... - # blank out default_provider - sampleconfig = copy.copy(testdata.EIP_SAMPLE_CONFIG) - sampleconfig['provider'] = None - eipcfg_path = checker.eipconfig.filename - mkdir_f(eipcfg_path) - with open(eipcfg_path, 'w') as fp: - json.dump(sampleconfig, fp) - #with self.assertRaises(eipexceptions.EIPMissingDefaultProvider): - # XXX we should catch this as one of our errors, but do not - # see how to do it quickly. - with self.assertRaises(pluggableconfig.ValidationError): - #import ipdb;ipdb.set_trace() - checker.eipconfig.load(fromfile=eipcfg_path) - checker.check_is_there_default_provider() - - sampleconfig = testdata.EIP_SAMPLE_CONFIG - #eipcfg_path = checker._get_default_eipconfig_path() - with open(eipcfg_path, 'w') as fp: - json.dump(sampleconfig, fp) - checker.eipconfig.load() - self.assertTrue(checker.check_is_there_default_provider()) - - def test_fetch_definition(self): - with patch.object(requests, "get") as mocked_get: - mocked_get.return_value.status_code = 200 - mocked_get.return_value.headers = { - 'last-modified': "Wed Dec 12 12:12:12 GMT 2012"} - mocked_get.return_value.json = DEFAULT_PROVIDER_DEFINITION - checker = eipchecks.EIPConfigChecker(fetcher=requests) - sampleconfig = testdata.EIP_SAMPLE_CONFIG - checker.fetch_definition(config=sampleconfig) - - fn = os.path.join(baseconfig.get_default_provider_path(), - DEFINITION_EXPECTED_PATH) - with open(fn, 'r') as fp: - deserialized = json.load(fp) - self.assertEqual(DEFAULT_PROVIDER_DEFINITION, deserialized) - - # XXX TODO check for ConnectionError, HTTPError, InvalidUrl - # (and proper EIPExceptions are raised). - # Look at base.test_config. - - def test_fetch_eip_service_config(self): - with patch.object(requests, "get") as mocked_get: - mocked_get.return_value.status_code = 200 - mocked_get.return_value.headers = { - 'last-modified': "Wed Dec 12 12:12:12 GMT 2012"} - mocked_get.return_value.json = testdata.EIP_SAMPLE_SERVICE - checker = eipchecks.EIPConfigChecker(fetcher=requests) - sampleconfig = testdata.EIP_SAMPLE_CONFIG - checker.fetch_eip_service_config(config=sampleconfig) - - def test_check_complete_eip_config(self): - checker = eipchecks.EIPConfigChecker() - with self.assertRaises(eipexceptions.EIPConfigurationError): - sampleconfig = copy.copy(testdata.EIP_SAMPLE_CONFIG) - sampleconfig['provider'] = None - checker.check_complete_eip_config(config=sampleconfig) - with self.assertRaises(eipexceptions.EIPConfigurationError): - sampleconfig = copy.copy(testdata.EIP_SAMPLE_CONFIG) - del sampleconfig['provider'] - checker.check_complete_eip_config(config=sampleconfig) - - # normal case - sampleconfig = copy.copy(testdata.EIP_SAMPLE_CONFIG) - checker.check_complete_eip_config(config=sampleconfig) - - -class ProviderCertCheckerTest(BaseLeapTest): - - __name__ = "provider_cert_checker_tests" - provider = "testprovider.example.org" - - def setUp(self): - pass - - def tearDown(self): - pass - - # test methods are there, and can be called from run_all - - def test_checker_should_implement_check_methods(self): - checker = eipchecks.ProviderCertChecker() - - # For MVS+ - self.assertTrue(hasattr(checker, "download_ca_cert"), - "missing meth") - self.assertTrue(hasattr(checker, "download_ca_signature"), - "missing meth") - self.assertTrue(hasattr(checker, "get_ca_signatures"), "missing meth") - self.assertTrue(hasattr(checker, "is_there_trust_path"), - "missing meth") - - # For MVS - self.assertTrue(hasattr(checker, "is_there_provider_ca"), - "missing meth") - self.assertTrue(hasattr(checker, "is_https_working"), "missing meth") - self.assertTrue(hasattr(checker, "check_new_cert_needed"), - "missing meth") - - def test_checker_should_actually_call_all_tests(self): - checker = eipchecks.ProviderCertChecker() - - mc = Mock() - checker.run_all(checker=mc) - # XXX MVS+ - #self.assertTrue(mc.download_ca_cert.called, "not called") - #self.assertTrue(mc.download_ca_signature.called, "not called") - #self.assertTrue(mc.get_ca_signatures.called, "not called") - #self.assertTrue(mc.is_there_trust_path.called, "not called") - - # For MVS - self.assertTrue(mc.is_there_provider_ca.called, "not called") - self.assertTrue(mc.is_https_working.called, - "not called") - self.assertTrue(mc.check_new_cert_needed.called, - "not called") - - # test individual check methods - - @unittest.skip - def test_is_there_provider_ca(self): - # XXX commenting out this test. - # With the generic client this does not make sense, - # we should dump one there. - # or test conductor logic. - checker = eipchecks.ProviderCertChecker() - self.assertTrue( - checker.is_there_provider_ca()) - - -class ProviderCertCheckerHTTPSTests(BaseHTTPSServerTestCase, BaseLeapTest): - provider = "testprovider.example.org" - - class request_handler(NoLogRequestHandler, BaseHTTPRequestHandler): - responses = { - '/': ['OK', ''], - '/client.cert': [ - # XXX get sample cert - '-----BEGIN CERTIFICATE-----', - '-----END CERTIFICATE-----'], - '/badclient.cert': [ - 'BADCERT']} - - def do_GET(self): - path = urlparse.urlparse(self.path) - message = '\n'.join(self.responses.get( - path.path, None)) - self.send_response(200) - self.end_headers() - self.wfile.write(message) - - def test_is_https_working(self): - fetcher = requests - uri = "https://%s/" % (self.get_server()) - # bare requests call. this should just pass (if there is - # an https service there). - fetcher.get(uri, verify=False) - checker = eipchecks.ProviderCertChecker(fetcher=fetcher) - self.assertTrue(checker.is_https_working(uri=uri, verify=False)) - - # for local debugs, when in doubt - #self.assertTrue(checker.is_https_working(uri="https://github.com", - #verify=True)) - - # for the two checks below, I know they fail because no ca - # cert is passed to them, and I know that's the error that - # requests return with our implementation. - # We're receiving this because our - # server is dying prematurely when the handshake is interrupted on the - # client side. - # Since we have access to the server, we could check that - # the error raised has been: - # SSL23_READ_BYTES: alert bad certificate - with self.assertRaises(requests.exceptions.SSLError) as exc: - fetcher.get(uri, verify=True) - self.assertTrue( - "SSL23_GET_SERVER_HELLO:unknown protocol" in exc.message) - - # XXX FIXME! Uncomment after #638 is done - #with self.assertRaises(eipexceptions.EIPBadCertError) as exc: - #checker.is_https_working(uri=uri, verify=True) - #self.assertTrue( - #"cert verification failed" in exc.message) - - # get cacert from testing.https_server - cacert = where_cert('cacert.pem') - fetcher.get(uri, verify=cacert) - self.assertTrue(checker.is_https_working(uri=uri, verify=cacert)) - - # same, but get cacert from leap.custom - # XXX TODO! - - @unittest.skip - def test_download_new_client_cert(self): - # FIXME - # Magick srp decorator broken right now... - # Have to mock the decorator and inject something that - # can bypass the authentication - - uri = "https://%s/client.cert" % (self.get_server()) - cacert = where_cert('cacert.pem') - checker = eipchecks.ProviderCertChecker(domain=self.provider) - credentials = "testuser", "testpassword" - self.assertTrue(checker.download_new_client_cert( - credentials=credentials, uri=uri, verify=cacert)) - - # now download a malformed cert - uri = "https://%s/badclient.cert" % (self.get_server()) - cacert = where_cert('cacert.pem') - checker = eipchecks.ProviderCertChecker() - with self.assertRaises(ValueError): - self.assertTrue(checker.download_new_client_cert( - credentials=credentials, uri=uri, verify=cacert)) - - # did we write cert to its path? - clientcertfile = eipspecs.client_cert_path() - self.assertTrue(os.path.isfile(clientcertfile)) - certfile = eipspecs.client_cert_path() - with open(certfile, 'r') as cf: - certcontent = cf.read() - self.assertEqual(certcontent, - '\n'.join( - self.request_handler.responses['/client.cert'])) - os.remove(clientcertfile) - - def test_is_cert_valid(self): - checker = eipchecks.ProviderCertChecker() - # TODO: better exception catching - # should raise eipexceptions.BadClientCertificate, and give reasons - # on msg. - with self.assertRaises(Exception) as exc: - self.assertFalse(checker.is_cert_valid()) - exc.message = "missing cert" - - def test_bad_validity_certs(self): - checker = eipchecks.ProviderCertChecker() - certfile = where_cert('leaptestscert.pem') - self.assertFalse(checker.is_cert_not_expired( - certfile=certfile, - now=lambda: time.mktime((2038, 1, 1, 1, 1, 1, 1, 1, 1)))) - self.assertFalse(checker.is_cert_not_expired( - certfile=certfile, - now=lambda: time.mktime((1970, 1, 1, 1, 1, 1, 1, 1, 1)))) - - def test_check_new_cert_needed(self): - # check: missing cert - checker = eipchecks.ProviderCertChecker(domain=self.provider) - self.assertTrue(checker.check_new_cert_needed(skip_download=True)) - # TODO check: malformed cert - # TODO check: expired cert - # TODO check: pass test server uri instead of skip - - -if __name__ == "__main__": - unittest.main() diff --git a/src/leap/eip/tests/test_config.py b/src/leap/eip/tests/test_config.py deleted file mode 100644 index 72ab3c8e..00000000 --- a/src/leap/eip/tests/test_config.py +++ /dev/null @@ -1,298 +0,0 @@ -from collections import OrderedDict -import json -import os -import platform -import stat - -try: - import unittest2 as unittest -except ImportError: - import unittest - -#from leap.base import constants -#from leap.eip import config as eip_config -#from leap import __branding as BRANDING -from leap.eip import config as eipconfig -from leap.eip.tests.data import EIP_SAMPLE_CONFIG, EIP_SAMPLE_SERVICE -from leap.testing.basetest import BaseLeapTest -from leap.util.fileutil import mkdir_p, mkdir_f - -_system = platform.system() - -#PROVIDER = BRANDING.get('provider_domain') -#PROVIDER_SHORTNAME = BRANDING.get('short_name') - - -class EIPConfigTest(BaseLeapTest): - - __name__ = "eip_config_tests" - provider = "testprovider.example.org" - - maxDiff = None - - def setUp(self): - pass - - def tearDown(self): - pass - - # - # helpers - # - - def touch_exec(self): - path = os.path.join( - self.tempdir, 'bin') - mkdir_p(path) - tfile = os.path.join( - path, - 'openvpn') - open(tfile, 'wb').close() - os.chmod(tfile, stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR) - - def write_sample_eipservice(self, vpnciphers=False, extra_vpnopts=None, - gateways=None): - conf = eipconfig.EIPServiceConfig() - mkdir_f(conf.filename) - if gateways: - EIP_SAMPLE_SERVICE['gateways'] = gateways - if vpnciphers: - openvpnconfig = OrderedDict({ - "auth": "SHA1", - "cipher": "AES-128-CBC", - "tls-cipher": "DHE-RSA-AES128-SHA"}) - if extra_vpnopts: - for k, v in extra_vpnopts.items(): - openvpnconfig[k] = v - EIP_SAMPLE_SERVICE['openvpn_configuration'] = openvpnconfig - - with open(conf.filename, 'w') as fd: - fd.write(json.dumps(EIP_SAMPLE_SERVICE)) - - def write_sample_eipconfig(self): - conf = eipconfig.EIPConfig() - folder, f = os.path.split(conf.filename) - if not os.path.isdir(folder): - mkdir_p(folder) - with open(conf.filename, 'w') as fd: - fd.write(json.dumps(EIP_SAMPLE_CONFIG)) - - def get_expected_openvpn_args(self, with_openvpn_ciphers=False): - """ - yeah, this is almost as duplicating the - code for building the command - """ - args = [] - eipconf = eipconfig.EIPConfig(domain=self.provider) - eipconf.load() - eipsconf = eipconfig.EIPServiceConfig(domain=self.provider) - eipsconf.load() - - username = self.get_username() - groupname = self.get_groupname() - - args.append('--client') - args.append('--dev') - #does this have to be tap for win?? - args.append('tun') - args.append('--persist-tun') - args.append('--persist-key') - args.append('--remote') - - args.append('%s' % eipconfig.get_eip_gateway( - eipconfig=eipconf, - eipserviceconfig=eipsconf)) - # XXX get port!? - args.append('1194') - # XXX get proto - args.append('udp') - args.append('--tls-client') - args.append('--remote-cert-tls') - args.append('server') - - if with_openvpn_ciphers: - CIPHERS = [ - "--tls-cipher", "DHE-RSA-AES128-SHA", - "--cipher", "AES-128-CBC", - "--auth", "SHA1"] - for opt in CIPHERS: - args.append(opt) - - args.append('--user') - args.append(username) - args.append('--group') - args.append(groupname) - args.append('--management-client-user') - args.append(username) - args.append('--management-signal') - - args.append('--management') - #XXX hey! - #get platform switches here! - args.append('/tmp/test.socket') - args.append('unix') - - args.append('--script-security') - args.append('2') - - if _system == "Linux": - UPDOWN_SCRIPT = "/etc/leap/resolv-update" - if os.path.isfile(UPDOWN_SCRIPT): - args.append('--up') - args.append('/etc/leap/resolv-update') - args.append('--down') - args.append('/etc/leap/resolv-update') - args.append('--plugin') - args.append('/usr/lib/openvpn/openvpn-down-root.so') - args.append("'script_type=down /etc/leap/resolv-update'") - - # certs - # XXX get values from specs? - args.append('--cert') - args.append(os.path.join( - self.home, - '.config', 'leap', 'providers', - '%s' % self.provider, - 'keys', 'client', - 'openvpn.pem')) - args.append('--key') - args.append(os.path.join( - self.home, - '.config', 'leap', 'providers', - '%s' % self.provider, - 'keys', 'client', - 'openvpn.pem')) - args.append('--ca') - args.append(os.path.join( - self.home, - '.config', 'leap', 'providers', - '%s' % self.provider, - 'keys', 'ca', - 'cacert.pem')) - return args - - # build command string - # these tests are going to have to check - # many combinations. we should inject some - # params in the function call, to disable - # some checks. - - def test_get_eip_gateway(self): - self.write_sample_eipconfig() - eipconf = eipconfig.EIPConfig(domain=self.provider) - - # default eipservice - self.write_sample_eipservice() - eipsconf = eipconfig.EIPServiceConfig(domain=self.provider) - - gateway = eipconfig.get_eip_gateway( - eipconfig=eipconf, - eipserviceconfig=eipsconf) - - # in spec is local gateway by default - self.assertEqual(gateway, '127.0.0.1') - - # change eipservice - # right now we only check that cluster == selected primary gw in - # eip.json, and pick first matching ip - eipconf._config.config['primary_gateway'] = "foo_provider" - newgateways = [{"cluster": "foo_provider", - "ip_address": "127.0.0.99"}] - self.write_sample_eipservice(gateways=newgateways) - eipsconf = eipconfig.EIPServiceConfig(domain=self.provider) - # load from disk file - eipsconf.load() - - gateway = eipconfig.get_eip_gateway( - eipconfig=eipconf, - eipserviceconfig=eipsconf) - self.assertEqual(gateway, '127.0.0.99') - - # change eipservice, several gateways - # right now we only check that cluster == selected primary gw in - # eip.json, and pick first matching ip - eipconf._config.config['primary_gateway'] = "bar_provider" - newgateways = [{"cluster": "foo_provider", - "ip_address": "127.0.0.99"}, - {'cluster': "bar_provider", - "ip_address": "127.0.0.88"}] - self.write_sample_eipservice(gateways=newgateways) - eipsconf = eipconfig.EIPServiceConfig(domain=self.provider) - # load from disk file - eipsconf.load() - - gateway = eipconfig.get_eip_gateway( - eipconfig=eipconf, - eipserviceconfig=eipsconf) - self.assertEqual(gateway, '127.0.0.88') - - def test_build_ovpn_command_empty_config(self): - self.touch_exec() - self.write_sample_eipservice() - self.write_sample_eipconfig() - - from leap.eip import config as eipconfig - from leap.util.fileutil import which - path = os.environ['PATH'] - vpnbin = which('openvpn', path=path) - #print 'path =', path - #print 'vpnbin = ', vpnbin - vpncommand, vpnargs = eipconfig.build_ovpn_command( - do_pkexec_check=False, vpnbin=vpnbin, - socket_path="/tmp/test.socket", - provider=self.provider) - self.assertEqual(vpncommand, self.home + '/bin/openvpn') - self.assertEqual(vpnargs, self.get_expected_openvpn_args()) - - def test_build_ovpn_command_openvpnoptions(self): - self.touch_exec() - - from leap.eip import config as eipconfig - from leap.util.fileutil import which - path = os.environ['PATH'] - vpnbin = which('openvpn', path=path) - - self.write_sample_eipconfig() - - # regular run, everything normal - self.write_sample_eipservice(vpnciphers=True) - vpncommand, vpnargs = eipconfig.build_ovpn_command( - do_pkexec_check=False, vpnbin=vpnbin, - socket_path="/tmp/test.socket", - provider=self.provider) - self.assertEqual(vpncommand, self.home + '/bin/openvpn') - expected = self.get_expected_openvpn_args( - with_openvpn_ciphers=True) - self.assertEqual(vpnargs, expected) - - # bad options -- illegal options - self.write_sample_eipservice( - vpnciphers=True, - # WE ONLY ALLOW vpn options in auth, cipher, tls-cipher - extra_vpnopts={"notallowedconfig": "badvalue"}) - vpncommand, vpnargs = eipconfig.build_ovpn_command( - do_pkexec_check=False, vpnbin=vpnbin, - socket_path="/tmp/test.socket", - provider=self.provider) - self.assertEqual(vpncommand, self.home + '/bin/openvpn') - expected = self.get_expected_openvpn_args( - with_openvpn_ciphers=True) - self.assertEqual(vpnargs, expected) - - # bad options -- illegal chars - self.write_sample_eipservice( - vpnciphers=True, - # WE ONLY ALLOW A-Z09\- - extra_vpnopts={"cipher": "AES-128-CBC;FOOTHING"}) - vpncommand, vpnargs = eipconfig.build_ovpn_command( - do_pkexec_check=False, vpnbin=vpnbin, - socket_path="/tmp/test.socket", - provider=self.provider) - self.assertEqual(vpncommand, self.home + '/bin/openvpn') - expected = self.get_expected_openvpn_args( - with_openvpn_ciphers=True) - self.assertEqual(vpnargs, expected) - - -if __name__ == "__main__": - unittest.main() diff --git a/src/leap/eip/tests/test_eipconnection.py b/src/leap/eip/tests/test_eipconnection.py deleted file mode 100644 index 163f8d45..00000000 --- a/src/leap/eip/tests/test_eipconnection.py +++ /dev/null @@ -1,216 +0,0 @@ -import glob -import logging -import platform -#import os -import shutil - -logging.basicConfig() -logger = logging.getLogger(name=__name__) - -try: - import unittest2 as unittest -except ImportError: - import unittest - -from mock import Mock, patch # MagicMock - -from leap.eip.eipconnection import EIPConnection -from leap.eip.exceptions import ConnectionRefusedError -from leap.eip import specs as eipspecs -from leap.testing.basetest import BaseLeapTest - -_system = platform.system() - -PROVIDER = "testprovider.example.org" - - -class NotImplementedError(Exception): - pass - - -@patch('OpenVPNConnection._get_or_create_config') -@patch('OpenVPNConnection._set_ovpn_command') -class MockedEIPConnection(EIPConnection): - - def _set_ovpn_command(self): - self.command = "mock_command" - self.args = [1, 2, 3] - - -class EIPConductorTest(BaseLeapTest): - - __name__ = "eip_conductor_tests" - provider = PROVIDER - - def setUp(self): - # XXX there's a conceptual/design - # mistake here. - # If we're testing just attrs after init, - # init shold not be doing so much side effects. - - # for instance: - # We have to TOUCH a keys file because - # we're triggerig the key checks FROM - # the constructor. me not like that, - # key checker should better be called explicitelly. - - # XXX change to keys_checker invocation - # (see config_checker) - - keyfiles = (eipspecs.provider_ca_path(domain=self.provider), - eipspecs.client_cert_path(domain=self.provider)) - for filepath in keyfiles: - self.touch(filepath) - self.chmod600(filepath) - - # we init the manager with only - # some methods mocked - self.manager = Mock(name="openvpnmanager_mock") - self.con = MockedEIPConnection() - self.con.provider = self.provider - - # XXX watch out. This sometimes is throwing the following error: - # NoSuchProcess: process no longer exists (pid=6571) - # because of a bad implementation of _check_if_running_instance - - self.con.run_openvpn_checks() - - def tearDown(self): - pass - - def doCleanups(self): - super(BaseLeapTest, self).doCleanups() - self.cleanupSocketDir() - del self.con - - def cleanupSocketDir(self): - ptt = ('/tmp/leap-tmp*') - for tmpdir in glob.glob(ptt): - shutil.rmtree(tmpdir) - - # - # tests - # - - def test_vpnconnection_defaults(self): - """ - default attrs as expected - """ - con = self.con - self.assertEqual(con.autostart, True) - # XXX moar! - - def test_ovpn_command(self): - """ - set_ovpn_command called - """ - self.assertEqual(self.con.command, - "mock_command") - self.assertEqual(self.con.args, - [1, 2, 3]) - - # config checks - - def test_config_checked_called(self): - # XXX this single test is taking half of the time - # needed to run tests. (roughly 3 secs for this only) - # We should modularize and inject Mocks on more places. - - oldcon = self.con - del(self.con) - config_checker = Mock() - self.con = MockedEIPConnection(config_checker=config_checker) - self.assertTrue(config_checker.called) - self.con.run_checks() - self.con.config_checker.run_all.assert_called_with( - skip_download=False) - - # XXX test for cert_checker also - self.con = oldcon - - # connect/disconnect calls - - def test_disconnect(self): - """ - disconnect method calls private and changes status - """ - self.con._disconnect = Mock( - name="_disconnect") - - # first we set status to connected - self.con.status.set_current(self.con.status.CONNECTED) - self.assertEqual(self.con.status.current, - self.con.status.CONNECTED) - - # disconnect - self.con.terminate_openvpn_connection = Mock() - self.con.disconnect() - self.con.terminate_openvpn_connection.assert_called_once_with( - shutdown=False) - self.con.terminate_openvpn_connection = Mock() - self.con.disconnect(shutdown=True) - self.con.terminate_openvpn_connection.assert_called_once_with( - shutdown=True) - - # new status should be disconnected - # XXX this should evolve and check no errors - # during disconnection - self.assertEqual(self.con.status.current, - self.con.status.DISCONNECTED) - - def test_connect(self): - """ - connect calls _launch_openvpn private - """ - self.con._launch_openvpn = Mock() - self.con.connect() - self.con._launch_openvpn.assert_called_once_with() - - # XXX tests breaking here ... - - def test_good_poll_connection_state(self): - """ - """ - #@patch -- - # self.manager.get_connection_state - - #XXX review this set of poll_state tests - #they SHOULD NOT NEED TO MOCK ANYTHING IN THE - #lower layers!! -- status, vpn_manager.. - #right now we're testing implementation, not - #behavior!!! - good_state = ["1345466946", "unknown_state", "ok", - "192.168.1.1", "192.168.1.100"] - self.con.get_connection_state = Mock(return_value=good_state) - self.con.status.set_vpn_state = Mock() - - state = self.con.poll_connection_state() - good_state[1] = "disconnected" - final_state = tuple(good_state) - self.con.status.set_vpn_state.assert_called_with("unknown_state") - self.assertEqual(state, final_state) - - # TODO between "good" and "bad" (exception raised) cases, - # we can still test for malformed states and see that only good - # states do have a change (and from only the expected transition - # states). - - def test_bad_poll_connection_state(self): - """ - get connection state raises ConnectionRefusedError - state is None - """ - self.con.get_connection_state = Mock( - side_effect=ConnectionRefusedError('foo!')) - state = self.con.poll_connection_state() - self.assertEqual(state, None) - - - # XXX more things to test: - # - called config routines during initz. - # - raising proper exceptions with no config - # - called proper checks on config / permissions - - -if __name__ == "__main__": - unittest.main() diff --git a/src/leap/eip/tests/test_openvpnconnection.py b/src/leap/eip/tests/test_openvpnconnection.py deleted file mode 100644 index 95bfb2f0..00000000 --- a/src/leap/eip/tests/test_openvpnconnection.py +++ /dev/null @@ -1,161 +0,0 @@ -import logging -import os -import platform -import psutil -import shutil -#import socket - -logging.basicConfig() -logger = logging.getLogger(name=__name__) - -try: - import unittest2 as unittest -except ImportError: - import unittest - -from mock import Mock, patch # MagicMock - -from leap.eip import config as eipconfig -from leap.eip import openvpnconnection -from leap.eip import exceptions as eipexceptions -from leap.eip.udstelnet import UDSTelnet -from leap.testing.basetest import BaseLeapTest - -_system = platform.system() - - -class NotImplementedError(Exception): - pass - - -mock_UDSTelnet = Mock(spec=UDSTelnet) -# XXX cautious!!! -# this might be fragile right now (counting a global -# reference of calls I think. -# investigate this other form instead: -# http://www.voidspace.org.uk/python/mock/patch.html#start-and-stop - -# XXX redo after merge-refactor - - -@patch('openvpnconnection.OpenVPNConnection.connect_to_management') -class MockedOpenVPNConnection(openvpnconnection.OpenVPNConnection): - def __init__(self, *args, **kwargs): - self.mock_UDSTelnet = Mock() - super(MockedOpenVPNConnection, self).__init__( - *args, **kwargs) - self.tn = self.mock_UDSTelnet(self.host, self.port) - - def connect_to_management(self): - #print 'patched connect' - self.tn = mock_UDSTelnet(self.host, port=self.port) - - -class OpenVPNConnectionTest(BaseLeapTest): - - __name__ = "vpnconnection_tests" - - def setUp(self): - # XXX this will have to change for win, host=localhost - host = eipconfig.get_socket_path() - self.host = host - self.manager = MockedOpenVPNConnection(host=host) - - def tearDown(self): - pass - - def doCleanups(self): - super(BaseLeapTest, self).doCleanups() - self.cleanupSocketDir() - - def cleanupSocketDir(self): - # remove the socket folder. - # XXX only if posix. in win, host is localhost, so nothing - # has to be done. - if self.host: - folder, fpath = os.path.split(self.host) - try: - assert folder.startswith('/tmp/leap-tmp') # safety check - shutil.rmtree(folder) - except: - self.fail("could not remove temp file") - - del self.manager - - # - # tests - # - - def test_detect_vpn(self): - # XXX review, not sure if captured all the logic - # while fixing. kali. - openvpn_connection = openvpnconnection.OpenVPNConnection() - - with patch.object(psutil, "process_iter") as mocked_psutil: - mocked_process = Mock() - mocked_process.name = "openvpn" - mocked_process.cmdline = ["openvpn", "-foo", "-bar", "-gaaz"] - mocked_psutil.return_value = [mocked_process] - with self.assertRaises(eipexceptions.OpenVPNAlreadyRunning): - openvpn_connection._check_if_running_instance() - - openvpn_connection._check_if_running_instance() - - @unittest.skipIf(_system == "Windows", "lin/mac only") - def test_lin_mac_default_init(self): - """ - check default host for management iface - """ - self.assertTrue(self.manager.host.startswith('/tmp/leap-tmp')) - self.assertEqual(self.manager.port, 'unix') - - @unittest.skipUnless(_system == "Windows", "win only") - def test_win_default_init(self): - """ - check default host for management iface - """ - # XXX should we make the platform specific switch - # here or in the vpn command string building? - self.assertEqual(self.manager.host, 'localhost') - self.assertEqual(self.manager.port, 7777) - - def test_port_types_init(self): - oldmanager = self.manager - self.manager = MockedOpenVPNConnection(port="42") - self.assertEqual(self.manager.port, 42) - self.manager = MockedOpenVPNConnection() - self.assertEqual(self.manager.port, "unix") - self.manager = MockedOpenVPNConnection(port="bad") - self.assertEqual(self.manager.port, None) - self.manager = oldmanager - - def test_uds_telnet_called_on_connect(self): - self.manager.connect_to_management() - mock_UDSTelnet.assert_called_with( - self.manager.host, - port=self.manager.port) - - @unittest.skip - def test_connect(self): - raise NotImplementedError - # XXX calls close - # calls UDSTelnet mock. - - # XXX - # tests to write: - # UDSTelnetTest (for real?) - # HAVE A LOOK AT CORE TESTS FOR TELNETLIB. - # very illustrative instead... - - # - raise MissingSocket - # - raise ConnectionRefusedError - # - test send command - # - tries connect - # - ... tries? - # - ... calls _seek_to_eof - # - ... read_until --> return value - # - ... - - -if __name__ == "__main__": - unittest.main() diff --git a/src/leap/eip/udstelnet.py b/src/leap/eip/udstelnet.py deleted file mode 100644 index 18e927c2..00000000 --- a/src/leap/eip/udstelnet.py +++ /dev/null @@ -1,38 +0,0 @@ -import os -import socket -import telnetlib - -from leap.eip import exceptions as eip_exceptions - - -class UDSTelnet(telnetlib.Telnet): - """ - a telnet-alike class, that can listen - on unix domain sockets - """ - - def open(self, host, port=23, timeout=socket._GLOBAL_DEFAULT_TIMEOUT): - """Connect to a host. If port is 'unix', it - will open a connection over unix docmain sockets. - - The optional second argument is the port number, which - defaults to the standard telnet port (23). - - Don't try to reopen an already connected instance. - """ - self.eof = 0 - self.host = host - self.port = port - self.timeout = timeout - - if self.port == "unix": - # unix sockets spoken - if not os.path.exists(self.host): - raise eip_exceptions.MissingSocketError - self.sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) - try: - self.sock.connect(self.host) - except socket.error: - raise eip_exceptions.ConnectionRefusedError - else: - self.sock = socket.create_connection((host, port), timeout) diff --git a/src/leap/gui/__init__.py b/src/leap/gui/__init__.py index 804bfbc1..4b289442 100644 --- a/src/leap/gui/__init__.py +++ b/src/leap/gui/__init__.py @@ -1,11 +1,21 @@ -try: - import sip - sip.setapi('QString', 2) - sip.setapi('QVariant', 2) -except ValueError: - pass - -import firstrun -import firstrun.wizard - -__all__ = ['firstrun', 'firstrun.wizard'] +# -*- coding: utf-8 -*- +# __init__.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +""" +init file for leap.gui +""" +app = __import__("app", globals(), locals(), [], 2) +__all__ = [app] diff --git a/src/leap/gui/constants.py b/src/leap/gui/constants.py deleted file mode 100644 index 07077293..00000000 --- a/src/leap/gui/constants.py +++ /dev/null @@ -1,14 +0,0 @@ -import time - -APP_LOGO = ':/images/leap-color-small.png' -APP_WATERMARK = ':/images/watermark.png' - -# bare is the username portion of a JID -# full includes the "at" and some extra chars -# that can be allowed for fqdn - -BARE_USERNAME_REGEX = r"^[A-Za-z\d_]+$" -FULL_USERNAME_REGEX = r"^[A-Za-z\d_@.-]+$" - -GUI_PAUSE_FOR_USER_SECONDS = 1 -pause_for_user = lambda: time.sleep(GUI_PAUSE_FOR_USER_SECONDS) diff --git a/src/leap/gui/firstrun/__init__.py b/src/leap/gui/firstrun/__init__.py deleted file mode 100644 index d802fa1f..00000000 --- a/src/leap/gui/firstrun/__init__.py +++ /dev/null @@ -1,28 +0,0 @@ -try: - import sip - sip.setapi('QString', 2) - sip.setapi('QVariant', 2) -except ValueError: - pass - -import intro -import connect -import last -import login -import mixins -import providerinfo -import providerselect -import providersetup -import register - -__all__ = [ - 'intro', - 'connect', - 'last', - 'login', - 'mixins', - 'providerinfo', - 'providerselect', - 'providersetup', - 'register', -] # ,'wizard'] diff --git a/src/leap/gui/firstrun/connect.py b/src/leap/gui/firstrun/connect.py deleted file mode 100644 index 209174a1..00000000 --- a/src/leap/gui/firstrun/connect.py +++ /dev/null @@ -1,218 +0,0 @@ -""" -Provider Setup Validation Page, -used in First Run Wizard -""" -import logging - -from PyQt4 import QtGui - -#import requests - -from leap.gui.progress import ValidationPage -from leap.util.web import get_https_domain_and_port - -from leap.base import auth -from leap.gui.constants import APP_LOGO, APP_WATERMARK - -logger = logging.getLogger(__name__) - - -class ConnectionPage(ValidationPage): - - def __init__(self, parent=None): - super(ConnectionPage, self).__init__(parent) - self.current_page = "connect" - - title = self.tr("Connecting...") - subtitle = self.tr("Setting up a encrypted " - "connection with the provider") - - self.setTitle(title) - self.setSubTitle(subtitle) - - self.setPixmap( - QtGui.QWizard.WatermarkPixmap, - QtGui.QPixmap(APP_WATERMARK)) - - self.setPixmap( - QtGui.QWizard.LogoPixmap, - QtGui.QPixmap(APP_LOGO)) - - def _do_checks(self, update_signal=None): - """ - executes actual checks in a separate thread - - we initialize the srp protocol register - and try to register user. - """ - wizard = self.wizard() - full_domain = self.field('provider_domain') - domain, port = get_https_domain_and_port(full_domain) - - pconfig = wizard.eipconfigchecker(domain=domain) - # this should be persisted... - pconfig.defaultprovider.load() - pconfig.set_api_domain() - - pCertChecker = wizard.providercertchecker( - domain=domain) - pCertChecker.set_api_domain(pconfig.apidomain) - - ########################################### - # Set Credentials. - # username and password are in different fields - # if they were stored in log_in or sign_up pages. - from_login = wizard.from_login - - unamek_base = 'userName' - passwk_base = 'userPassword' - unamek = 'login_%s' % unamek_base if from_login else unamek_base - passwk = 'login_%s' % passwk_base if from_login else passwk_base - - username = self.field(unamek) - password = self.field(passwk) - credentials = username, password - - yield(("head_sentinel", 0), lambda: None) - - ################################################## - # 1) fetching eip service config - ################################################## - def fetcheipconf(): - try: - pconfig.fetch_eip_service_config() - - # XXX get specific exception - except Exception as exc: - return self.fail(exc.message) - - yield((self.tr("Getting EIP configuration files"), 40), - fetcheipconf) - - ################################################## - # 2) getting client certificate - ################################################## - - def fetcheipcert(): - try: - downloaded = pCertChecker.download_new_client_cert( - credentials=credentials) - if not downloaded: - logger.error('Could not download client cert') - return False - - except auth.SRPAuthenticationError as exc: - return self.fail(self.tr( - "Authentication error: %s" % exc.message)) - - except Exception as exc: - return self.fail(exc.message) - else: - return True - - yield((self.tr("Getting EIP certificate"), 80), - fetcheipcert) - - ################ - # end ! - ################ - self.set_done() - yield(("end_sentinel", 100), lambda: None) - - def on_checks_validation_ready(self): - """ - called after _do_checks has finished - (connected to checker thread finished signal) - """ - # here we go! :) - if self.is_done(): - nextbutton = self.wizard().button(QtGui.QWizard.NextButton) - nextbutton.setFocus() - - full_domain = self.field('provider_domain') - domain, port = get_https_domain_and_port(full_domain) - _domain = u"%s:%s" % ( - domain, port) if port != 443 else unicode(domain) - self.run_eip_checks_for_provider_and_connect(_domain) - - def run_eip_checks_for_provider_and_connect(self, domain): - wizard = self.wizard() - conductor = wizard.conductor - start_eip_signal = getattr( - wizard, - 'start_eipconnection_signal', None) - - if conductor: - conductor.set_provider_domain(domain) - # we could run some of the checks to be - # sure everything is in order, but - # I see no point in doing it, we assume - # we've gone thru all checks during the wizard. - #conductor.run_checks() - #self.conductor = conductor - #errors = self.eip_error_check() - #if not errors and start_eip_signal: - if start_eip_signal: - start_eip_signal.emit() - - else: - logger.warning( - "No conductor found. This means that " - "probably the wizard has been launched " - "in an stand-alone way.") - - self.set_done() - - #def eip_error_check(self): - #""" - #a version of the main app error checker, - #but integrated within the connecting page of the wizard. - #consumes the conductor error queue. - #pops errors, and add those to the wizard page - #""" - # TODO handle errors. - # We should redirect them to the log viewer - # with a brief message. - # XXX move to LAST PAGE instead. - #logger.debug('eip error check from connecting page') - #errq = self.conductor.error_queue - - #def _do_validation(self): - #""" - #called after _do_checks has finished - #(connected to checker thread finished signal) - #""" - #from_login = self.wizard().from_login - #prevpage = "login" if from_login else "signup" - - #wizard = self.wizard() - #if self.errors: - #logger.debug('going back with errors') - #logger.error(self.errors) - #name, first_error = self.pop_first_error() - #wizard.set_validation_error( - #prevpage, - #first_error) - #self.go_back() - - def nextId(self): - wizard = self.wizard() - return wizard.get_page_index('lastpage') - - def initializePage(self): - super(ConnectionPage, self).initializePage() - self.set_undone() - cancelbutton = self.wizard().button(QtGui.QWizard.CancelButton) - cancelbutton.hide() - self.completeChanged.emit() - - wizard = self.wizard() - eip_statuschange_signal = wizard.eip_statuschange_signal - if eip_statuschange_signal: - eip_statuschange_signal.connect( - lambda status: self.send_status( - status)) - - def send_status(self, status): - wizard = self.wizard() - wizard.openvpn_status.append(status) diff --git a/src/leap/gui/firstrun/intro.py b/src/leap/gui/firstrun/intro.py deleted file mode 100644 index 8e5014e6..00000000 --- a/src/leap/gui/firstrun/intro.py +++ /dev/null @@ -1,68 +0,0 @@ -""" -Intro page used in first run wizard -""" - -from PyQt4 import QtGui - -from leap.gui.constants import APP_LOGO, APP_WATERMARK - - -class IntroPage(QtGui.QWizardPage): - def __init__(self, parent=None): - super(IntroPage, self).__init__(parent) - - self.setTitle(self.tr("First run wizard")) - - self.setPixmap( - QtGui.QWizard.WatermarkPixmap, - QtGui.QPixmap(APP_WATERMARK)) - - self.setPixmap( - QtGui.QWizard.LogoPixmap, - QtGui.QPixmap(APP_LOGO)) - - label = QtGui.QLabel(self.tr( - "Now we will guide you through " - "some configuration that is needed before you " - "can connect for the first time.<br><br>" - "If you ever need to modify these options again, " - "you can find the wizard in the '<i>Settings</i>' menu from the " - "main window.<br><br>" - "Do you want to <b>sign up</b> for a new account, or <b>log " - "in</b> with an already existing username?<br>")) - label.setWordWrap(True) - - radiobuttonGroup = QtGui.QGroupBox() - - self.sign_up = QtGui.QRadioButton( - self.tr("Sign up for a new account")) - self.sign_up.setChecked(True) - self.log_in = QtGui.QRadioButton( - self.tr("Log In with my credentials")) - - radiobLayout = QtGui.QVBoxLayout() - radiobLayout.addWidget(self.sign_up) - radiobLayout.addWidget(self.log_in) - radiobuttonGroup.setLayout(radiobLayout) - - layout = QtGui.QVBoxLayout() - layout.addWidget(label) - layout.addWidget(radiobuttonGroup) - self.setLayout(layout) - - #self.registerField('is_signup', self.sign_up) - - def validatePage(self): - return True - - def nextId(self): - """ - returns next id - in a non-linear wizard - """ - if self.sign_up.isChecked(): - next_ = 'providerselection' - if self.log_in.isChecked(): - next_ = 'login' - wizard = self.wizard() - return wizard.get_page_index(next_) diff --git a/src/leap/gui/firstrun/last.py b/src/leap/gui/firstrun/last.py deleted file mode 100644 index 6a01ba34..00000000 --- a/src/leap/gui/firstrun/last.py +++ /dev/null @@ -1,119 +0,0 @@ -""" -Last Page, used in First Run Wizard -""" -import logging - -from PyQt4 import QtGui - -from leap.util.coroutines import coroutine -from leap.gui.constants import APP_LOGO, APP_WATERMARK - -logger = logging.getLogger(__name__) - - -class LastPage(QtGui.QWizardPage): - def __init__(self, parent=None): - super(LastPage, self).__init__(parent) - - self.setTitle(self.tr( - "Connecting to Encrypted Internet Proxy service...")) - - self.setPixmap( - QtGui.QWizard.WatermarkPixmap, - QtGui.QPixmap(APP_WATERMARK)) - - self.setPixmap( - QtGui.QWizard.LogoPixmap, - QtGui.QPixmap(APP_LOGO)) - - self.label = QtGui.QLabel() - self.label.setWordWrap(True) - - self.wizard_done = False - - # XXX REFACTOR to a Validating Page... - self.status_line_1 = QtGui.QLabel() - self.status_line_2 = QtGui.QLabel() - self.status_line_3 = QtGui.QLabel() - self.status_line_4 = QtGui.QLabel() - self.status_line_5 = QtGui.QLabel() - - layout = QtGui.QVBoxLayout() - layout.addWidget(self.label) - - # make loop - layout.addWidget(self.status_line_1) - layout.addWidget(self.status_line_2) - layout.addWidget(self.status_line_3) - layout.addWidget(self.status_line_4) - layout.addWidget(self.status_line_5) - - self.setLayout(layout) - - def isComplete(self): - return self.wizard_done - - def set_status_line(self, line, status): - statusline = getattr(self, 'status_line_%s' % line) - if statusline: - statusline.setText(status) - - def set_finished_status(self): - self.setTitle(self.tr('You are now using an encrypted connection!')) - finishText = self.wizard().buttonText( - QtGui.QWizard.FinishButton) - finishText = finishText.replace('&', '') - self.label.setText(self.tr( - "Click '<i>%s</i>' to end the wizard and " - "save your settings." % finishText)) - self.wizard_done = True - self.completeChanged.emit() - - @coroutine - def eip_status_handler(self): - # XXX this can be changed to use - # signals. See progress.py - logger.debug('logging status in last page') - self.validation_done = False - status_count = 1 - try: - while True: - status = (yield) - status_count += 1 - # XXX add to line... - logger.debug('status --> %s', status) - self.set_status_line(status_count, status) - if status == "connected": - self.set_finished_status() - self.completeChanged.emit() - break - self.completeChanged.emit() - except GeneratorExit: - pass - except StopIteration: - pass - - def initializePage(self): - super(LastPage, self).initializePage() - wizard = self.wizard() - wizard.button(QtGui.QWizard.FinishButton).setDisabled(True) - - handler = self.eip_status_handler() - - # get statuses done in prev page - for st in wizard.openvpn_status: - self.send_status(handler.send, st) - - # bind signal for events yet to come - eip_statuschange_signal = wizard.eip_statuschange_signal - if eip_statuschange_signal: - eip_statuschange_signal.connect( - lambda status: self.send_status( - handler.send, status)) - self.completeChanged.emit() - - def send_status(self, cb, status): - try: - cb(status) - except StopIteration: - pass diff --git a/src/leap/gui/firstrun/login.py b/src/leap/gui/firstrun/login.py deleted file mode 100644 index 1efceaa9..00000000 --- a/src/leap/gui/firstrun/login.py +++ /dev/null @@ -1,336 +0,0 @@ -""" -LogIn Page, used inf First Run Wizard -""" -from PyQt4 import QtCore -from PyQt4 import QtGui - -import requests - -from leap.base import auth -from leap.gui.firstrun.mixins import UserFormMixIn -from leap.gui.progress import InlineValidationPage -from leap.gui import styles - -from leap.gui.constants import APP_LOGO, APP_WATERMARK, FULL_USERNAME_REGEX - - -class LogInPage(InlineValidationPage, UserFormMixIn): # InlineValidationPage - - def __init__(self, parent=None): - - super(LogInPage, self).__init__(parent) - self.current_page = "login" - - self.setTitle(self.tr("Log In")) - self.setSubTitle(self.tr("Log in with your credentials")) - self.current_page = "login" - - self.setPixmap( - QtGui.QWizard.WatermarkPixmap, - QtGui.QPixmap(APP_WATERMARK)) - - self.setPixmap( - QtGui.QWizard.LogoPixmap, - QtGui.QPixmap(APP_LOGO)) - - self.setupSteps() - self.setupUI() - - self.do_confirm_next = False - - def setupUI(self): - userNameLabel = QtGui.QLabel(self.tr("User &name:")) - userNameLineEdit = QtGui.QLineEdit() - userNameLineEdit.cursorPositionChanged.connect( - self.reset_validation_status) - userNameLabel.setBuddy(userNameLineEdit) - - # let's add regex validator - usernameRe = QtCore.QRegExp(FULL_USERNAME_REGEX) - userNameLineEdit.setValidator( - QtGui.QRegExpValidator(usernameRe, self)) - - #userNameLineEdit.setPlaceholderText( - #'username@provider.example.org') - self.userNameLineEdit = userNameLineEdit - - userPasswordLabel = QtGui.QLabel(self.tr("&Password:")) - self.userPasswordLineEdit = QtGui.QLineEdit() - self.userPasswordLineEdit.setEchoMode( - QtGui.QLineEdit.Password) - userPasswordLabel.setBuddy(self.userPasswordLineEdit) - - self.registerField('login_userName*', self.userNameLineEdit) - self.registerField('login_userPassword*', self.userPasswordLineEdit) - - layout = QtGui.QGridLayout() - layout.setColumnMinimumWidth(0, 20) - - validationMsg = QtGui.QLabel("") - validationMsg.setStyleSheet(styles.ErrorLabelStyleSheet) - self.validationMsg = validationMsg - - layout.addWidget(validationMsg, 0, 3) - layout.addWidget(userNameLabel, 1, 0) - layout.addWidget(self.userNameLineEdit, 1, 3) - layout.addWidget(userPasswordLabel, 2, 0) - layout.addWidget(self.userPasswordLineEdit, 2, 3) - - # add validation frame - self.setupValidationFrame() - layout.addWidget(self.valFrame, 4, 2, 4, 2) - self.valFrame.hide() - - self.nextText(self.tr("Log in")) - self.setLayout(layout) - - #self.registerField('is_login_wizard') - - # actual checks - - def _do_checks(self): - - full_username = self.userNameLineEdit.text() - ########################### - # 0) check user@domain form - ########################### - - def checkusername(): - if full_username.count('@') != 1: - return self.fail( - self.tr( - "Username must be in the username@provider form.")) - else: - return True - - yield(("head_sentinel", 0), checkusername) - - username, domain = full_username.split('@') - password = self.userPasswordLineEdit.text() - - # We try a call to an authenticated - # page here as a mean to catch - # srp authentication errors while - wizard = self.wizard() - eipconfigchecker = wizard.eipconfigchecker(domain=domain) - - ######################## - # 1) try name resolution - ######################## - # show the frame before going on... - QtCore.QMetaObject.invokeMethod( - self, "showStepsFrame") - - # Able to contact domain? - # can get definition? - # two-by-one - def resolvedomain(): - try: - eipconfigchecker.fetch_definition(domain=domain) - - # we're using requests here for all - # the possible error cases that it catches. - except requests.exceptions.ConnectionError as exc: - return self.fail(exc.message[1]) - except requests.exceptions.HTTPError as exc: - return self.fail(exc.message) - except Exception as exc: - # XXX get catchall error msg - return self.fail( - exc.message) - else: - return True - - yield((self.tr("Resolving domain name"), 20), resolvedomain) - - wizard.set_providerconfig( - eipconfigchecker.defaultprovider.config) - - ######################## - # 2) do authentication - ######################## - credentials = username, password - pCertChecker = wizard.providercertchecker( - domain=domain) - - def validate_credentials(): - ################# - # FIXME #BUG #638 - verify = False - - try: - pCertChecker.download_new_client_cert( - credentials=credentials, - verify=verify) - - except auth.SRPAuthenticationError as exc: - return self.fail( - self.tr("Authentication error: %s" % exc.message)) - - except Exception as exc: - return self.fail(exc.message) - - else: - return True - - yield(('Validating credentials', 60), validate_credentials) - - self.set_done() - yield(("end_sentinel", 100), lambda: None) - - def green_validation_status(self): - val = self.validationMsg - val.setText(self.tr('Credentials validated.')) - val.setStyleSheet(styles.GreenLineEdit) - - def on_checks_validation_ready(self): - """ - after checks - """ - if self.is_done(): - self.disableFields() - self.cleanup_errormsg() - self.clean_wizard_errors(self.current_page) - # make the user confirm the transition - # to next page. - self.nextText('&Next') - self.nextFocus() - self.green_validation_status() - self.do_confirm_next = True - - # ui update - - def nextText(self, text): - self.setButtonText( - QtGui.QWizard.NextButton, text) - - def nextFocus(self): - self.wizard().button( - QtGui.QWizard.NextButton).setFocus() - - def disableNextButton(self): - self.wizard().button( - QtGui.QWizard.NextButton).setDisabled(True) - - def onUserNamePositionChanged(self, *args): - if self.initial_username_sample: - self.userNameLineEdit.setText('') - # XXX set regular color - self.initial_username_sample = None - - def onUserNameTextChanged(self, *args): - if self.initial_username_sample: - k = args[0][-1] - self.initial_username_sample = None - self.userNameLineEdit.setText(k) - - def disableFields(self): - for field in (self.userNameLineEdit, - self.userPasswordLineEdit): - field.setDisabled(True) - - def populateErrors(self): - # XXX could move this to ValidationMixin - # used in providerselect and register too - - errors = self.wizard().get_validation_error( - self.current_page) - showerr = self.validationMsg.setText - - if errors: - bad_str = getattr(self, 'bad_string', None) - cur_str = self.userNameLineEdit.text() - - if bad_str is None: - # first time we fall here. - # save the current bad_string value - self.bad_string = cur_str - showerr(errors) - else: - # not the first time - if cur_str == bad_str: - showerr(errors) - else: - self.focused_field = False - showerr('') - - def cleanup_errormsg(self): - """ - we reset bad_string to None - should be called before leaving the page - """ - self.bad_string = None - - def paintEvent(self, event): - """ - we hook our populate errors - on paintEvent because we need it to catch - when user enters the page coming from next, - and initializePage does not cover that case. - Maybe there's a better event to hook upon. - """ - super(LogInPage, self).paintEvent(event) - self.populateErrors() - - def set_prevalidation_error(self, error): - self.prevalidation_error = error - - # pagewizard methods - - def nextId(self): - wizard = self.wizard() - if not wizard: - return - if wizard.is_provider_setup is False: - next_ = 'providersetupvalidation' - if wizard.is_provider_setup is True: - # XXX bad name, ok, gonna change that - next_ = 'signupvalidation' - return wizard.get_page_index(next_) - - def initializePage(self): - super(LogInPage, self).initializePage() - username = self.userNameLineEdit - username.setText('username@provider.example.org') - username.cursorPositionChanged.connect( - self.onUserNamePositionChanged) - username.textChanged.connect( - self.onUserNameTextChanged) - self.initial_username_sample = True - self.validationMsg.setText('') - self.valFrame.hide() - - def reset_validation_status(self): - """ - empty the validation msg - and clean the inline validation widget. - """ - self.validationMsg.setText('') - self.steps.removeAllSteps() - self.clearTable() - - def validatePage(self): - """ - if not register done, do checks. - if done, wait for click. - """ - self.disableNextButton() - self.cleanup_errormsg() - self.clean_wizard_errors(self.current_page) - - if self.do_confirm_next: - full_username = self.userNameLineEdit.text() - password = self.userPasswordLineEdit.text() - username, domain = full_username.split('@') - self.setField('provider_domain', domain) - self.setField('login_userName', username) - self.setField('login_userPassword', password) - self.wizard().from_login = True - - return True - - if not self.is_done(): - self.reset_validation_status() - self.do_checks() - - return self.is_done() diff --git a/src/leap/gui/firstrun/mixins.py b/src/leap/gui/firstrun/mixins.py deleted file mode 100644 index c4731893..00000000 --- a/src/leap/gui/firstrun/mixins.py +++ /dev/null @@ -1,18 +0,0 @@ -""" -mixins used in First Run Wizard -""" - - -class UserFormMixIn(object): - - def reset_validation_status(self): - """ - empty the validation msg - """ - self.validationMsg.setText('') - - def set_validation_status(self, msg): - """ - set generic validation status - """ - self.validationMsg.setText(msg) diff --git a/src/leap/gui/firstrun/providerinfo.py b/src/leap/gui/firstrun/providerinfo.py deleted file mode 100644 index 3385e9e7..00000000 --- a/src/leap/gui/firstrun/providerinfo.py +++ /dev/null @@ -1,110 +0,0 @@ -""" -Provider Info Page, used in First run Wizard -""" -import logging - -from PyQt4 import QtGui - -from leap.gui.constants import APP_LOGO, APP_WATERMARK -from leap.util.translations import translate - -logger = logging.getLogger(__name__) - - -class ProviderInfoPage(QtGui.QWizardPage): - - def __init__(self, parent=None): - super(ProviderInfoPage, self).__init__(parent) - - self.setTitle(self.tr("Provider Information")) - self.setSubTitle(self.tr( - "Services offered by this provider")) - - self.setPixmap( - QtGui.QWizard.WatermarkPixmap, - QtGui.QPixmap(APP_WATERMARK)) - - self.setPixmap( - QtGui.QWizard.LogoPixmap, - QtGui.QPixmap(APP_LOGO)) - - self.create_info_panel() - - def create_info_panel(self): - # Use stacked widget instead - # of reparenting the layout. - - infoWidget = QtGui.QStackedWidget() - - info = QtGui.QWidget() - layout = QtGui.QVBoxLayout() - - displayName = QtGui.QLabel("") - description = QtGui.QLabel("") - enrollment_policy = QtGui.QLabel("") - - # XXX set stylesheet... - # prettify a little bit. - # bigger fonts and so on... - - # We could use a QFrame here - - layout.addWidget(displayName) - layout.addWidget(description) - layout.addWidget(enrollment_policy) - layout.addStretch(1) - - info.setLayout(layout) - infoWidget.addWidget(info) - - pageLayout = QtGui.QVBoxLayout() - pageLayout.addWidget(infoWidget) - self.setLayout(pageLayout) - - # add refs to self to allow for - # updates. - # Watch out! Have to get rid of these references! - # this should be better handled with signals !! - self.displayName = displayName - self.description = description - self.description.setWordWrap(True) - self.enrollment_policy = enrollment_policy - - def show_provider_info(self): - - # XXX get multilingual objects - # directly from the config object - - lang = "en" - pconfig = self.wizard().providerconfig - - dn = pconfig.get('name') - display_name = dn[lang] if dn else '' - domain_name = self.field('provider_domain') - - self.displayName.setText( - "<b>%s</b> https://%s" % (display_name, domain_name)) - - desc = pconfig.get('description') - - #description_text = desc[lang] if desc else '' - description_text = translate(desc) if desc else '' - - self.description.setText( - "<i>%s</i>" % description_text) - - # XXX should translate this... - enroll = pconfig.get('enrollment_policy') - if enroll: - self.enrollment_policy.setText( - '<b>%s</b>: <em>%s</em>' % ( - self.tr('enrollment policy'), - enroll)) - - def nextId(self): - wizard = self.wizard() - next_ = "providersetupvalidation" - return wizard.get_page_index(next_) - - def initializePage(self): - self.show_provider_info() diff --git a/src/leap/gui/firstrun/providerselect.py b/src/leap/gui/firstrun/providerselect.py deleted file mode 100644 index 36bb4510..00000000 --- a/src/leap/gui/firstrun/providerselect.py +++ /dev/null @@ -1,475 +0,0 @@ -""" -Select Provider Page, used in First Run Wizard -""" -import logging - -import requests - -from PyQt4 import QtCore -from PyQt4 import QtGui - -from leap.base import exceptions as baseexceptions -#from leap.crypto import certs -from leap.eip import exceptions as eipexceptions -from leap.gui.progress import InlineValidationPage -from leap.gui import styles -from leap.gui.utils import delay -from leap.util.web import get_https_domain_and_port - -from leap.gui.constants import APP_LOGO, APP_WATERMARK - -logger = logging.getLogger(__name__) - - -class SelectProviderPage(InlineValidationPage): - - launchChecks = QtCore.pyqtSignal() - - def __init__(self, parent=None, providers=None): - super(SelectProviderPage, self).__init__(parent) - self.current_page = 'providerselection' - - self.setTitle(self.tr("Enter Provider")) - self.setSubTitle(self.tr( - "Please enter the domain of the provider you want " - "to use for your connection") - ) - self.setPixmap( - QtGui.QWizard.WatermarkPixmap, - QtGui.QPixmap(APP_WATERMARK)) - - self.setPixmap( - QtGui.QWizard.LogoPixmap, - QtGui.QPixmap(APP_LOGO)) - - self.did_cert_check = False - - self.done = False - - self.setupSteps() - self.setupUI() - - self.launchChecks.connect( - self.launch_checks) - - self.providerNameEdit.editingFinished.connect( - lambda: self.providerCheckButton.setFocus(True)) - - def setupUI(self): - """ - initializes the UI - """ - providerNameLabel = QtGui.QLabel("h&ttps://") - # note that we expect the bare domain name - # we will add the scheme later - providerNameEdit = QtGui.QLineEdit() - providerNameEdit.cursorPositionChanged.connect( - self.reset_validation_status) - providerNameLabel.setBuddy(providerNameEdit) - - # add regex validator - providerDomainRe = QtCore.QRegExp(r"^[a-z1-9_\-\.]+$") - providerNameEdit.setValidator( - QtGui.QRegExpValidator(providerDomainRe, self)) - self.providerNameEdit = providerNameEdit - - # Eventually we will seed a list of - # well known providers here. - - #providercombo = QtGui.QComboBox() - #if providers: - #for provider in providers: - #providercombo.addItem(provider) - #providerNameSelect = providercombo - - self.registerField("provider_domain*", self.providerNameEdit) - #self.registerField('provider_name_index', providerNameSelect) - - validationMsg = QtGui.QLabel("") - validationMsg.setStyleSheet(styles.ErrorLabelStyleSheet) - self.validationMsg = validationMsg - providerCheckButton = QtGui.QPushButton(self.tr("chec&k!")) - self.providerCheckButton = providerCheckButton - - # cert info - - # this is used in the callback - # for the checkbox changes. - # tricky, since the first time came - # from the exception message. - # should get string from exception too! - self.bad_cert_status = self.tr( - "Server certificate could not be verified.") - - self.certInfo = QtGui.QLabel("") - self.certInfo.setWordWrap(True) - self.certWarning = QtGui.QLabel("") - self.trustProviderCertCheckBox = QtGui.QCheckBox( - self.tr("&Trust this provider certificate.")) - - self.trustProviderCertCheckBox.stateChanged.connect( - self.onTrustCheckChanged) - self.providerNameEdit.textChanged.connect( - self.onProviderChanged) - self.providerCheckButton.clicked.connect( - self.onCheckButtonClicked) - - layout = QtGui.QGridLayout() - layout.addWidget(validationMsg, 0, 2) - layout.addWidget(providerNameLabel, 1, 1) - layout.addWidget(providerNameEdit, 1, 2) - layout.addWidget(providerCheckButton, 1, 3) - - # add certinfo group - # XXX not shown now. should move to validation box. - #layout.addWidget(certinfoGroup, 4, 1, 4, 2) - #self.certinfoGroup = certinfoGroup - #self.certinfoGroup.hide() - - # add validation frame - self.setupValidationFrame() - layout.addWidget(self.valFrame, 4, 2, 4, 2) - self.valFrame.hide() - - self.setLayout(layout) - - # certinfo - - def setupCertInfoGroup(self): # pragma: no cover - # XXX not used now. - certinfoGroup = QtGui.QGroupBox( - self.tr("Certificate validation")) - certinfoLayout = QtGui.QVBoxLayout() - certinfoLayout.addWidget(self.certInfo) - certinfoLayout.addWidget(self.certWarning) - certinfoLayout.addWidget(self.trustProviderCertCheckBox) - certinfoGroup.setLayout(certinfoLayout) - self.certinfoGroup = self.certinfoGroup - - # progress frame - - def setupValidationFrame(self): - qframe = QtGui.QFrame - valFrame = qframe() - valFrame.setFrameStyle(qframe.NoFrame) - valframeLayout = QtGui.QVBoxLayout() - zeros = (0, 0, 0, 0) - valframeLayout.setContentsMargins(*zeros) - - valframeLayout.addWidget(self.stepsTableWidget) - valFrame.setLayout(valframeLayout) - self.valFrame = valFrame - - @QtCore.pyqtSlot() - def onDisableCheckButton(self): - #print 'CHECK BUTTON DISABLED!!!' - self.providerCheckButton.setDisabled(True) - - @QtCore.pyqtSlot() - def launch_checks(self): - self.do_checks() - - def onCheckButtonClicked(self): - QtCore.QMetaObject.invokeMethod( - self, "onDisableCheckButton") - - QtCore.QMetaObject.invokeMethod( - self, "showStepsFrame") - - delay(self, "launch_checks") - - def _do_checks(self): - """ - generator that yields actual checks - that are executed in a separate thread - """ - - wizard = self.wizard() - full_domain = self.providerNameEdit.text() - - # we check if we have a port in the domain string. - domain, port = get_https_domain_and_port(full_domain) - _domain = u"%s:%s" % (domain, port) if port != 443 else unicode(domain) - - netchecker = wizard.netchecker() - providercertchecker = wizard.providercertchecker() - eipconfigchecker = wizard.eipconfigchecker(domain=_domain) - - yield(("head_sentinel", 0), lambda: None) - - ######################## - # 1) try name resolution - ######################## - - def namecheck(): - """ - in which we check if - we are able to name resolve - this domain - """ - try: - #import ipdb;ipdb.set_trace() - netchecker.check_name_resolution( - domain) - - except baseexceptions.LeapException as exc: - logger.error(exc.message) - return self.fail(exc.usermessage) - - except Exception as exc: - return self.fail(exc.message) - - else: - return True - - logger.debug('checking name resolution') - yield((self.tr("Checking if it is a valid provider"), 20), namecheck) - - ######################### - # 2) try https connection - ######################### - - def httpscheck(): - """ - in which we check - if the provider - is offering service over - https - """ - try: - providercertchecker.is_https_working( - "https://%s" % _domain, - verify=True) - - except eipexceptions.HttpsBadCertError as exc: - logger.debug('exception') - return self.fail(exc.usermessage) - # XXX skipping for now... - ############################################## - # We had this validation logic - # in the provider selection page before - ############################################## - #if self.trustProviderCertCheckBox.isChecked(): - #pass - #else: - #fingerprint = certs.get_cert_fingerprint( - #domain=domain, sep=" ") - - # it's ok if we've trusted this fgprt before - #trustedcrts = wizard.trusted_certs - #if trustedcrts and \ - # fingerprint.replace(' ', '') in trustedcrts: - #pass - #else: - # let your user face panick :P - #self.add_cert_info(fingerprint) - #self.did_cert_check = True - #self.completeChanged.emit() - #return False - - except baseexceptions.LeapException as exc: - return self.fail(exc.usermessage) - - except Exception as exc: - return self.fail(exc.message) - - else: - return True - - logger.debug('checking https connection') - yield((self.tr("Checking for a secure connection"), 40), httpscheck) - - ################################## - # 3) try download provider info... - ################################## - - def fetchinfo(): - try: - # XXX we already set _domain in the initialization - # so it should not be needed here. - eipconfigchecker.fetch_definition(domain=_domain) - wizard.set_providerconfig( - eipconfigchecker.defaultprovider.config) - except requests.exceptions.SSLError: - return self.fail(self.tr( - "Could not get info from provider.")) - except requests.exceptions.ConnectionError: - return self.fail(self.tr( - "Could not download provider info " - "(refused conn.).")) - - except Exception as exc: - return self.fail( - self.tr(exc.message)) - else: - return True - - yield((self.tr("Getting info from the provider"), 80), fetchinfo) - - # done! - - self.done = True - yield(("end_sentinel", 100), lambda: None) - - def on_checks_validation_ready(self): - """ - called after _do_checks has finished. - """ - self.domain_checked = True - self.completeChanged.emit() - # let's set focus... - if self.is_done(): - self.wizard().clean_validation_error(self.current_page) - nextbutton = self.wizard().button(QtGui.QWizard.NextButton) - nextbutton.setFocus() - else: - self.providerNameEdit.setFocus() - - # cert trust verification - # (disabled for now) - - def is_insecure_cert_trusted(self): - return self.trustProviderCertCheckBox.isChecked() - - def onTrustCheckChanged(self, state): # pragma: no cover XXX - checked = False - if state == 2: - checked = True - - if checked: - self.reset_validation_status() - else: - self.set_validation_status(self.bad_cert_status) - - # trigger signal to redraw next button - self.completeChanged.emit() - - def add_cert_info(self, certinfo): # pragma: no cover XXX - self.certWarning.setText( - self.tr("Do you want to <b>trust this provider certificate?</b>")) - # XXX Check if this needs to abstracted to remove certinfo - self.certInfo.setText( - self.tr('SHA-256 fingerprint: <i>%s</i><br>' % certinfo)) - self.certInfo.setWordWrap(True) - self.certinfoGroup.show() - - def onProviderChanged(self, text): - self.done = False - provider = self.providerNameEdit.text() - if provider: - self.providerCheckButton.setDisabled(False) - else: - self.providerCheckButton.setDisabled(True) - self.completeChanged.emit() - - def reset_validation_status(self): - """ - empty the validation msg - and clean the inline validation widget. - """ - self.validationMsg.setText('') - self.steps.removeAllSteps() - self.clearTable() - self.domain_checked = False - - # pagewizard methods - - def isComplete(self): - provider = self.providerNameEdit.text() - - if not self.is_done(): - return False - - if not provider: - return False - else: - if self.is_insecure_cert_trusted(): - return True - if not self.did_cert_check: - if self.is_done(): - # XXX sure? - return True - return False - - def populateErrors(self): - # XXX could move this to ValidationMixin - # with some defaults for the validating fields - # (now it only allows one field, manually specified) - - #logger.debug('getting errors') - errors = self.wizard().get_validation_error( - self.current_page) - if errors: - bad_str = getattr(self, 'bad_string', None) - cur_str = self.providerNameEdit.text() - showerr = self.validationMsg.setText - markred = lambda: self.providerNameEdit.setStyleSheet( - styles.ErrorLineEdit) - umarkrd = lambda: self.providerNameEdit.setStyleSheet( - styles.RegularLineEdit) - if bad_str is None: - # first time we fall here. - # save the current bad_string value - self.bad_string = cur_str - showerr(errors) - markred() - else: - # not the first time - # XXX hey, this is getting convoluted. - # roll out this. - # but be careful about all the possibilities - # with going back and forth once you - # enter a domain. - if cur_str == bad_str: - showerr(errors) - markred() - else: - if not getattr(self, 'domain_checked', None): - showerr('') - umarkrd() - else: - self.bad_string = cur_str - showerr(errors) - - def cleanup_errormsg(self): - """ - we reset bad_string to None - should be called before leaving the page - """ - self.bad_string = None - self.domain_checked = False - - def paintEvent(self, event): - """ - we hook our populate errors - on paintEvent because we need it to catch - when user enters the page coming from next, - and initializePage does not cover that case. - Maybe there's a better event to hook upon. - """ - super(SelectProviderPage, self).paintEvent(event) - self.populateErrors() - - def initializePage(self): - self.validationMsg.setText('') - if hasattr(self, 'certinfoGroup'): - # XXX remove ? - self.certinfoGroup.hide() - self.done = False - self.providerCheckButton.setDisabled(True) - self.valFrame.hide() - self.steps.removeAllSteps() - self.clearTable() - - def validatePage(self): - # some cleanup before we leave the page - self.cleanup_errormsg() - - # go - return True - - def nextId(self): - wizard = self.wizard() - if not wizard: - return - return wizard.get_page_index('providerinfo') diff --git a/src/leap/gui/firstrun/providersetup.py b/src/leap/gui/firstrun/providersetup.py deleted file mode 100644 index 40a14048..00000000 --- a/src/leap/gui/firstrun/providersetup.py +++ /dev/null @@ -1,161 +0,0 @@ -""" -Provider Setup Validation Page, -used if First Run Wizard -""" -import logging - -import requests - -from PyQt4 import QtGui - -from leap.base import exceptions as baseexceptions -from leap.gui.progress import ValidationPage - -from leap.gui.constants import APP_LOGO, APP_WATERMARK - -logger = logging.getLogger(__name__) - - -class ProviderSetupValidationPage(ValidationPage): - def __init__(self, parent=None): - super(ProviderSetupValidationPage, self).__init__(parent) - self.current_page = "providersetupvalidation" - - # XXX needed anymore? - #is_signup = self.field("is_signup") - #self.is_signup = is_signup - - self.setTitle(self.tr("Provider setup")) - self.setSubTitle( - self.tr("Gathering configuration options for this provider")) - - self.setPixmap( - QtGui.QWizard.WatermarkPixmap, - QtGui.QPixmap(APP_WATERMARK)) - - self.setPixmap( - QtGui.QWizard.LogoPixmap, - QtGui.QPixmap(APP_LOGO)) - - def _do_checks(self): - """ - generator that yields actual checks - that are executed in a separate thread - """ - - full_domain = self.field('provider_domain') - wizard = self.wizard() - pconfig = wizard.providerconfig - - #pCertChecker = wizard.providercertchecker - #certchecker = pCertChecker(domain=full_domain) - pCertChecker = wizard.providercertchecker( - domain=full_domain) - - yield(("head_sentinel", 0), lambda: None) - - ######################## - # 1) fetch ca cert - ######################## - - def fetchcacert(): - if pconfig: - ca_cert_uri = pconfig.get('ca_cert_uri').geturl() - else: - ca_cert_uri = None - - # XXX check scheme == "https" - # XXX passing verify == False because - # we have trusted right before. - # We should check it's the same domain!!! - # (Check with the trusted fingerprints dict - # or something smart) - try: - pCertChecker.download_ca_cert( - uri=ca_cert_uri, - verify=False) - - except baseexceptions.LeapException as exc: - logger.error(exc.message) - # XXX this should be _ method - return self.fail(self.tr(exc.usermessage)) - - except Exception as exc: - return self.fail(exc.message) - - else: - return True - - yield((self.tr('Fetching CA certificate'), 30), - fetchcacert) - - ######################### - # 2) check CA fingerprint - ######################### - - def checkcafingerprint(): - # XXX get the real thing!!! - pass - #ca_cert_fingerprint = pconfig.get('ca_cert_fingerprint', None) - - # XXX get fingerprint dict (types) - #sha256_fpr = ca_cert_fingerprint.split('=')[1] - - #validate_fpr = pCertChecker.check_ca_cert_fingerprint( - #fingerprint=sha256_fpr) - #if not validate_fpr: - # XXX update validationMsg - # should catch exception - #return False - - yield((self.tr("Checking CA fingerprint"), 60), - checkcafingerprint) - - ######################### - # 2) check CA fingerprint - ######################### - - def validatecacert(): - api_uri = pconfig.get('api_uri', None) - try: - pCertChecker.verify_api_https(api_uri) - except requests.exceptions.SSLError as exc: - return self.fail("Validation Error") - except Exception as exc: - return self.fail(exc.message) - else: - return True - - yield((self.tr('Validating api certificate'), 90), validatecacert) - - self.set_done() - yield(('end_sentinel', 100), lambda: None) - - def on_checks_validation_ready(self): - """ - called after _do_checks has finished - (connected to checker thread finished signal) - """ - wizard = self.wizard() - prevpage = "login" if wizard.from_login else "providerselection" - - if self.errors: - logger.debug('going back with errors') - name, first_error = self.pop_first_error() - wizard.set_validation_error( - prevpage, - first_error) - - def nextId(self): - wizard = self.wizard() - from_login = wizard.from_login - if from_login: - next_ = 'connect' - else: - next_ = 'signup' - return wizard.get_page_index(next_) - - def initializePage(self): - super(ProviderSetupValidationPage, self).initializePage() - self.set_undone() - self.completeChanged.emit() diff --git a/src/leap/gui/firstrun/register.py b/src/leap/gui/firstrun/register.py deleted file mode 100644 index 2ae926d1..00000000 --- a/src/leap/gui/firstrun/register.py +++ /dev/null @@ -1,391 +0,0 @@ -""" -Register User Page, used in First Run Wizard -""" -import json -import logging -import socket - -import requests - -from PyQt4 import QtCore -from PyQt4 import QtGui - -from leap.gui.firstrun.mixins import UserFormMixIn - -logger = logging.getLogger(__name__) - -from leap.base import auth -from leap.gui import styles -from leap.gui.constants import APP_LOGO, APP_WATERMARK, BARE_USERNAME_REGEX -from leap.gui.progress import InlineValidationPage -from leap.gui.styles import ErrorLabelStyleSheet - - -class RegisterUserPage(InlineValidationPage, UserFormMixIn): - - def __init__(self, parent=None): - - super(RegisterUserPage, self).__init__(parent) - self.current_page = "signup" - - self.setTitle(self.tr("Sign Up")) - # subtitle is set in the initializePage - - self.setPixmap( - QtGui.QWizard.WatermarkPixmap, - QtGui.QPixmap(APP_WATERMARK)) - - self.setPixmap( - QtGui.QWizard.LogoPixmap, - QtGui.QPixmap(APP_LOGO)) - - # commit page means there's no way back after this... - # XXX should change the text on the "commit" button... - self.setCommitPage(True) - - self.setupSteps() - self.setupUI() - self.do_confirm_next = False - self.focused_field = False - - def setupUI(self): - userNameLabel = QtGui.QLabel(self.tr("User &name:")) - userNameLineEdit = QtGui.QLineEdit() - userNameLineEdit.cursorPositionChanged.connect( - self.reset_validation_status) - userNameLabel.setBuddy(userNameLineEdit) - - # let's add regex validator - usernameRe = QtCore.QRegExp(BARE_USERNAME_REGEX) - userNameLineEdit.setValidator( - QtGui.QRegExpValidator(usernameRe, self)) - self.userNameLineEdit = userNameLineEdit - - userPasswordLabel = QtGui.QLabel(self.tr("&Password:")) - self.userPasswordLineEdit = QtGui.QLineEdit() - self.userPasswordLineEdit.setEchoMode( - QtGui.QLineEdit.Password) - userPasswordLabel.setBuddy(self.userPasswordLineEdit) - - userPassword2Label = QtGui.QLabel(self.tr("Password (again):")) - self.userPassword2LineEdit = QtGui.QLineEdit() - self.userPassword2LineEdit.setEchoMode( - QtGui.QLineEdit.Password) - userPassword2Label.setBuddy(self.userPassword2LineEdit) - - rememberPasswordCheckBox = QtGui.QCheckBox( - self.tr("&Remember username and password.")) - rememberPasswordCheckBox.setChecked(True) - - self.registerField('userName*', self.userNameLineEdit) - self.registerField('userPassword*', self.userPasswordLineEdit) - self.registerField('userPassword2*', self.userPassword2LineEdit) - - # XXX missing password confirmation - # XXX validator! - - self.registerField('rememberPassword', rememberPasswordCheckBox) - - layout = QtGui.QGridLayout() - layout.setColumnMinimumWidth(0, 20) - - validationMsg = QtGui.QLabel("") - validationMsg.setStyleSheet(ErrorLabelStyleSheet) - - self.validationMsg = validationMsg - - layout.addWidget(validationMsg, 0, 3) - layout.addWidget(userNameLabel, 1, 0) - layout.addWidget(self.userNameLineEdit, 1, 3) - layout.addWidget(userPasswordLabel, 2, 0) - layout.addWidget(userPassword2Label, 3, 0) - layout.addWidget(self.userPasswordLineEdit, 2, 3) - layout.addWidget(self.userPassword2LineEdit, 3, 3) - layout.addWidget(rememberPasswordCheckBox, 4, 3, 4, 4) - - # add validation frame - self.setupValidationFrame() - layout.addWidget(self.valFrame, 5, 2, 5, 2) - self.valFrame.hide() - - self.setLayout(layout) - self.commitText("Sign up!") - - # commit button - - def commitText(self, text): - # change "commit" button text - self.setButtonText( - QtGui.QWizard.CommitButton, text) - - @property - def commitButton(self): - return self.wizard().button(QtGui.QWizard.CommitButton) - - def commitFocus(self): - self.commitButton.setFocus() - - def disableCommitButton(self): - self.commitButton.setDisabled(True) - - def disableFields(self): - for field in (self.userNameLineEdit, - self.userPasswordLineEdit, - self.userPassword2LineEdit): - field.setDisabled(True) - - # error painting - def paintEvent(self, event): - """ - we hook our populate errors - on paintEvent because we need it to catch - when user enters the page coming from next, - and initializePage does not cover that case. - Maybe there's a better event to hook upon. - """ - super(RegisterUserPage, self).paintEvent(event) - self.populateErrors() - - def markRedAndGetFocus(self, field): - field.setStyleSheet(styles.ErrorLineEdit) - if not self.focused_field: - self.focused_field = True - field.setFocus(QtCore.Qt.OtherFocusReason) - - def markRegular(self, field): - field.setStyleSheet(styles.RegularLineEdit) - - def populateErrors(self): - def showerr(text): - self.validationMsg.setText(text) - err_lower = text.lower() - if "username" in err_lower: - self.markRedAndGetFocus( - self.userNameLineEdit) - if "password" in err_lower: - self.markRedAndGetFocus( - self.userPasswordLineEdit) - - def unmarkred(): - for field in (self.userNameLineEdit, - self.userPasswordLineEdit, - self.userPassword2LineEdit): - self.markRegular(field) - - errors = self.wizard().get_validation_error( - self.current_page) - if errors: - bad_str = getattr(self, 'bad_string', None) - cur_str = self.userNameLineEdit.text() - #prev_er = getattr(self, 'prevalidation_error', None) - - if bad_str is None: - # first time we fall here. - # save the current bad_string value - self.bad_string = cur_str - showerr(errors) - else: - #if prev_er: - #showerr(prev_er) - #return - # not the first time - if cur_str == bad_str: - showerr(errors) - else: - self.focused_field = False - showerr('') - unmarkred() - else: - # no errors - self.focused_field = False - unmarkred() - - def cleanup_errormsg(self): - """ - we reset bad_string to None - should be called before leaving the page - """ - self.bad_string = None - - def green_validation_status(self): - val = self.validationMsg - val.setText(self.tr('Registration succeeded!')) - val.setStyleSheet(styles.GreenLineEdit) - - def reset_validation_status(self): - """ - empty the validation msg - and clean the inline validation widget. - """ - self.validationMsg.setText('') - self.steps.removeAllSteps() - self.clearTable() - - # actual checks - - def _do_checks(self): - """ - generator that yields actual checks - that are executed in a separate thread - """ - wizard = self.wizard() - - provider = self.field('provider_domain') - username = self.userNameLineEdit.text() - password = self.userPasswordLineEdit.text() - password2 = self.userPassword2LineEdit.text() - - pconfig = wizard.eipconfigchecker(domain=provider) - pconfig.defaultprovider.load() - pconfig.set_api_domain() - - def checkpass(): - # we better have here - # some call to a password checker... - # to assess strenght and avoid silly stuff. - - if password != password2: - return self.fail(self.tr('Password does not match..')) - - if len(password) < 6: - #self.set_prevalidation_error('Password too short.') - return self.fail(self.tr('Password too short.')) - - if password == "123456": - # joking, but not too much. - #self.set_prevalidation_error('Password too obvious.') - return self.fail(self.tr('Password too obvious.')) - - # go - return True - - yield(("head_sentinel", 0), checkpass) - - # XXX should emit signal for .show the frame! - # XXX HERE! - - ################################################## - # 1) register user - ################################################## - - # show the frame before going on... - QtCore.QMetaObject.invokeMethod( - self, "showStepsFrame") - - def register(): - - signup = auth.LeapSRPRegister( - schema="https", - provider=pconfig.apidomain, - verify=pconfig.cacert) - try: - ok, req = signup.register_user( - username, password) - - except socket.timeout: - return self.fail( - self.tr("Error connecting to provider (timeout)")) - - except requests.exceptions.ConnectionError as exc: - logger.error(exc.message) - return self.fail( - self.tr('Error Connecting to provider (connerr).')) - except Exception as exc: - return self.fail(exc.message) - - # XXX check for != OK instead??? - - if req.status_code in (404, 500): - return self.fail( - self.tr( - "Error during registration (%s)") % req.status_code) - - try: - validation_msgs = json.loads(req.content) - errors = validation_msgs.get('errors', None) - logger.debug('validation errors: %s' % validation_msgs) - except ValueError: - # probably bad json returned - return self.fail( - self.tr( - "Could not register (bad response)")) - - if errors and errors.get('login', None): - # XXX this sometimes catch the blank username - # but we're not allowing that (soon) - return self.fail( - self.tr('Username not available.')) - - return True - - logger.debug('registering user') - yield(("Registering username", 40), register) - - self.set_done() - yield(("end_sentinel", 100), lambda: None) - - def on_checks_validation_ready(self): - """ - after checks - """ - if self.is_done(): - self.disableFields() - self.cleanup_errormsg() - self.clean_wizard_errors(self.current_page) - # make the user confirm the transition - # to next page. - self.commitText('Connect!') - self.commitFocus() - self.green_validation_status() - self.do_confirm_next = True - - # pagewizard methods - - def validatePage(self): - """ - if not register done, do checks. - if done, wait for click. - """ - self.disableCommitButton() - self.cleanup_errormsg() - self.clean_wizard_errors(self.current_page) - - # After a successful validation - # (ie, success register with server) - # we change the commit button text - # and set this flag to True. - if self.do_confirm_next: - return True - - if not self.is_done(): - # calls checks, which after successful - # execution will call on_checks_validation_ready - self.reset_validation_status() - self.do_checks() - - return self.is_done() - - def initializePage(self): - """ - inits wizard page - """ - provider = unicode(self.field('provider_domain')) - if provider: - # here we should have provider - # but in tests we might not. - - # XXX this error causes a segfault on free() - # that we might want to get fixed ... - #self.setSubTitle( - #self.tr("Register a new user with provider %s.") % - #provider) - self.setSubTitle( - self.tr("Register a new user with provider <em>%s</em>" % - provider)) - self.validationMsg.setText('') - self.userPassword2LineEdit.setText('') - self.valFrame.hide() - - def nextId(self): - wizard = self.wizard() - return wizard.get_page_index('connect') diff --git a/src/leap/gui/firstrun/tests/integration/fake_provider.py b/src/leap/gui/firstrun/tests/integration/fake_provider.py deleted file mode 100755 index 668db5d1..00000000 --- a/src/leap/gui/firstrun/tests/integration/fake_provider.py +++ /dev/null @@ -1,302 +0,0 @@ -#!/usr/bin/env python -"""A server faking some of the provider resources and apis, -used for testing Leap Client requests - -It needs that you create a subfolder named 'certs', -and that you place the following files: - -[ ] certs/leaptestscert.pem -[ ] certs/leaptestskey.pem -[ ] certs/cacert.pem -[ ] certs/openvpn.pem - -[ ] provider.json -[ ] eip-service.json -""" -# XXX NOTE: intended for manual debug. -# I intend to include this as a regular test after 0.2.0 release -# (so we can add twisted as a dep there) -import binascii -import json -import os -import sys - -# python SRP LIB (! important MUST be >=1.0.1 !) -import srp - -# GnuTLS Example -- is not working as expected -#from gnutls import crypto -#from gnutls.constants import COMP_LZO, COMP_DEFLATE, COMP_NULL -#from gnutls.interfaces.twisted import X509Credentials - -# Going with OpenSSL as a workaround instead -# But we DO NOT want to introduce this dependency. -from OpenSSL import SSL - -from zope.interface import Interface, Attribute, implements - -from twisted.web.server import Site -from twisted.web.static import File -from twisted.web.resource import Resource -from twisted.internet import reactor - -from leap.testing.https_server import where - -# See -# http://twistedmatrix.com/documents/current/web/howto/web-in-60/index.htmln -# for more examples - -""" -Testing the FAKE_API: -##################### - - 1) register an user - >> curl -d "user[login]=me" -d "user[password_salt]=foo" \ - -d "user[password_verifier]=beef" http://localhost:8000/1/users.json - << {"errors": null} - - 2) check that if you try to register again, it will fail: - >> curl -d "user[login]=me" -d "user[password_salt]=foo" \ - -d "user[password_verifier]=beef" http://localhost:8000/1/users.json - << {"errors": {"login": "already taken!"}} - -""" - -# Globals to mock user/sessiondb - -USERDB = {} -SESSIONDB = {} - - -safe_unhexlify = lambda x: binascii.unhexlify(x) \ - if (len(x) % 2 == 0) else binascii.unhexlify('0' + x) - - -class IUser(Interface): - login = Attribute("User login.") - salt = Attribute("Password salt.") - verifier = Attribute("Password verifier.") - session = Attribute("Session.") - svr = Attribute("Server verifier.") - - -class User(object): - implements(IUser) - - def __init__(self, login, salt, verifier): - self.login = login - self.salt = salt - self.verifier = verifier - self.session = None - - def set_server_verifier(self, svr): - self.svr = svr - - def set_session(self, session): - SESSIONDB[session] = self - self.session = session - - -class FakeUsers(Resource): - def __init__(self, name): - self.name = name - - def render_POST(self, request): - args = request.args - - login = args['user[login]'][0] - salt = args['user[password_salt]'][0] - verifier = args['user[password_verifier]'][0] - - if login in USERDB: - return "%s\n" % json.dumps( - {'errors': {'login': 'already taken!'}}) - - print login, verifier, salt - user = User(login, salt, verifier) - USERDB[login] = user - return json.dumps({'errors': None}) - - -def get_user(request): - login = request.args.get('login') - if login: - user = USERDB.get(login[0], None) - if user: - return user - - session = request.getSession() - user = SESSIONDB.get(session, None) - return user - - -class FakeSession(Resource): - def __init__(self, name): - self.name = name - - def render_GET(self, request): - return "%s\n" % json.dumps({'errors': None}) - - def render_POST(self, request): - - user = get_user(request) - - if not user: - # XXX get real error from demo provider - return json.dumps({'errors': 'no such user'}) - - A = request.args['A'][0] - - _A = safe_unhexlify(A) - _salt = safe_unhexlify(user.salt) - _verifier = safe_unhexlify(user.verifier) - - svr = srp.Verifier( - user.login, - _salt, - _verifier, - _A, - hash_alg=srp.SHA256, - ng_type=srp.NG_1024) - - s, B = svr.get_challenge() - - _B = binascii.hexlify(B) - - print 'login = %s' % user.login - print 'salt = %s' % user.salt - print 'len(_salt) = %s' % len(_salt) - print 'vkey = %s' % user.verifier - print 'len(vkey) = %s' % len(_verifier) - print 's = %s' % binascii.hexlify(s) - print 'B = %s' % _B - print 'len(B) = %s' % len(_B) - - session = request.getSession() - user.set_session(session) - user.set_server_verifier(svr) - - # yep, this is tricky. - # some things are *already* unhexlified. - data = { - 'salt': user.salt, - 'B': _B, - 'errors': None} - - return json.dumps(data) - - def render_PUT(self, request): - - # XXX check session??? - user = get_user(request) - - if not user: - print 'NO USER' - return json.dumps({'errors': 'no such user'}) - - data = request.content.read() - auth = data.split("client_auth=") - M = auth[1] if len(auth) > 1 else None - # if not H, return - if not M: - return json.dumps({'errors': 'no M proof passed by client'}) - - svr = user.svr - HAMK = svr.verify_session(binascii.unhexlify(M)) - if HAMK is None: - print 'verification failed!!!' - raise Exception("Authentication failed!") - #import ipdb;ipdb.set_trace() - - assert svr.authenticated() - print "***" - print 'server authenticated user SRP!' - print "***" - - return json.dumps( - {'M2': binascii.hexlify(HAMK), 'errors': None}) - - -class API_Sessions(Resource): - def getChild(self, name, request): - return FakeSession(name) - - -def get_certs_path(): - script_path = os.path.realpath(os.path.dirname(sys.argv[0])) - certs_path = os.path.join(script_path, 'certs') - return certs_path - - -def get_TLS_credentials(): - # XXX this is giving errors - # XXX REview! We want to use gnutls! - - cert = crypto.X509Certificate( - open(where('leaptestscert.pem')).read()) - key = crypto.X509PrivateKey( - open(where('leaptestskey.pem')).read()) - ca = crypto.X509Certificate( - open(where('cacert.pem')).read()) - #crl = crypto.X509CRL(open(certs_path + '/crl.pem').read()) - #cred = crypto.X509Credentials(cert, key, [ca], [crl]) - cred = X509Credentials(cert, key, [ca]) - cred.verify_peer = True - cred.session_params.compressions = (COMP_LZO, COMP_DEFLATE, COMP_NULL) - return cred - - -class OpenSSLServerContextFactory: - # XXX workaround for broken TLS interface - # from gnuTLS. - - def getContext(self): - """Create an SSL context. - This is a sample implementation that loads a certificate from a file - called 'server.pem'.""" - - ctx = SSL.Context(SSL.SSLv23_METHOD) - #certs_path = get_certs_path() - #ctx.use_certificate_file(certs_path + '/leaptestscert.pem') - #ctx.use_privatekey_file(certs_path + '/leaptestskey.pem') - ctx.use_certificate_file(where('leaptestscert.pem')) - ctx.use_privatekey_file(where('leaptestskey.pem')) - return ctx - - -def serve_fake_provider(): - root = Resource() - root.putChild("provider.json", File("./provider.json")) - config = Resource() - config.putChild( - "eip-service.json", - File("./eip-service.json")) - apiv1 = Resource() - apiv1.putChild("config", config) - apiv1.putChild("sessions.json", API_Sessions()) - apiv1.putChild("users.json", FakeUsers(None)) - apiv1.putChild("cert", File(get_certs_path() + '/openvpn.pem')) - root.putChild("1", apiv1) - - cred = get_TLS_credentials() - - factory = Site(root) - - # regular http (for debugging with curl) - reactor.listenTCP(8000, factory) - - # TLS with gnutls --- seems broken :( - #reactor.listenTLS(8003, factory, cred) - - # OpenSSL - reactor.listenSSL(8443, factory, OpenSSLServerContextFactory()) - - reactor.run() - - -if __name__ == "__main__": - - from twisted.python import log - log.startLogging(sys.stdout) - - serve_fake_provider() diff --git a/src/leap/gui/firstrun/wizard.py b/src/leap/gui/firstrun/wizard.py deleted file mode 100755 index f198dca0..00000000 --- a/src/leap/gui/firstrun/wizard.py +++ /dev/null @@ -1,309 +0,0 @@ -#!/usr/bin/env python -import logging - -import sip -try: - sip.setapi('QString', 2) - sip.setapi('QVariant', 2) -except ValueError: - pass - -from PyQt4 import QtCore -from PyQt4 import QtGui - -from leap.base import checks as basechecks -from leap.crypto import leapkeyring -from leap.eip import checks as eipchecks - -from leap.gui import firstrun - -from leap.gui import mainwindow_rc - -try: - from collections import OrderedDict -except ImportError: - # We must be in 2.6 - from leap.util.dicts import OrderedDict - -logger = logging.getLogger(__name__) - -""" -~~~~~~~~~~~~~~~~~~~~~~~~~~ -Work in progress! -~~~~~~~~~~~~~~~~~~~~~~~~~~ -This wizard still needs to be refactored out. - -TODO-ish: - -[X] Break file in wizard / pages files (and its own folder). -[ ] Separate presentation from logic. -[ ] Have a "manager" class for connections, that can be - dep-injected for testing. -[ ] Document signals used / expected. -[ ] Separate style from widgets. -[ ] Fix TOFU Widget for provider cert. -[X] Refactor widgets out. -[ ] Follow more MVC style. -[ ] Maybe separate "first run wizard" into different wizards - that share some of the pages? -""" - - -def get_pages_dict(): - return OrderedDict(( - ('intro', firstrun.intro.IntroPage), - ('providerselection', - firstrun.providerselect.SelectProviderPage), - ('login', firstrun.login.LogInPage), - ('providerinfo', firstrun.providerinfo.ProviderInfoPage), - ('providersetupvalidation', - firstrun.providersetup.ProviderSetupValidationPage), - ('signup', firstrun.register.RegisterUserPage), - ('connect', - firstrun.connect.ConnectionPage), - ('lastpage', firstrun.last.LastPage) - )) - - -class FirstRunWizard(QtGui.QWizard): - - def __init__( - self, - conductor_instance, - parent=None, - pages_dict=None, - username=None, - providers=None, - success_cb=None, is_provider_setup=False, - trusted_certs=None, - netchecker=basechecks.LeapNetworkChecker, - providercertchecker=eipchecks.ProviderCertChecker, - eipconfigchecker=eipchecks.EIPConfigChecker, - start_eipconnection_signal=None, - eip_statuschange_signal=None, - debug_server=None, - quitcallback=None): - super(FirstRunWizard, self).__init__( - parent, - QtCore.Qt.WindowStaysOnTopHint) - - # we keep a reference to the conductor - # to be able to launch eip checks and connection - # in the connection page, before the wizard has ended. - self.conductor = conductor_instance - - self.username = username - self.providers = providers - - # success callback - self.success_cb = success_cb - - # is provider setup? - self.is_provider_setup = is_provider_setup - - # a dict with trusted fingerprints - # in the form {'nospacesfingerprint': ['host1', 'host2']} - self.trusted_certs = trusted_certs - - # Checkers - self.netchecker = netchecker - self.providercertchecker = providercertchecker - self.eipconfigchecker = eipconfigchecker - - # debug server - self.debug_server = debug_server - - # Signals - # will be emitted in connecting page - self.start_eipconnection_signal = start_eipconnection_signal - self.eip_statuschange_signal = eip_statuschange_signal - - if quitcallback is not None: - self.button( - QtGui.QWizard.CancelButton).clicked.connect( - quitcallback) - - self.providerconfig = None - # previously registered - # if True, jumps to LogIn page. - # by setting 1st page?? - #self.is_previously_registered = is_previously_registered - # XXX ??? ^v - self.is_previously_registered = bool(self.username) - self.from_login = False - - pages_dict = pages_dict or get_pages_dict() - self.add_pages_from_dict(pages_dict) - - self.validation_errors = {} - self.openvpn_status = [] - - self.setPixmap( - QtGui.QWizard.BannerPixmap, - QtGui.QPixmap(':/images/banner.png')) - self.setPixmap( - QtGui.QWizard.BackgroundPixmap, - QtGui.QPixmap(':/images/background.png')) - - # set options - self.setOption(QtGui.QWizard.IndependentPages, on=False) - self.setOption(QtGui.QWizard.NoBackButtonOnStartPage, on=True) - - self.setWindowTitle("First Run Wizard") - - # TODO: set style for MAC / windows ... - #self.setWizardStyle() - - # - # setup pages in wizard - # - - def add_pages_from_dict(self, pages_dict): - """ - @param pages_dict: the dictionary with pages, where - values are a tuple of InstanceofWizardPage, kwargs. - @type pages_dict: dict - """ - for name, page in pages_dict.items(): - # XXX check for is_previously registered - # and skip adding the signup branch if so - self.addPage(page()) - self.pages_dict = pages_dict - - def get_page_index(self, page_name): - """ - returns the index of the given page - @param page_name: the name of the desired page - @type page_name: str - @rparam: index of page in wizard - @rtype: int - """ - return self.pages_dict.keys().index(page_name) - - # - # validation errors - # - - def set_validation_error(self, pagename, error): - self.validation_errors[pagename] = error - - def clean_validation_error(self, pagename): - vald = self.validation_errors - if pagename in vald: - del vald[pagename] - - def get_validation_error(self, pagename): - return self.validation_errors.get(pagename, None) - - def accept(self): - """ - final step in the wizard. - gather the info, update settings - and call the success callback if any has been passed. - """ - super(FirstRunWizard, self).accept() - - # username and password are in different fields - # if they were stored in log_in or sign_up pages. - from_login = self.from_login - unamek_base = 'userName' - passwk_base = 'userPassword' - unamek = 'login_%s' % unamek_base if from_login else unamek_base - passwk = 'login_%s' % passwk_base if from_login else passwk_base - - username = self.field(unamek) - password = self.field(passwk) - provider = self.field('provider_domain') - remember_pass = self.field('rememberPassword') - - logger.debug('chosen provider: %s', provider) - logger.debug('username: %s', username) - logger.debug('remember password: %s', remember_pass) - - # we are assuming here that we only remember one username - # in the form username@provider.domain - # We probably could extend this to support some form of - # profiles. - - settings = QtCore.QSettings() - - settings.setValue("FirstRunWizardDone", True) - settings.setValue("provider_domain", provider) - full_username = "%s@%s" % (username, provider) - - settings.setValue("remember_user_and_pass", remember_pass) - - if remember_pass: - settings.setValue("username", full_username) - seed = self.get_random_str(10) - settings.setValue("%s_seed" % provider, seed) - - # XXX #744: comment out for 0.2.0 release - # if we need to have a version of python-keyring < 0.9 - leapkeyring.leap_set_password( - full_username, password, seed=seed) - - logger.debug('First Run Wizard Done.') - cb = self.success_cb - if cb and callable(cb): - self.success_cb() - - # misc helpers - - def get_random_str(self, n): - """ - returns a random string - :param n: the length of the desired string - :rvalue: str - """ - from string import (ascii_uppercase, ascii_lowercase, digits) - from random import choice - return ''.join(choice( - ascii_uppercase + - ascii_lowercase + - digits) for x in range(n)) - - def set_providerconfig(self, providerconfig): - """ - sets a providerconfig attribute - used when we fetch and parse a json configuration - """ - self.providerconfig = providerconfig - - def get_provider_by_index(self): # pragma: no cover - """ - returns the value of a provider given its index. - this was used in the select provider page, - in the case where we were preseeding providers in a combobox - """ - # Leaving it here for the moment when we go back at the - # option of preseeding with known provider values. - provider = self.field('provider_index') - return self.providers[provider] - - -if __name__ == '__main__': - # standalone test - # it can be (somehow) run against - # gui/tests/integration/fake_user_signup.py - - import sys - import logging - logging.basicConfig() - logger = logging.getLogger() - logger.setLevel(logging.DEBUG) - - app = QtGui.QApplication(sys.argv) - server = sys.argv[1] if len(sys.argv) > 1 else None - - trusted_certs = { - "3DF83F316BFA0186" - "0A11A5C9C7FC24B9" - "18C62B941192CC1A" - "49AE62218B2A4B7C": ['springbok']} - - wizard = FirstRunWizard( - None, trusted_certs=trusted_certs, - debug_server=server) - wizard.show() - sys.exit(app.exec_()) diff --git a/src/leap/gui/locale_rc.py b/src/leap/gui/locale_rc.py deleted file mode 100644 index 8c383709..00000000 --- a/src/leap/gui/locale_rc.py +++ /dev/null @@ -1,813 +0,0 @@ -# -*- coding: utf-8 -*- - -# Resource object code -# -# Created: Fri Jan 25 18:19:04 2013 -# by: The Resource Compiler for PyQt (Qt v4.8.2) -# -# WARNING! All changes made in this file will be lost! - -from PyQt4 import QtCore - -qt_resource_data = "\ -\x00\x00\x17\x94\ -\x3c\ -\xb8\x64\x18\xca\xef\x9c\x95\xcd\x21\x1c\xbf\x60\xa1\xbd\xdd\x42\ -\x00\x00\x01\x30\x00\x8f\x9b\xbe\x00\x00\x14\x69\x01\x23\x92\xe5\ -\x00\x00\x10\x2f\x01\x87\x64\x8e\x00\x00\x08\xbe\x01\xa8\xbe\x7e\ -\x00\x00\x0d\xf4\x02\x2c\xac\xe9\x00\x00\x0b\x9c\x02\x3a\xce\xbf\ -\x00\x00\x15\xe2\x02\x6e\x0f\xe5\x00\x00\x09\x2d\x02\x87\x60\x9e\ -\x00\x00\x06\xc6\x02\xaa\x52\x6e\x00\x00\x07\xc9\x02\xf2\xe0\x59\ -\x00\x00\x0a\x6c\x03\xec\x70\x0e\x00\x00\x10\x9c\x04\xd4\x45\xee\ -\x00\x00\x0d\x3c\x05\xb7\x8f\x59\x00\x00\x0c\x35\x06\x3e\x6a\x9e\ -\x00\x00\x06\x01\x06\x40\xa8\x7e\x00\x00\x0b\x02\x06\xee\xff\x6e\ -\x00\x00\x13\x50\x08\x13\xe8\xae\x00\x00\x0c\xc2\x08\x7a\x64\xee\ -\x00\x00\x11\x8b\x08\xe6\x98\x33\x00\x00\x05\x93\x08\xe6\x98\x33\ -\x00\x00\x0f\xb0\x09\x5c\x35\xe1\x00\x00\x0e\x96\x09\x74\x75\x4e\ -\x00\x00\x0d\x9c\x09\x98\x34\x0e\x00\x00\x12\x55\x09\xd8\x1f\x95\ -\x00\x00\x15\x19\x09\xfc\x2c\x8e\x00\x00\x05\x19\x09\xfe\x05\x90\ -\x00\x00\x0f\x06\x0a\x74\xb8\x1e\x00\x00\x00\xe6\x0a\xfd\x99\xfe\ -\x00\x00\x00\x6d\x0b\xd2\x4b\x3f\x00\x00\x07\x7d\x0c\x44\x41\xbe\ -\x00\x00\x00\x00\x0c\xc0\x94\x05\x00\x00\x09\xf2\x0d\x0d\x9d\xc5\ -\x00\x00\x06\x5f\x0d\x15\x34\x70\x00\x00\x09\x98\x0e\x36\x15\x54\ -\x00\x00\x08\x47\x0e\x7e\xf5\xee\x00\x00\x0f\x42\x0e\x91\x50\x3e\ -\x00\x00\x15\x76\x0e\xc0\xbb\x72\x00\x00\x12\xfb\x0f\x27\x0d\x6e\ -\x00\x00\x11\x22\x69\x00\x00\x16\x43\x03\x00\x00\x00\x3e\x00\x41\ -\x00\x73\x00\x73\x00\x69\x00\x73\x00\x74\x00\x65\x00\x6e\x00\x74\ -\x00\x20\x00\x66\x00\xfc\x00\x72\x00\x20\x00\x65\x00\x72\x00\x73\ -\x00\x74\x00\x6d\x00\x61\x00\x6c\x00\x69\x00\x67\x00\x65\x00\x6e\ -\x00\x20\x00\x53\x00\x74\x00\x61\x00\x72\x00\x74\x08\x00\x00\x00\ -\x00\x06\x00\x00\x00\x11\x46\x69\x72\x73\x74\x20\x72\x75\x6e\x20\ -\x77\x69\x7a\x61\x72\x64\x2e\x07\x00\x00\x00\x09\x49\x6e\x74\x72\ -\x6f\x50\x61\x67\x65\x01\x03\x00\x00\x00\x40\x00\x4d\x00\x69\x00\ -\x74\x00\x20\x00\x62\x00\x65\x00\x73\x00\x74\x00\x65\x00\x68\x00\ -\x65\x00\x6e\x00\x64\x00\x65\x00\x6e\x00\x20\x00\x44\x00\x61\x00\ -\x74\x00\x65\x00\x6e\x00\x20\x00\x65\x00\x69\x00\x6e\x00\x6c\x00\ -\x6f\x00\x67\x00\x67\x00\x65\x00\x6e\x00\x2e\x08\x00\x00\x00\x00\ -\x06\x00\x00\x00\x1b\x4c\x6f\x67\x20\x49\x6e\x20\x77\x69\x74\x68\ -\x20\x6d\x79\x20\x63\x72\x65\x64\x65\x6e\x74\x69\x61\x6c\x73\x2e\ -\x07\x00\x00\x00\x09\x49\x6e\x74\x72\x6f\x50\x61\x67\x65\x01\x03\ -\x00\x00\x02\xb8\x00\x57\x00\x69\x00\x72\x00\x20\x00\x77\x00\x65\ -\x00\x72\x00\x64\x00\x65\x00\x6e\x00\x20\x00\x64\x00\x69\x00\x63\ -\x00\x68\x00\x20\x00\x6e\x00\x75\x00\x6e\x00\x20\x00\x64\x00\x75\ -\x00\x72\x00\x63\x00\x68\x00\x20\x00\x65\x00\x69\x00\x6e\x00\x69\ -\x00\x67\x00\x65\x00\x20\x00\x4b\x00\x6f\x00\x6e\x00\x66\x00\x69\ -\x00\x67\x00\x75\x00\x72\x00\x61\x00\x74\x00\x69\x00\x6f\x00\x6e\ -\x00\x65\x00\x6e\x00\x20\x00\x66\x00\xfc\x00\x68\x00\x72\x00\x65\ -\x00\x6e\x00\x2c\x00\x20\x00\x64\x00\x69\x00\x65\x00\x20\x00\x64\ -\x00\x75\x00\x20\x00\x66\x00\xfc\x00\x72\x00\x20\x00\x64\x00\x65\ -\x00\x6e\x00\x20\x00\x65\x00\x72\x00\x73\x00\x74\x00\x65\x00\x6e\ -\x00\x20\x00\x53\x00\x74\x00\x61\x00\x72\x00\x74\x00\x20\x00\x62\ -\x00\x65\x00\x6e\x00\xf6\x00\x74\x00\x69\x00\x67\x00\x73\x00\x74\ -\x00\x2e\x00\x3c\x00\x62\x00\x72\x00\x3e\x00\x3c\x00\x62\x00\x72\ -\x00\x3e\x00\x57\x00\x65\x00\x6e\x00\x6e\x00\x20\x00\x64\x00\x75\ -\x00\x20\x00\x64\x00\x69\x00\x65\x00\x73\x00\x65\x00\x20\x00\x4b\ -\x00\x6f\x00\x6e\x00\x66\x00\x69\x00\x67\x00\x75\x00\x72\x00\x61\ -\x00\x74\x00\x69\x00\x6f\x00\x6e\x00\x65\x00\x6e\x00\x20\x00\x6a\ -\x00\x65\x00\x6d\x00\x61\x00\x6c\x00\x73\x00\x20\x00\xe4\x00\x6e\ -\x00\x64\x00\x65\x00\x72\x00\x6e\x00\x20\x00\x6d\x00\x75\x00\x73\ -\x00\x73\x00\x74\x00\x2c\x00\x20\x00\x66\x00\x69\x00\x6e\x00\x64\ -\x00\x65\x00\x73\x00\x74\x00\x20\x00\x64\x00\x75\x00\x20\x00\x64\ -\x00\x65\x00\x6e\x00\x20\x00\x41\x00\x73\x00\x73\x00\x69\x00\x73\ -\x00\x74\x00\x65\x00\x6e\x00\x74\x00\x65\x00\x6e\x00\x20\x00\x69\ -\x00\x6d\x00\x20\x00\x27\x00\x3c\x00\x69\x00\x3e\x00\x45\x00\x69\ -\x00\x6e\x00\x73\x00\x74\x00\x65\x00\x6c\x00\x6c\x00\x75\x00\x6e\ -\x00\x67\x00\x65\x00\x6e\x00\x3c\x00\x2f\x00\x69\x00\x3e\x00\x27\ -\x00\x2d\x00\x4d\x00\x65\x00\x6e\x00\xfc\x00\x20\x00\x64\x00\x65\ -\x00\x73\x00\x20\x00\x48\x00\x61\x00\x75\x00\x70\x00\x66\x00\x65\ -\x00\x6e\x00\x73\x00\x74\x00\x65\x00\x72\x00\x73\x00\x2e\x00\x3c\ -\x00\x62\x00\x72\x00\x3e\x00\x3c\x00\x62\x00\x72\x00\x3e\x00\x4d\ -\x00\xf6\x00\x63\x00\x68\x00\x74\x00\x65\x00\x73\x00\x74\x00\x20\ -\x00\x64\x00\x75\x00\x20\x00\x64\x00\x69\x00\x63\x00\x68\x00\x20\ -\x00\x66\x00\xfc\x00\x72\x00\x20\x00\x65\x00\x69\x00\x6e\x00\x65\ -\x00\x6e\x00\x20\x00\x6e\x00\x65\x00\x75\x00\x65\x00\x6e\x00\x20\ -\x00\x41\x00\x63\x00\x63\x00\x6f\x00\x75\x00\x6e\x00\x74\x00\x20\ -\x00\x3c\x00\x62\x00\x3e\x00\x61\x00\x6e\x00\x6d\x00\x65\x00\x6c\ -\x00\x64\x00\x65\x00\x6e\x00\x3c\x00\x2f\x00\x62\x00\x3e\x00\x20\ -\x00\x6f\x00\x64\x00\x65\x00\x72\x00\x20\x00\x6d\x00\x69\x00\x74\ -\x00\x20\x00\x65\x00\x69\x00\x6e\x00\x65\x00\x6d\x00\x20\x00\x62\ -\x00\x65\x00\x73\x00\x74\x00\x65\x00\x68\x00\x65\x00\x6e\x00\x64\ -\x00\x65\x00\x6e\x00\x20\x00\x55\x00\x73\x00\x65\x00\x72\x00\x6e\ -\x00\x61\x00\x6d\x00\x65\x00\x6e\x00\x20\x00\x3c\x00\x62\x00\x3e\ -\x00\x65\x00\x69\x00\x6e\x00\x6c\x00\x6f\x00\x67\x00\x67\x00\x65\ -\x00\x6e\x00\x3c\x00\x2f\x00\x62\x00\x3e\x00\x3f\x08\x00\x00\x00\ -\x00\x06\x00\x00\x01\x5d\x4e\x6f\x77\x20\x77\x65\x20\x77\x69\x6c\ -\x6c\x20\x67\x75\x69\x64\x65\x20\x79\x6f\x75\x20\x74\x68\x72\x6f\ -\x75\x67\x68\x20\x73\x6f\x6d\x65\x20\x63\x6f\x6e\x66\x69\x67\x75\ -\x72\x61\x74\x69\x6f\x6e\x20\x74\x68\x61\x74\x20\x69\x73\x20\x6e\ -\x65\x65\x64\x65\x64\x20\x62\x65\x66\x6f\x72\x65\x20\x79\x6f\x75\ -\x20\x63\x61\x6e\x20\x63\x6f\x6e\x6e\x65\x63\x74\x20\x66\x6f\x72\ -\x20\x74\x68\x65\x20\x66\x69\x72\x73\x74\x20\x74\x69\x6d\x65\x2e\ -\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x49\x66\x20\x79\x6f\x75\x20\x65\ -\x76\x65\x72\x20\x6e\x65\x65\x64\x20\x74\x6f\x20\x6d\x6f\x64\x69\ -\x66\x79\x20\x74\x68\x65\x73\x65\x20\x6f\x70\x74\x69\x6f\x6e\x73\ -\x20\x61\x67\x61\x69\x6e\x2c\x20\x79\x6f\x75\x20\x63\x61\x6e\x20\ -\x66\x69\x6e\x64\x20\x74\x68\x65\x20\x77\x69\x7a\x61\x72\x64\x20\ -\x69\x6e\x20\x74\x68\x65\x20\x27\x3c\x69\x3e\x53\x65\x74\x74\x69\ -\x6e\x67\x73\x3c\x2f\x69\x3e\x27\x20\x6d\x65\x6e\x75\x20\x66\x72\ -\x6f\x6d\x20\x74\x68\x65\x20\x6d\x61\x69\x6e\x20\x77\x69\x6e\x64\ -\x6f\x77\x2e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x44\x6f\x20\x79\x6f\ -\x75\x20\x77\x61\x6e\x74\x20\x74\x6f\x20\x3c\x62\x3e\x73\x69\x67\ -\x6e\x20\x75\x70\x3c\x2f\x62\x3e\x20\x66\x6f\x72\x20\x61\x20\x6e\ -\x65\x77\x20\x61\x63\x63\x6f\x75\x6e\x74\x2c\x20\x6f\x72\x20\x3c\ -\x62\x3e\x6c\x6f\x67\x20\x69\x6e\x3c\x2f\x62\x3e\x20\x77\x69\x74\ -\x68\x20\x61\x6e\x20\x61\x6c\x72\x65\x61\x64\x79\x20\x65\x78\x69\ -\x73\x74\x69\x6e\x67\x20\x75\x73\x65\x72\x6e\x61\x6d\x65\x3f\x3c\ -\x62\x72\x3e\x07\x00\x00\x00\x09\x49\x6e\x74\x72\x6f\x50\x61\x67\ -\x65\x01\x03\x00\x00\x00\x42\x00\x46\x00\xfc\x00\x72\x00\x20\x00\ -\x65\x00\x69\x00\x6e\x00\x65\x00\x6e\x00\x20\x00\x6e\x00\x65\x00\ -\x75\x00\x65\x00\x6e\x00\x20\x00\x41\x00\x63\x00\x63\x00\x6f\x00\ -\x75\x00\x6e\x00\x74\x00\x20\x00\x61\x00\x6e\x00\x6d\x00\x65\x00\ -\x6c\x00\x64\x00\x65\x00\x6e\x00\x2e\x08\x00\x00\x00\x00\x06\x00\ -\x00\x00\x1a\x53\x69\x67\x6e\x20\x75\x70\x20\x66\x6f\x72\x20\x61\ -\x20\x6e\x65\x77\x20\x61\x63\x63\x6f\x75\x6e\x74\x2e\x07\x00\x00\ -\x00\x09\x49\x6e\x74\x72\x6f\x50\x61\x67\x65\x01\x03\x00\x00\x00\ -\x38\x00\x41\x00\x75\x00\x74\x00\x68\x00\x65\x00\x6e\x00\x74\x00\ -\x69\x00\x66\x00\x69\x00\x7a\x00\x69\x00\x65\x00\x72\x00\x75\x00\ -\x6e\x00\x67\x00\x73\x00\x66\x00\x65\x00\x68\x00\x6c\x00\x65\x00\ -\x72\x00\x3a\x00\x20\x00\x25\x00\x73\x08\x00\x00\x00\x00\x06\x00\ -\x00\x00\x18\x41\x75\x74\x68\x65\x6e\x74\x69\x63\x61\x74\x69\x6f\ -\x6e\x20\x65\x72\x72\x6f\x72\x3a\x20\x25\x73\x07\x00\x00\x00\x09\ -\x4c\x6f\x67\x49\x6e\x50\x61\x67\x65\x01\x03\x00\x00\x00\x2a\x00\ -\x41\x00\x6e\x00\x6d\x00\x65\x00\x6c\x00\x64\x00\x65\x00\x64\x00\ -\x61\x00\x74\x00\x65\x00\x6e\x00\x20\x00\x6b\x00\x6f\x00\x72\x00\ -\x72\x00\x65\x00\x6b\x00\x74\x00\x2e\x08\x00\x00\x00\x00\x06\x00\ -\x00\x00\x16\x43\x72\x65\x64\x65\x6e\x74\x69\x61\x6c\x73\x20\x76\ -\x61\x6c\x69\x64\x61\x74\x65\x64\x2e\x07\x00\x00\x00\x09\x4c\x6f\ -\x67\x49\x6e\x50\x61\x67\x65\x01\x03\x00\x00\x00\x34\x00\x41\x00\ -\x75\x00\x66\x00\x6c\x00\xf6\x00\x73\x00\x65\x00\x6e\x00\x20\x00\ -\x64\x00\x65\x00\x73\x00\x20\x00\x44\x00\x6f\x00\x6d\x00\x61\x00\ -\x69\x00\x6e\x00\x2d\x00\x4e\x00\x61\x00\x6d\x00\x65\x00\x6e\x00\ -\x73\x08\x00\x00\x00\x00\x06\x00\x00\x00\x15\x52\x65\x73\x6f\x6c\ -\x76\x69\x6e\x67\x20\x64\x6f\x6d\x61\x69\x6e\x20\x6e\x61\x6d\x65\ -\x07\x00\x00\x00\x09\x4c\x6f\x67\x49\x6e\x50\x61\x67\x65\x01\x03\ -\x00\x00\x00\x6a\x00\x44\x00\x65\x00\x72\x00\x20\x00\x55\x00\x73\ -\x00\x65\x00\x72\x00\x6e\x00\x61\x00\x6d\x00\x65\x00\x20\x00\x6d\ -\x00\x75\x00\x73\x00\x73\x00\x20\x00\x69\x00\x6e\x00\x20\x00\x64\ -\x00\x65\x00\x72\x00\x20\x00\x46\x00\x6f\x00\x72\x00\x6d\x00\x20\ -\x00\x75\x00\x73\x00\x65\x00\x72\x00\x6e\x00\x61\x00\x6d\x00\x65\ -\x00\x40\x00\x70\x00\x72\x00\x6f\x00\x76\x00\x69\x00\x64\x00\x65\ -\x00\x72\x00\x20\x00\x73\x00\x65\x00\x69\x00\x6e\x00\x2e\x08\x00\ -\x00\x00\x00\x06\x00\x00\x00\x2f\x55\x73\x65\x72\x6e\x61\x6d\x65\ -\x20\x6d\x75\x73\x74\x20\x62\x65\x20\x69\x6e\x20\x74\x68\x65\x20\ -\x75\x73\x65\x72\x6e\x61\x6d\x65\x40\x70\x72\x6f\x76\x69\x64\x65\ -\x72\x20\x66\x6f\x72\x6d\x2e\x07\x00\x00\x00\x09\x4c\x6f\x67\x49\ -\x6e\x50\x61\x67\x65\x01\x03\x00\x00\x00\x1a\x00\x50\x00\x72\x00\ -\x6f\x00\x76\x00\x69\x00\x64\x00\x65\x00\x72\x00\x2d\x00\x69\x00\ -\x6e\x00\x66\x00\x6f\x08\x00\x00\x00\x00\x06\x00\x00\x00\x0d\x50\ -\x72\x6f\x76\x69\x64\x65\x72\x20\x49\x6e\x66\x6f\x07\x00\x00\x00\ -\x10\x50\x72\x6f\x76\x69\x64\x65\x72\x49\x6e\x66\x6f\x50\x61\x67\ -\x65\x01\x03\x00\x00\x00\x3e\x00\x44\x00\x61\x00\x73\x00\x20\x00\ -\x69\x00\x73\x00\x74\x00\x2c\x00\x20\x00\x77\x00\x61\x00\x73\x00\ -\x20\x00\x64\x00\x65\x00\x72\x00\x20\x00\x50\x00\x72\x00\x6f\x00\ -\x76\x00\x69\x00\x64\x00\x65\x00\x72\x00\x20\x00\x73\x00\x61\x00\ -\x67\x00\x74\x00\x2e\x08\x00\x00\x00\x00\x06\x00\x00\x00\x1b\x54\ -\x68\x69\x73\x20\x69\x73\x20\x77\x68\x61\x74\x20\x70\x72\x6f\x76\ -\x69\x64\x65\x72\x20\x73\x61\x79\x73\x2e\x07\x00\x00\x00\x10\x50\ -\x72\x6f\x76\x69\x64\x65\x72\x49\x6e\x66\x6f\x50\x61\x67\x65\x01\ -\x03\x00\x00\x00\x30\x00\xdc\x00\x62\x00\x65\x00\x72\x00\x70\x00\ -\x72\x00\xfc\x00\x66\x00\x65\x00\x20\x00\x43\x00\x41\x00\x2d\x00\ -\x46\x00\x69\x00\x6e\x00\x67\x00\x65\x00\x72\x00\x70\x00\x72\x00\ -\x69\x00\x6e\x00\x74\x08\x00\x00\x00\x00\x06\x00\x00\x00\x17\x43\ -\x68\x65\x63\x6b\x69\x6e\x67\x20\x43\x41\x20\x66\x69\x6e\x67\x65\ -\x72\x70\x72\x69\x6e\x74\x07\x00\x00\x00\x1b\x50\x72\x6f\x76\x69\ -\x64\x65\x72\x53\x65\x74\x75\x70\x56\x61\x6c\x69\x64\x61\x74\x69\ -\x6f\x6e\x50\x61\x67\x65\x01\x03\x00\x00\x00\x2e\x00\x46\x00\xfc\ -\x00\x68\x00\x72\x00\x65\x00\x20\x00\x61\x00\x75\x00\x74\x00\x6f\ -\x00\x63\x00\x6f\x00\x6e\x00\x66\x00\x69\x00\x67\x00\x20\x00\x64\ -\x00\x75\x00\x72\x00\x63\x00\x68\x00\x2e\x08\x00\x00\x00\x00\x06\ -\x00\x00\x00\x11\x44\x6f\x69\x6e\x67\x20\x61\x75\x74\x6f\x63\x6f\ -\x6e\x66\x69\x67\x2e\x07\x00\x00\x00\x1b\x50\x72\x6f\x76\x69\x64\ -\x65\x72\x53\x65\x74\x75\x70\x56\x61\x6c\x69\x64\x61\x74\x69\x6f\ -\x6e\x50\x61\x67\x65\x01\x03\x00\x00\x00\x24\x00\x48\x00\x6f\x00\ -\x6c\x00\x65\x00\x20\x00\x43\x00\x41\x00\x2d\x00\x5a\x00\x65\x00\ -\x72\x00\x74\x00\x69\x00\x66\x00\x69\x00\x6b\x00\x61\x00\x74\x08\ -\x00\x00\x00\x00\x06\x00\x00\x00\x17\x46\x65\x74\x63\x68\x69\x6e\ -\x67\x20\x43\x41\x20\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\ -\x07\x00\x00\x00\x1b\x50\x72\x6f\x76\x69\x64\x65\x72\x53\x65\x74\ -\x75\x70\x56\x61\x6c\x69\x64\x61\x74\x69\x6f\x6e\x50\x61\x67\x65\ -\x01\x03\x00\x00\x00\x1c\x00\x50\x00\x72\x00\x6f\x00\x76\x00\x69\ -\x00\x64\x00\x65\x00\x72\x00\x2d\x00\x53\x00\x65\x00\x74\x00\x75\ -\x00\x70\x08\x00\x00\x00\x00\x06\x00\x00\x00\x0e\x50\x72\x6f\x76\ -\x69\x64\x65\x72\x20\x73\x65\x74\x75\x70\x07\x00\x00\x00\x1b\x50\ -\x72\x6f\x76\x69\x64\x65\x72\x53\x65\x74\x75\x70\x56\x61\x6c\x69\ -\x64\x61\x74\x69\x6f\x6e\x50\x61\x67\x65\x01\x03\x00\x00\x00\x30\ -\x00\xdc\x00\x62\x00\x65\x00\x72\x00\x70\x00\x72\x00\xfc\x00\x66\ -\x00\x65\x00\x20\x00\x41\x00\x50\x00\x49\x00\x2d\x00\x5a\x00\x65\ -\x00\x72\x00\x74\x00\x69\x00\x66\x00\x69\x00\x6b\x00\x61\x00\x74\ -\x08\x00\x00\x00\x00\x06\x00\x00\x00\x1a\x56\x61\x6c\x69\x64\x61\ -\x74\x69\x6e\x67\x20\x61\x70\x69\x20\x63\x65\x72\x74\x69\x66\x69\ -\x63\x61\x74\x65\x07\x00\x00\x00\x1b\x50\x72\x6f\x76\x69\x64\x65\ -\x72\x53\x65\x74\x75\x70\x56\x61\x6c\x69\x64\x61\x74\x69\x6f\x6e\ -\x50\x61\x67\x65\x01\x03\x00\x00\x00\x50\x00\x4b\x00\x6f\x00\x6e\ -\x00\x6e\x00\x74\x00\x65\x00\x20\x00\x6e\x00\x69\x00\x63\x00\x68\ -\x00\x74\x00\x20\x00\x72\x00\x65\x00\x67\x00\x69\x00\x73\x00\x74\ -\x00\x72\x00\x69\x00\x65\x00\x72\x00\x65\x00\x6e\x00\x20\x00\x28\ -\x00\x62\x00\x61\x00\x64\x00\x20\x00\x72\x00\x65\x00\x73\x00\x70\ -\x00\x6f\x00\x6e\x00\x73\x00\x65\x00\x29\x08\x00\x00\x00\x00\x06\ -\x00\x00\x00\x21\x43\x6f\x75\x6c\x64\x20\x6e\x6f\x74\x20\x72\x65\ -\x67\x69\x73\x74\x65\x72\x20\x28\x62\x61\x64\x20\x72\x65\x73\x70\ -\x6f\x6e\x73\x65\x29\x07\x00\x00\x00\x10\x52\x65\x67\x69\x73\x74\ -\x65\x72\x55\x73\x65\x72\x50\x61\x67\x65\x01\x03\x00\x00\x00\x4e\ -\x00\x56\x00\x65\x00\x72\x00\x62\x00\x69\x00\x6e\x00\x64\x00\x75\ -\x00\x6e\x00\x67\x00\x73\x00\x66\x00\x65\x00\x68\x00\x6c\x00\x65\ -\x00\x72\x00\x20\x00\x7a\x00\x75\x00\x20\x00\x50\x00\x72\x00\x6f\ -\x00\x76\x00\x69\x00\x64\x00\x65\x00\x72\x00\x20\x00\x28\x00\x63\ -\x00\x6f\x00\x6e\x00\x6e\x00\x65\x00\x72\x00\x72\x00\x29\x08\x00\ -\x00\x00\x00\x06\x00\x00\x00\x27\x45\x72\x72\x6f\x72\x20\x43\x6f\ -\x6e\x6e\x65\x63\x74\x69\x6e\x67\x20\x74\x6f\x20\x70\x72\x6f\x76\ -\x69\x64\x65\x72\x20\x28\x63\x6f\x6e\x6e\x65\x72\x72\x29\x2e\x07\ -\x00\x00\x00\x10\x52\x65\x67\x69\x73\x74\x65\x72\x55\x73\x65\x72\ -\x50\x61\x67\x65\x01\x03\x00\x00\x00\x4e\x00\x56\x00\x65\x00\x72\ -\x00\x62\x00\x69\x00\x6e\x00\x64\x00\x75\x00\x6e\x00\x67\x00\x73\ -\x00\x66\x00\x65\x00\x68\x00\x6c\x00\x65\x00\x72\x00\x20\x00\x7a\ -\x00\x75\x00\x20\x00\x50\x00\x72\x00\x6f\x00\x76\x00\x69\x00\x64\ -\x00\x65\x00\x72\x00\x20\x00\x28\x00\x74\x00\x69\x00\x6d\x00\x65\ -\x00\x6f\x00\x75\x00\x74\x00\x29\x08\x00\x00\x00\x00\x06\x00\x00\ -\x00\x26\x45\x72\x72\x6f\x72\x20\x63\x6f\x6e\x6e\x65\x63\x74\x69\ -\x6e\x67\x20\x74\x6f\x20\x70\x72\x6f\x76\x69\x64\x65\x72\x20\x28\ -\x74\x69\x6d\x65\x6f\x75\x74\x29\x07\x00\x00\x00\x10\x52\x65\x67\ -\x69\x73\x74\x65\x72\x55\x73\x65\x72\x50\x61\x67\x65\x01\x03\x00\ -\x00\x00\x4a\x00\x46\x00\x65\x00\x68\x00\x6c\x00\x65\x00\x72\x00\ -\x20\x00\x77\x00\xe4\x00\x68\x00\x72\x00\x65\x00\x6e\x00\x64\x00\ -\x20\x00\x64\x00\x65\x00\x72\x00\x20\x00\x52\x00\x65\x00\x67\x00\ -\x69\x00\x73\x00\x74\x00\x72\x00\x69\x00\x65\x00\x72\x00\x75\x00\ -\x6e\x00\x67\x00\x20\x00\x28\x00\x25\x00\x73\x00\x29\x08\x00\x00\ -\x00\x00\x06\x00\x00\x00\x1e\x45\x72\x72\x6f\x72\x20\x64\x75\x72\ -\x69\x6e\x67\x20\x72\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\ -\x20\x28\x25\x73\x29\x07\x00\x00\x00\x10\x52\x65\x67\x69\x73\x74\ -\x65\x72\x55\x73\x65\x72\x50\x61\x67\x65\x01\x03\x00\x00\x00\x3c\ -\x00\x50\x00\x61\x00\x73\x00\x73\x00\x77\x00\x6f\x00\x72\x00\x74\ -\x00\x20\x00\x73\x00\x74\x00\x69\x00\x6d\x00\x6d\x00\x74\x00\x20\ -\x00\x6e\x00\x69\x00\x63\x00\x68\x00\x74\x00\x20\x00\xfc\x00\x62\ -\x00\x65\x00\x72\x00\x69\x00\x65\x00\x6e\x00\x2e\x08\x00\x00\x00\ -\x00\x06\x00\x00\x00\x19\x50\x61\x73\x73\x77\x6f\x72\x64\x20\x64\ -\x6f\x65\x73\x20\x6e\x6f\x74\x20\x6d\x61\x74\x63\x68\x2e\x2e\x07\ -\x00\x00\x00\x10\x52\x65\x67\x69\x73\x74\x65\x72\x55\x73\x65\x72\ -\x50\x61\x67\x65\x01\x03\x00\x00\x00\x26\x00\x50\x00\x61\x00\x73\ -\x00\x73\x00\x77\x00\x6f\x00\x72\x00\x74\x00\x20\x00\x7a\x00\x75\ -\x00\x20\x00\x73\x00\x69\x00\x6d\x00\x70\x00\x65\x00\x6c\x00\x2e\ -\x08\x00\x00\x00\x00\x06\x00\x00\x00\x15\x50\x61\x73\x73\x77\x6f\ -\x72\x64\x20\x74\x6f\x6f\x20\x6f\x62\x76\x69\x6f\x75\x73\x2e\x07\ -\x00\x00\x00\x10\x52\x65\x67\x69\x73\x74\x65\x72\x55\x73\x65\x72\ -\x50\x61\x67\x65\x01\x03\x00\x00\x00\x20\x00\x50\x00\x61\x00\x73\ -\x00\x73\x00\x77\x00\x6f\x00\x72\x00\x74\x00\x20\x00\x7a\x00\x75\ -\x00\x20\x00\x6b\x00\x75\x00\x72\x00\x7a\x08\x00\x00\x00\x00\x06\ -\x00\x00\x00\x13\x50\x61\x73\x73\x77\x6f\x72\x64\x20\x74\x6f\x6f\ -\x20\x73\x68\x6f\x72\x74\x2e\x07\x00\x00\x00\x10\x52\x65\x67\x69\ -\x73\x74\x65\x72\x55\x73\x65\x72\x50\x61\x67\x65\x01\x03\x00\x00\ -\x00\x58\x00\x52\x00\x65\x00\x67\x00\x69\x00\x73\x00\x74\x00\x72\ -\x00\x69\x00\x65\x00\x72\x00\x65\x00\x20\x00\x65\x00\x69\x00\x6e\ -\x00\x65\x00\x6e\x00\x20\x00\x6e\x00\x65\x00\x75\x00\x65\x00\x6e\ -\x00\x20\x00\x55\x00\x73\x00\x65\x00\x72\x00\x20\x00\x62\x00\x65\ -\x00\x69\x00\x20\x00\x50\x00\x72\x00\x6f\x00\x76\x00\x69\x00\x64\ -\x00\x65\x00\x72\x00\x20\x00\x25\x00\x73\x08\x00\x00\x00\x00\x06\ -\x00\x00\x00\x25\x52\x65\x67\x69\x73\x74\x65\x72\x20\x61\x20\x6e\ -\x65\x77\x20\x75\x73\x65\x72\x20\x77\x69\x74\x68\x20\x70\x72\x6f\ -\x76\x69\x64\x65\x72\x20\x25\x73\x2e\x07\x00\x00\x00\x10\x52\x65\ -\x67\x69\x73\x74\x65\x72\x55\x73\x65\x72\x50\x61\x67\x65\x01\x03\ -\x00\x00\x00\x34\x00\x52\x00\x65\x00\x67\x00\x69\x00\x73\x00\x74\ -\x00\x72\x00\x69\x00\x65\x00\x72\x00\x75\x00\x6e\x00\x67\x00\x20\ -\x00\x65\x00\x72\x00\x66\x00\x6f\x00\x6c\x00\x67\x00\x72\x00\x65\ -\x00\x69\x00\x63\x00\x68\x00\x21\x08\x00\x00\x00\x00\x06\x00\x00\ -\x00\x17\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x20\x73\ -\x75\x63\x63\x65\x65\x64\x65\x64\x21\x07\x00\x00\x00\x10\x52\x65\ -\x67\x69\x73\x74\x65\x72\x55\x73\x65\x72\x50\x61\x67\x65\x01\x03\ -\x00\x00\x00\x10\x00\x41\x00\x6e\x00\x6d\x00\x65\x00\x6c\x00\x64\ -\x00\x65\x00\x6e\x08\x00\x00\x00\x00\x06\x00\x00\x00\x07\x53\x69\ -\x67\x6e\x20\x55\x70\x07\x00\x00\x00\x10\x52\x65\x67\x69\x73\x74\ -\x65\x72\x55\x73\x65\x72\x50\x61\x67\x65\x01\x03\x00\x00\x00\x32\ -\x00\x55\x00\x73\x00\x65\x00\x72\x00\x6e\x00\x61\x00\x6d\x00\x65\ -\x00\x20\x00\x6e\x00\x69\x00\x63\x00\x68\x00\x74\x00\x20\x00\x76\ -\x00\x65\x00\x72\x00\x66\x00\xfc\x00\x67\x00\x62\x00\x61\x00\x72\ -\x00\x2e\x08\x00\x00\x00\x00\x06\x00\x00\x00\x17\x55\x73\x65\x72\ -\x6e\x61\x6d\x65\x20\x6e\x6f\x74\x20\x61\x76\x61\x69\x6c\x61\x62\ -\x6c\x65\x2e\x07\x00\x00\x00\x10\x52\x65\x67\x69\x73\x74\x65\x72\ -\x55\x73\x65\x72\x50\x61\x67\x65\x01\x03\x00\x00\x00\x38\x00\x41\ -\x00\x75\x00\x74\x00\x68\x00\x65\x00\x6e\x00\x74\x00\x69\x00\x66\ -\x00\x69\x00\x7a\x00\x69\x00\x65\x00\x72\x00\x75\x00\x6e\x00\x67\ -\x00\x73\x00\x66\x00\x65\x00\x68\x00\x6c\x00\x65\x00\x72\x00\x3a\ -\x00\x20\x00\x25\x00\x73\x08\x00\x00\x00\x00\x06\x00\x00\x00\x18\ -\x41\x75\x74\x68\x65\x6e\x74\x69\x63\x61\x74\x69\x6f\x6e\x20\x65\ -\x72\x72\x6f\x72\x3a\x20\x25\x73\x07\x00\x00\x00\x1a\x52\x65\x67\ -\x69\x73\x74\x65\x72\x55\x73\x65\x72\x56\x61\x6c\x69\x64\x61\x74\ -\x69\x6f\x6e\x50\x61\x67\x65\x01\x03\x00\x00\x00\x26\x00\x48\x00\ -\x6f\x00\x6c\x00\x65\x00\x20\x00\x45\x00\x49\x00\x50\x00\x2d\x00\ -\x5a\x00\x65\x00\x72\x00\x74\x00\x69\x00\x66\x00\x69\x00\x6b\x00\ -\x61\x00\x74\x08\x00\x00\x00\x00\x06\x00\x00\x00\x18\x46\x65\x74\ -\x63\x68\x69\x6e\x67\x20\x65\x69\x70\x20\x63\x65\x72\x74\x69\x66\ -\x69\x63\x61\x74\x65\x07\x00\x00\x00\x1a\x52\x65\x67\x69\x73\x74\ -\x65\x72\x55\x73\x65\x72\x56\x61\x6c\x69\x64\x61\x74\x69\x6f\x6e\ -\x50\x61\x67\x65\x01\x03\x00\x00\x00\x3c\x00\x48\x00\x6f\x00\x6c\ -\x00\x65\x00\x20\x00\x50\x00\x72\x00\x6f\x00\x76\x00\x69\x00\x64\ -\x00\x65\x00\x72\x00\x2d\x00\x4b\x00\x6f\x00\x6e\x00\x66\x00\x69\ -\x00\x67\x00\x75\x00\x72\x00\x61\x00\x74\x00\x69\x00\x6f\x00\x6e\ -\x00\x2e\x00\x2e\x00\x2e\x08\x00\x00\x00\x00\x06\x00\x00\x00\x1b\ -\x46\x65\x74\x63\x68\x69\x6e\x67\x20\x70\x72\x6f\x76\x69\x64\x65\ -\x72\x20\x63\x6f\x6e\x66\x69\x67\x2e\x2e\x2e\x07\x00\x00\x00\x1a\ -\x52\x65\x67\x69\x73\x74\x65\x72\x55\x73\x65\x72\x56\x61\x6c\x69\ -\x64\x61\x74\x69\x6f\x6e\x50\x61\x67\x65\x01\x03\x00\x00\x00\x2c\ -\x00\x5a\x00\x65\x00\x72\x00\x74\x00\x69\x00\x66\x00\x69\x00\x6b\ -\x00\x61\x00\x74\x00\x73\x00\xfc\x00\x62\x00\x65\x00\x72\x00\x70\ -\x00\x72\x00\xfc\x00\x66\x00\x75\x00\x6e\x00\x67\x08\x00\x00\x00\ -\x00\x06\x00\x00\x00\x16\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\ -\x65\x20\x76\x61\x6c\x69\x64\x61\x74\x69\x6f\x6e\x07\x00\x00\x00\ -\x12\x53\x65\x6c\x65\x63\x74\x50\x72\x6f\x76\x69\x64\x65\x72\x50\ -\x61\x67\x65\x01\x03\x00\x00\x00\x72\x00\x4b\x00\x6f\x00\x6e\x00\ -\x6e\x00\x74\x00\x65\x00\x20\x00\x50\x00\x72\x00\x6f\x00\x76\x00\ -\x69\x00\x64\x00\x65\x00\x72\x00\x2d\x00\x49\x00\x6e\x00\x66\x00\ -\x6f\x00\x20\x00\x6e\x00\x69\x00\x63\x00\x68\x00\x74\x00\x20\x00\ -\x68\x00\x65\x00\x72\x00\x75\x00\x6e\x00\x74\x00\x65\x00\x72\x00\ -\x6c\x00\x61\x00\x64\x00\x65\x00\x6e\x00\x20\x00\x28\x00\x72\x00\ -\x65\x00\x66\x00\x75\x00\x73\x00\x65\x00\x64\x00\x20\x00\x63\x00\ -\x6f\x00\x6e\x00\x6e\x00\x2e\x00\x29\x00\x2e\x08\x00\x00\x00\x00\ -\x06\x00\x00\x00\x31\x43\x6f\x75\x6c\x64\x20\x6e\x6f\x74\x20\x64\ -\x6f\x77\x6e\x6c\x6f\x61\x64\x20\x70\x72\x6f\x76\x69\x64\x65\x72\ -\x20\x69\x6e\x66\x6f\x20\x28\x72\x65\x66\x75\x73\x65\x64\x20\x63\ -\x6f\x6e\x6e\x2e\x29\x2e\x07\x00\x00\x00\x12\x53\x65\x6c\x65\x63\ -\x74\x50\x72\x6f\x76\x69\x64\x65\x72\x50\x61\x67\x65\x01\x03\x00\ -\x00\x00\x5e\x00\x4b\x00\x6f\x00\x6e\x00\x6e\x00\x74\x00\x65\x00\ -\x20\x00\x6b\x00\x65\x00\x69\x00\x6e\x00\x65\x00\x20\x00\x49\x00\ -\x6e\x00\x66\x00\x6f\x00\x72\x00\x6d\x00\x61\x00\x74\x00\x69\x00\ -\x6f\x00\x6e\x00\x20\x00\x76\x00\x6f\x00\x6d\x00\x20\x00\x50\x00\ -\x72\x00\x6f\x00\x76\x00\x69\x00\x64\x00\x65\x00\x72\x00\x20\x00\ -\x62\x00\x65\x00\x6b\x00\x6f\x00\x6d\x00\x6d\x00\x65\x00\x6e\x00\ -\x2e\x08\x00\x00\x00\x00\x06\x00\x00\x00\x21\x43\x6f\x75\x6c\x64\ -\x20\x6e\x6f\x74\x20\x67\x65\x74\x20\x69\x6e\x66\x6f\x20\x66\x72\ -\x6f\x6d\x20\x70\x72\x6f\x76\x69\x64\x65\x72\x2e\x07\x00\x00\x00\ -\x12\x53\x65\x6c\x65\x63\x74\x50\x72\x6f\x76\x69\x64\x65\x72\x50\ -\x61\x67\x65\x01\x03\x00\x00\x00\x20\x00\x47\x00\x69\x00\x62\x00\ -\x20\x00\x50\x00\x72\x00\x6f\x00\x76\x00\x69\x00\x64\x00\x65\x00\ -\x72\x00\x20\x00\x65\x00\x69\x00\x6e\x08\x00\x00\x00\x00\x06\x00\ -\x00\x00\x0e\x45\x6e\x74\x65\x72\x20\x50\x72\x6f\x76\x69\x64\x65\ -\x72\x07\x00\x00\x00\x12\x53\x65\x6c\x65\x63\x74\x50\x72\x6f\x76\ -\x69\x64\x65\x72\x50\x61\x67\x65\x01\x03\x00\x00\x00\xa6\x00\x42\ -\x00\x69\x00\x74\x00\x74\x00\x65\x00\x20\x00\x67\x00\x69\x00\x62\ -\x00\x20\x00\x64\x00\x69\x00\x65\x00\x20\x00\x44\x00\x6f\x00\x6d\ -\x00\x61\x00\x69\x00\x6e\x00\x20\x00\x64\x00\x65\x00\x73\x00\x20\ -\x00\x50\x00\x72\x00\x6f\x00\x76\x00\x69\x00\x64\x00\x65\x00\x72\ -\x00\x73\x00\x20\x00\x61\x00\x6e\x00\x2c\x00\x20\x00\x64\x00\x65\ -\x00\x6e\x00\x20\x00\x64\x00\x75\x00\x20\x00\x66\x00\xfc\x00\x72\ -\x00\x20\x00\x64\x00\x65\x00\x69\x00\x6e\x00\x65\x00\x20\x00\x56\ -\x00\x65\x00\x72\x00\x62\x00\x69\x00\x6e\x00\x64\x00\x75\x00\x6e\ -\x00\x67\x00\x20\x00\x6e\x00\x75\x00\x74\x00\x7a\x00\x65\x00\x6e\ -\x00\x20\x00\x6d\x00\xf6\x00\x63\x00\x68\x00\x74\x00\x65\x00\x73\ -\x00\x74\x00\x2e\x08\x00\x00\x00\x00\x06\x00\x00\x00\x4c\x50\x6c\ -\x65\x61\x73\x65\x20\x65\x6e\x74\x65\x72\x20\x74\x68\x65\x20\x64\ -\x6f\x6d\x61\x69\x6e\x20\x6f\x66\x20\x74\x68\x65\x20\x70\x72\x6f\ -\x76\x69\x64\x65\x72\x20\x79\x6f\x75\x20\x77\x61\x6e\x74\x20\x74\ -\x6f\x20\x75\x73\x65\x20\x66\x6f\x72\x20\x79\x6f\x75\x72\x20\x63\ -\x6f\x6e\x6e\x65\x63\x74\x69\x6f\x6e\x2e\x07\x00\x00\x00\x12\x53\ -\x65\x6c\x65\x63\x74\x50\x72\x6f\x76\x69\x64\x65\x72\x50\x61\x67\ -\x65\x01\x03\x00\x00\x00\x60\x00\x53\x00\x65\x00\x72\x00\x76\x00\ -\x65\x00\x72\x00\x2d\x00\x5a\x00\x65\x00\x72\x00\x74\x00\x69\x00\ -\x66\x00\x69\x00\x6b\x00\x61\x00\x74\x00\x20\x00\x6b\x00\x6f\x00\ -\x6e\x00\x6e\x00\x74\x00\x65\x00\x20\x00\x6e\x00\x69\x00\x63\x00\ -\x68\x00\x74\x00\x20\x00\x62\x00\x65\x00\x73\x00\x74\x00\xe4\x00\ -\x74\x00\x69\x00\x67\x00\x74\x00\x20\x00\x77\x00\x65\x00\x72\x00\ -\x64\x00\x65\x00\x6e\x00\x2e\x08\x00\x00\x00\x00\x06\x00\x00\x00\ -\x29\x53\x65\x72\x76\x65\x72\x20\x63\x65\x72\x74\x69\x66\x69\x63\ -\x61\x74\x65\x20\x63\x6f\x75\x6c\x64\x20\x6e\x6f\x74\x20\x62\x65\ -\x20\x76\x65\x72\x69\x66\x69\x65\x64\x2e\x07\x00\x00\x00\x12\x53\ -\x65\x6c\x65\x63\x74\x50\x72\x6f\x76\x69\x64\x65\x72\x50\x61\x67\ -\x65\x01\x03\x00\x00\x00\x22\x00\x50\x00\x72\x00\xfc\x00\x66\x00\ -\x65\x00\x20\x00\x44\x00\x6f\x00\x6d\x00\x61\x00\x69\x00\x6e\x00\ -\x2d\x00\x4e\x00\x61\x00\x6d\x00\x65\x08\x00\x00\x00\x00\x06\x00\ -\x00\x00\x14\x63\x68\x65\x63\x6b\x69\x6e\x67\x20\x64\x6f\x6d\x61\ -\x69\x6e\x20\x6e\x61\x6d\x65\x07\x00\x00\x00\x12\x53\x65\x6c\x65\ -\x63\x74\x50\x72\x6f\x76\x69\x64\x65\x72\x50\x61\x67\x65\x01\x03\ -\x00\x00\x00\x2c\x00\x50\x00\x72\x00\xfc\x00\x66\x00\x65\x00\x20\ -\x00\x48\x00\x54\x00\x54\x00\x50\x00\x53\x00\x2d\x00\x56\x00\x65\ -\x00\x72\x00\x62\x00\x69\x00\x6e\x00\x64\x00\x75\x00\x6e\x00\x67\ -\x08\x00\x00\x00\x00\x06\x00\x00\x00\x19\x63\x68\x65\x63\x6b\x69\ -\x6e\x67\x20\x68\x74\x74\x70\x73\x20\x63\x6f\x6e\x6e\x65\x63\x74\ -\x69\x6f\x6e\x07\x00\x00\x00\x12\x53\x65\x6c\x65\x63\x74\x50\x72\ -\x6f\x76\x69\x64\x65\x72\x50\x61\x67\x65\x01\x03\x00\x00\x00\x24\ -\x00\x48\x00\x6f\x00\x6c\x00\x65\x00\x20\x00\x50\x00\x72\x00\x6f\ -\x00\x76\x00\x69\x00\x64\x00\x65\x00\x72\x00\x2d\x00\x49\x00\x6e\ -\x00\x66\x00\x6f\x08\x00\x00\x00\x00\x06\x00\x00\x00\x16\x66\x65\ -\x74\x63\x68\x69\x6e\x67\x20\x70\x72\x6f\x76\x69\x64\x65\x72\x20\ -\x69\x6e\x66\x6f\x07\x00\x00\x00\x12\x53\x65\x6c\x65\x63\x74\x50\ -\x72\x6f\x76\x69\x64\x65\x72\x50\x61\x67\x65\x01\x88\x00\x00\x00\ -\x02\x01\x01\ -\x00\x00\x18\x32\ -\x3c\ -\xb8\x64\x18\xca\xef\x9c\x95\xcd\x21\x1c\xbf\x60\xa1\xbd\xdd\x42\ -\x00\x00\x01\x38\x00\x8f\x9b\xbe\x00\x00\x14\x83\x01\x23\x92\xe5\ -\x00\x00\x10\x3d\x01\x87\x64\x8e\x00\x00\x08\x7a\x01\xa8\xbe\x7e\ -\x00\x00\x0e\x02\x02\x2c\xac\xe9\x00\x00\x0b\x8a\x02\x3a\xce\xbf\ -\x00\x00\x16\x62\x02\x6e\x0f\xe5\x00\x00\x08\xdd\x02\x87\x60\x9e\ -\x00\x00\x06\x6e\x02\xaa\x52\x6e\x00\x00\x07\x6b\x02\xf2\xe0\x59\ -\x00\x00\x0a\x5e\x03\xec\x70\x0e\x00\x00\x10\xb8\x04\xd4\x45\xee\ -\x00\x00\x0d\x24\x05\xb7\x8f\x59\x00\x00\x0c\x27\x06\x3e\x6a\x9e\ -\x00\x00\x05\x9f\x06\x40\xa8\x7e\x00\x00\x0a\xea\x06\xee\xff\x6e\ -\x00\x00\x13\x74\x08\x13\xe8\xae\x00\x00\x0c\xa6\x08\x7a\x64\xee\ -\x00\x00\x11\xc5\x08\xe6\x98\x33\x00\x00\x05\x35\x08\xe6\x98\x33\ -\x00\x00\x0f\xc2\x09\x5c\x35\xe1\x00\x00\x0e\xaa\x09\x74\x75\x4e\ -\x00\x00\x0d\x94\x09\x98\x34\x0e\x00\x00\x12\x89\x09\xd8\x1f\x95\ -\x00\x00\x15\x79\x09\xeb\x5c\xb1\x00\x00\x15\x35\x09\xfc\x2c\x8e\ -\x00\x00\x04\xc7\x09\xfe\x05\x90\x00\x00\x0f\x16\x0a\x74\xb8\x1e\ -\x00\x00\x00\xd6\x0a\xfd\x99\xfe\x00\x00\x00\x51\x0b\xd2\x4b\x3f\ -\x00\x00\x07\x15\x0c\x44\x41\xbe\x00\x00\x00\x00\x0c\xc0\x94\x05\ -\x00\x00\x09\xd6\x0d\x0d\x9d\xc5\x00\x00\x06\x01\x0d\x15\x34\x70\ -\x00\x00\x09\x62\x0e\x36\x15\x54\x00\x00\x07\xed\x0e\x7e\xf5\xee\ -\x00\x00\x0f\x5a\x0e\x91\x50\x3e\x00\x00\x15\xee\x0e\xc0\xbb\x72\ -\x00\x00\x13\x1b\x0f\x27\x0d\x6e\x00\x00\x11\x54\x69\x00\x00\x16\ -\xd9\x03\x00\x00\x00\x22\x00\x50\x00\x72\x00\x69\x00\x6d\x00\x65\ -\x00\x72\x00\x61\x00\x20\x00\x43\x00\x6f\x00\x6e\x00\x65\x00\x78\ -\x00\x69\x00\x6f\x00\x6e\x00\x2e\x08\x00\x00\x00\x00\x06\x00\x00\ -\x00\x11\x46\x69\x72\x73\x74\x20\x72\x75\x6e\x20\x77\x69\x7a\x61\ -\x72\x64\x2e\x07\x00\x00\x00\x09\x49\x6e\x74\x72\x6f\x50\x61\x67\ -\x65\x01\x03\x00\x00\x00\x4c\x00\x4c\x00\x6f\x00\x67\x00\x75\x00\ -\x65\x00\x61\x00\x72\x00\x6d\x00\x65\x00\x20\x00\x63\x00\x6f\x00\ -\x6e\x00\x20\x00\x75\x00\x6e\x00\x20\x00\x75\x00\x73\x00\x75\x00\ -\x61\x00\x72\x00\x69\x00\x6f\x00\x20\x00\x71\x00\x75\x00\x65\x00\ -\x20\x00\x79\x00\x61\x00\x20\x00\x74\x00\x65\x00\x6e\x00\x67\x00\ -\x6f\x00\x2e\x08\x00\x00\x00\x00\x06\x00\x00\x00\x1b\x4c\x6f\x67\ -\x20\x49\x6e\x20\x77\x69\x74\x68\x20\x6d\x79\x20\x63\x72\x65\x64\ -\x65\x6e\x74\x69\x61\x6c\x73\x2e\x07\x00\x00\x00\x09\x49\x6e\x74\ -\x72\x6f\x50\x61\x67\x65\x01\x03\x00\x00\x02\x76\x00\x56\x00\x61\ -\x00\x6d\x00\x6f\x00\x73\x00\x20\x00\x61\x00\x20\x00\x63\x00\x6f\ -\x00\x6e\x00\x66\x00\x69\x00\x67\x00\x75\x00\x72\x00\x61\x00\x72\ -\x00\x20\x00\x61\x00\x6c\x00\x67\x00\x75\x00\x6e\x00\x61\x00\x73\ -\x00\x20\x00\x63\x00\x6f\x00\x73\x00\x61\x00\x73\x00\x20\x00\x61\ -\x00\x6e\x00\x74\x00\x65\x00\x73\x00\x20\x00\x64\x00\x65\x00\x20\ -\x00\x71\x00\x75\x00\x65\x00\x20\x00\x74\x00\x65\x00\x20\x00\x70\ -\x00\x75\x00\x65\x00\x64\x00\x61\x00\x73\x00\x20\x00\x63\x00\x6f\ -\x00\x6e\x00\x65\x00\x63\x00\x74\x00\x61\x00\x72\x00\x20\x00\x70\ -\x00\x6f\x00\x72\x00\x20\x00\x70\x00\x72\x00\x69\x00\x6d\x00\x65\ -\x00\x72\x00\x61\x00\x20\x00\x76\x00\x65\x00\x7a\x00\x2e\x00\x3c\ -\x00\x62\x00\x72\x00\x3e\x00\x3c\x00\x62\x00\x72\x00\x3e\x00\x53\ -\x00\x69\x00\x20\x00\x6e\x00\x65\x00\x63\x00\x65\x00\x73\x00\x69\ -\x00\x74\x00\x61\x00\x73\x00\x20\x00\x6d\x00\x6f\x00\x64\x00\x69\ -\x00\x66\x00\x69\x00\x63\x00\x61\x00\x72\x00\x20\x00\x65\x00\x73\ -\x00\x74\x00\x61\x00\x73\x00\x20\x00\x6f\x00\x70\x00\x63\x00\x69\ -\x00\x6f\x00\x6e\x00\x65\x00\x73\x00\x20\x00\x64\x00\x65\x00\x20\ -\x00\x6e\x00\x75\x00\x65\x00\x76\x00\x6f\x00\x2c\x00\x20\x00\x70\ -\x00\x75\x00\x65\x00\x64\x00\x65\x00\x73\x00\x20\x00\x65\x00\x6e\ -\x00\x63\x00\x6f\x00\x6e\x00\x74\x00\x72\x00\x61\x00\x72\x00\x20\ -\x00\x65\x00\x73\x00\x74\x00\x65\x00\x20\x00\x61\x00\x73\x00\x69\ -\x00\x73\x00\x74\x00\x65\x00\x6e\x00\x74\x00\x65\x00\x20\x00\x65\ -\x00\x6e\x00\x20\x00\x65\x00\x6c\x00\x20\x00\x6d\x00\x65\x00\x6e\ -\x00\x75\x00\x20\x00\x64\x00\x65\x00\x20\x00\x27\x00\x3c\x00\x69\ -\x00\x3e\x00\x4f\x00\x70\x00\x63\x00\x69\x00\x6f\x00\x6e\x00\x65\ -\x00\x73\x00\x3c\x00\x2f\x00\x69\x00\x3e\x00\x27\x00\x20\x00\x65\ -\x00\x6e\x00\x20\x00\x6c\x00\x61\x00\x20\x00\x76\x00\x65\x00\x6e\ -\x00\x74\x00\x61\x00\x6e\x00\x61\x00\x20\x00\x70\x00\x72\x00\x69\ -\x00\x6e\x00\x63\x00\x69\x00\x70\x00\x61\x00\x6c\x00\x2e\x00\x3c\ -\x00\x62\x00\x72\x00\x3e\x00\x3c\x00\x62\x00\x72\x00\x3e\x00\x51\ -\x00\x75\x00\x69\x00\x65\x00\x72\x00\x65\x00\x73\x00\x20\x00\x3c\ -\x00\x62\x00\x3e\x00\x72\x00\x65\x00\x67\x00\x69\x00\x73\x00\x74\ -\x00\x72\x00\x61\x00\x72\x00\x3c\x00\x2f\x00\x62\x00\x3e\x00\x20\ -\x00\x75\x00\x6e\x00\x61\x00\x20\x00\x6e\x00\x75\x00\x65\x00\x76\ -\x00\x61\x00\x20\x00\x63\x00\x75\x00\x65\x00\x6e\x00\x74\x00\x61\ -\x00\x2c\x00\x20\x00\x6f\x00\x20\x00\x3c\x00\x62\x00\x3e\x00\x6c\ -\x00\x6f\x00\x67\x00\x75\x00\x65\x00\x61\x00\x72\x00\x74\x00\x65\ -\x00\x3c\x00\x2f\x00\x62\x00\x3e\x00\x20\x00\x63\x00\x6f\x00\x6e\ -\x00\x20\x00\x74\x00\x75\x00\x20\x00\x75\x00\x73\x00\x75\x00\x61\ -\x00\x72\x00\x69\x00\x6f\x00\x3f\x00\x3c\x00\x62\x00\x72\x00\x3e\ -\x00\x20\x08\x00\x00\x00\x00\x06\x00\x00\x01\x5d\x4e\x6f\x77\x20\ -\x77\x65\x20\x77\x69\x6c\x6c\x20\x67\x75\x69\x64\x65\x20\x79\x6f\ -\x75\x20\x74\x68\x72\x6f\x75\x67\x68\x20\x73\x6f\x6d\x65\x20\x63\ -\x6f\x6e\x66\x69\x67\x75\x72\x61\x74\x69\x6f\x6e\x20\x74\x68\x61\ -\x74\x20\x69\x73\x20\x6e\x65\x65\x64\x65\x64\x20\x62\x65\x66\x6f\ -\x72\x65\x20\x79\x6f\x75\x20\x63\x61\x6e\x20\x63\x6f\x6e\x6e\x65\ -\x63\x74\x20\x66\x6f\x72\x20\x74\x68\x65\x20\x66\x69\x72\x73\x74\ -\x20\x74\x69\x6d\x65\x2e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x49\x66\ -\x20\x79\x6f\x75\x20\x65\x76\x65\x72\x20\x6e\x65\x65\x64\x20\x74\ -\x6f\x20\x6d\x6f\x64\x69\x66\x79\x20\x74\x68\x65\x73\x65\x20\x6f\ -\x70\x74\x69\x6f\x6e\x73\x20\x61\x67\x61\x69\x6e\x2c\x20\x79\x6f\ -\x75\x20\x63\x61\x6e\x20\x66\x69\x6e\x64\x20\x74\x68\x65\x20\x77\ -\x69\x7a\x61\x72\x64\x20\x69\x6e\x20\x74\x68\x65\x20\x27\x3c\x69\ -\x3e\x53\x65\x74\x74\x69\x6e\x67\x73\x3c\x2f\x69\x3e\x27\x20\x6d\ -\x65\x6e\x75\x20\x66\x72\x6f\x6d\x20\x74\x68\x65\x20\x6d\x61\x69\ -\x6e\x20\x77\x69\x6e\x64\x6f\x77\x2e\x3c\x62\x72\x3e\x3c\x62\x72\ -\x3e\x44\x6f\x20\x79\x6f\x75\x20\x77\x61\x6e\x74\x20\x74\x6f\x20\ -\x3c\x62\x3e\x73\x69\x67\x6e\x20\x75\x70\x3c\x2f\x62\x3e\x20\x66\ -\x6f\x72\x20\x61\x20\x6e\x65\x77\x20\x61\x63\x63\x6f\x75\x6e\x74\ -\x2c\x20\x6f\x72\x20\x3c\x62\x3e\x6c\x6f\x67\x20\x69\x6e\x3c\x2f\ -\x62\x3e\x20\x77\x69\x74\x68\x20\x61\x6e\x20\x61\x6c\x72\x65\x61\ -\x64\x79\x20\x65\x78\x69\x73\x74\x69\x6e\x67\x20\x75\x73\x65\x72\ -\x6e\x61\x6d\x65\x3f\x3c\x62\x72\x3e\x07\x00\x00\x00\x09\x49\x6e\ -\x74\x72\x6f\x50\x61\x67\x65\x01\x03\x00\x00\x00\x36\x00\x52\x00\ -\x65\x00\x67\x00\x69\x00\x73\x00\x74\x00\x72\x00\x61\x00\x72\x00\ -\x20\x00\x75\x00\x6e\x00\x61\x00\x20\x00\x63\x00\x75\x00\x65\x00\ -\x6e\x00\x74\x00\x61\x00\x20\x00\x6e\x00\x75\x00\x65\x00\x76\x00\ -\x61\x00\x2e\x08\x00\x00\x00\x00\x06\x00\x00\x00\x1a\x53\x69\x67\ -\x6e\x20\x75\x70\x20\x66\x6f\x72\x20\x61\x20\x6e\x65\x77\x20\x61\ -\x63\x63\x6f\x75\x6e\x74\x2e\x07\x00\x00\x00\x09\x49\x6e\x74\x72\ -\x6f\x50\x61\x67\x65\x01\x03\x00\x00\x00\x34\x00\x45\x00\x72\x00\ -\x72\x00\x6f\x00\x72\x00\x20\x00\x64\x00\x65\x00\x20\x00\x61\x00\ -\x75\x00\x74\x00\x65\x00\x6e\x00\x74\x00\x69\x00\x63\x00\x61\x00\ -\x63\x00\x69\x00\x6f\x00\x6e\x00\x3a\x00\x20\x00\x25\x00\x73\x08\ -\x00\x00\x00\x00\x06\x00\x00\x00\x18\x41\x75\x74\x68\x65\x6e\x74\ -\x69\x63\x61\x74\x69\x6f\x6e\x20\x65\x72\x72\x6f\x72\x3a\x20\x25\ -\x73\x07\x00\x00\x00\x09\x4c\x6f\x67\x49\x6e\x50\x61\x67\x65\x01\ -\x03\x00\x00\x00\x2e\x00\x43\x00\x72\x00\x65\x00\x64\x00\x65\x00\ -\x6e\x00\x63\x00\x69\x00\x61\x00\x6c\x00\x65\x00\x73\x00\x20\x00\ -\x76\x00\x61\x00\x6c\x00\x69\x00\x64\x00\x61\x00\x64\x00\x61\x00\ -\x73\x00\x2e\x08\x00\x00\x00\x00\x06\x00\x00\x00\x16\x43\x72\x65\ -\x64\x65\x6e\x74\x69\x61\x6c\x73\x20\x76\x61\x6c\x69\x64\x61\x74\ -\x65\x64\x2e\x07\x00\x00\x00\x09\x4c\x6f\x67\x49\x6e\x50\x61\x67\ -\x65\x01\x03\x00\x00\x00\x3a\x00\x52\x00\x65\x00\x73\x00\x6f\x00\ -\x6c\x00\x76\x00\x69\x00\x65\x00\x6e\x00\x64\x00\x6f\x00\x20\x00\ -\x6e\x00\x6f\x00\x6d\x00\x62\x00\x72\x00\x65\x00\x20\x00\x64\x00\ -\x65\x00\x20\x00\x64\x00\x6f\x00\x6d\x00\x69\x00\x6e\x00\x69\x00\ -\x6f\x08\x00\x00\x00\x00\x06\x00\x00\x00\x15\x52\x65\x73\x6f\x6c\ -\x76\x69\x6e\x67\x20\x64\x6f\x6d\x61\x69\x6e\x20\x6e\x61\x6d\x65\ -\x07\x00\x00\x00\x09\x4c\x6f\x67\x49\x6e\x50\x61\x67\x65\x01\x03\ -\x00\x00\x00\x5a\x00\x45\x00\x6c\x00\x20\x00\x75\x00\x73\x00\x75\ -\x00\x61\x00\x72\x00\x69\x00\x6f\x00\x20\x00\x74\x00\x69\x00\x65\ -\x00\x6e\x00\x65\x00\x20\x00\x71\x00\x75\x00\x65\x00\x20\x00\x73\ -\x00\x65\x00\x72\x00\x20\x00\x75\x00\x73\x00\x75\x00\x61\x00\x72\ -\x00\x69\x00\x6f\x00\x40\x00\x74\x00\x75\x00\x2e\x00\x70\x00\x72\ -\x00\x6f\x00\x76\x00\x65\x00\x65\x00\x64\x00\x6f\x00\x72\x08\x00\ -\x00\x00\x00\x06\x00\x00\x00\x2f\x55\x73\x65\x72\x6e\x61\x6d\x65\ -\x20\x6d\x75\x73\x74\x20\x62\x65\x20\x69\x6e\x20\x74\x68\x65\x20\ -\x75\x73\x65\x72\x6e\x61\x6d\x65\x40\x70\x72\x6f\x76\x69\x64\x65\ -\x72\x20\x66\x6f\x72\x6d\x2e\x07\x00\x00\x00\x09\x4c\x6f\x67\x49\ -\x6e\x50\x61\x67\x65\x01\x03\x00\x00\x00\x24\x00\x49\x00\x6e\x00\ -\x66\x00\x6f\x00\x20\x00\x64\x00\x65\x00\x6c\x00\x20\x00\x50\x00\ -\x72\x00\x6f\x00\x76\x00\x65\x00\x65\x00\x64\x00\x6f\x00\x72\x08\ -\x00\x00\x00\x00\x06\x00\x00\x00\x0d\x50\x72\x6f\x76\x69\x64\x65\ -\x72\x20\x49\x6e\x66\x6f\x07\x00\x00\x00\x10\x50\x72\x6f\x76\x69\ -\x64\x65\x72\x49\x6e\x66\x6f\x50\x61\x67\x65\x01\x03\x00\x00\x00\ -\x42\x00\x45\x00\x73\x00\x74\x00\x6f\x00\x20\x00\x65\x00\x73\x00\ -\x20\x00\x6c\x00\x6f\x00\x20\x00\x71\x00\x75\x00\x65\x00\x20\x00\ -\x64\x00\x69\x00\x63\x00\x65\x00\x20\x00\x65\x00\x6c\x00\x20\x00\ -\x70\x00\x72\x00\x6f\x00\x76\x00\x65\x00\x65\x00\x64\x00\x6f\x00\ -\x72\x00\x2e\x08\x00\x00\x00\x00\x06\x00\x00\x00\x1b\x54\x68\x69\ -\x73\x20\x69\x73\x20\x77\x68\x61\x74\x20\x70\x72\x6f\x76\x69\x64\ -\x65\x72\x20\x73\x61\x79\x73\x2e\x07\x00\x00\x00\x10\x50\x72\x6f\ -\x76\x69\x64\x65\x72\x49\x6e\x66\x6f\x50\x61\x67\x65\x01\x03\x00\ -\x00\x00\x46\x00\x43\x00\x6f\x00\x6d\x00\x70\x00\x72\x00\x6f\x00\ -\x62\x00\x61\x00\x6e\x00\x64\x00\x6f\x00\x20\x00\x65\x00\x6c\x00\ -\x20\x00\x66\x00\x69\x00\x6e\x00\x67\x00\x65\x00\x72\x00\x70\x00\ -\x72\x00\x69\x00\x6e\x00\x74\x00\x20\x00\x64\x00\x65\x00\x20\x00\ -\x6c\x00\x61\x00\x20\x00\x43\x00\x41\x08\x00\x00\x00\x00\x06\x00\ -\x00\x00\x17\x43\x68\x65\x63\x6b\x69\x6e\x67\x20\x43\x41\x20\x66\ -\x69\x6e\x67\x65\x72\x70\x72\x69\x6e\x74\x07\x00\x00\x00\x1b\x50\ -\x72\x6f\x76\x69\x64\x65\x72\x53\x65\x74\x75\x70\x56\x61\x6c\x69\ -\x64\x61\x74\x69\x6f\x6e\x50\x61\x67\x65\x01\x03\x00\x00\x00\x22\ -\x00\x41\x00\x75\x00\x74\x00\x6f\x00\x63\x00\x6f\x00\x6e\x00\x66\ -\x00\x69\x00\x67\x00\x75\x00\x72\x00\x61\x00\x6e\x00\x64\x00\x6f\ -\x00\x2e\x08\x00\x00\x00\x00\x06\x00\x00\x00\x11\x44\x6f\x69\x6e\ -\x67\x20\x61\x75\x74\x6f\x63\x6f\x6e\x66\x69\x67\x2e\x07\x00\x00\ -\x00\x1b\x50\x72\x6f\x76\x69\x64\x65\x72\x53\x65\x74\x75\x70\x56\ -\x61\x6c\x69\x64\x61\x74\x69\x6f\x6e\x50\x61\x67\x65\x01\x03\x00\ -\x00\x00\x3e\x00\x4f\x00\x62\x00\x74\x00\x65\x00\x6e\x00\x69\x00\ -\x65\x00\x6e\x00\x64\x00\x6f\x00\x20\x00\x63\x00\x65\x00\x72\x00\ -\x74\x00\x69\x00\x66\x00\x69\x00\x63\x00\x61\x00\x64\x00\x6f\x00\ -\x20\x00\x64\x00\x65\x00\x20\x00\x6c\x00\x61\x00\x20\x00\x43\x00\ -\x41\x08\x00\x00\x00\x00\x06\x00\x00\x00\x17\x46\x65\x74\x63\x68\ -\x69\x6e\x67\x20\x43\x41\x20\x63\x65\x72\x74\x69\x66\x69\x63\x61\ -\x74\x65\x07\x00\x00\x00\x1b\x50\x72\x6f\x76\x69\x64\x65\x72\x53\ -\x65\x74\x75\x70\x56\x61\x6c\x69\x64\x61\x74\x69\x6f\x6e\x50\x61\ -\x67\x65\x01\x03\x00\x00\x00\x36\x00\x43\x00\x6f\x00\x6e\x00\x66\ -\x00\x69\x00\x67\x00\x75\x00\x72\x00\x61\x00\x63\x00\x69\x00\x6f\ -\x00\x6e\x00\x20\x00\x64\x00\x65\x00\x6c\x00\x20\x00\x50\x00\x72\ -\x00\x6f\x00\x76\x00\x65\x00\x65\x00\x64\x00\x6f\x00\x72\x08\x00\ -\x00\x00\x00\x06\x00\x00\x00\x0e\x50\x72\x6f\x76\x69\x64\x65\x72\ -\x20\x73\x65\x74\x75\x70\x07\x00\x00\x00\x1b\x50\x72\x6f\x76\x69\ -\x64\x65\x72\x53\x65\x74\x75\x70\x56\x61\x6c\x69\x64\x61\x74\x69\ -\x6f\x6e\x50\x61\x67\x65\x01\x03\x00\x00\x00\x3e\x00\x56\x00\x61\ -\x00\x6c\x00\x69\x00\x64\x00\x61\x00\x6e\x00\x64\x00\x6f\x00\x20\ -\x00\x63\x00\x65\x00\x72\x00\x74\x00\x69\x00\x66\x00\x69\x00\x63\ -\x00\x61\x00\x64\x00\x6f\x00\x20\x00\x64\x00\x65\x00\x20\x00\x6c\ -\x00\x61\x00\x20\x00\x61\x00\x70\x00\x69\x08\x00\x00\x00\x00\x06\ -\x00\x00\x00\x1a\x56\x61\x6c\x69\x64\x61\x74\x69\x6e\x67\x20\x61\ -\x70\x69\x20\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x07\x00\ -\x00\x00\x1b\x50\x72\x6f\x76\x69\x64\x65\x72\x53\x65\x74\x75\x70\ -\x56\x61\x6c\x69\x64\x61\x74\x69\x6f\x6e\x50\x61\x67\x65\x01\x03\ -\x00\x00\x00\x46\x00\x4e\x00\x6f\x00\x20\x00\x73\x00\x65\x00\x20\ -\x00\x70\x00\x75\x00\x64\x00\x6f\x00\x20\x00\x72\x00\x65\x00\x67\ -\x00\x69\x00\x73\x00\x74\x00\x72\x00\x61\x00\x72\x00\x20\x00\x28\ -\x00\x62\x00\x61\x00\x64\x00\x20\x00\x72\x00\x65\x00\x73\x00\x70\ -\x00\x6f\x00\x6e\x00\x73\x00\x65\x00\x29\x08\x00\x00\x00\x00\x06\ -\x00\x00\x00\x21\x43\x6f\x75\x6c\x64\x20\x6e\x6f\x74\x20\x72\x65\ -\x67\x69\x73\x74\x65\x72\x20\x28\x62\x61\x64\x20\x72\x65\x73\x70\ -\x6f\x6e\x73\x65\x29\x07\x00\x00\x00\x10\x52\x65\x67\x69\x73\x74\ -\x65\x72\x55\x73\x65\x72\x50\x61\x67\x65\x01\x03\x00\x00\x00\x54\ -\x00\x45\x00\x72\x00\x72\x00\x6f\x00\x72\x00\x20\x00\x63\x00\x6f\ -\x00\x6e\x00\x65\x00\x63\x00\x74\x00\x61\x00\x6e\x00\x64\x00\x6f\ -\x00\x73\x00\x65\x00\x20\x00\x61\x00\x6c\x00\x20\x00\x70\x00\x72\ -\x00\x6f\x00\x76\x00\x65\x00\x65\x00\x64\x00\x6f\x00\x72\x00\x20\ -\x00\x28\x00\x63\x00\x6f\x00\x6e\x00\x6e\x00\x65\x00\x72\x00\x72\ -\x00\x29\x00\x2e\x08\x00\x00\x00\x00\x06\x00\x00\x00\x27\x45\x72\ -\x72\x6f\x72\x20\x43\x6f\x6e\x6e\x65\x63\x74\x69\x6e\x67\x20\x74\ -\x6f\x20\x70\x72\x6f\x76\x69\x64\x65\x72\x20\x28\x63\x6f\x6e\x6e\ -\x65\x72\x72\x29\x2e\x07\x00\x00\x00\x10\x52\x65\x67\x69\x73\x74\ -\x65\x72\x55\x73\x65\x72\x50\x61\x67\x65\x01\x03\x00\x00\x00\x52\ -\x00\x45\x00\x72\x00\x72\x00\x6f\x00\x72\x00\x20\x00\x63\x00\x6f\ -\x00\x6e\x00\x65\x00\x63\x00\x74\x00\x61\x00\x6e\x00\x64\x00\x6f\ -\x00\x73\x00\x65\x00\x20\x00\x61\x00\x6c\x00\x20\x00\x70\x00\x72\ -\x00\x6f\x00\x76\x00\x65\x00\x65\x00\x64\x00\x6f\x00\x72\x00\x20\ -\x00\x28\x00\x74\x00\x69\x00\x6d\x00\x65\x00\x6f\x00\x75\x00\x74\ -\x00\x29\x08\x00\x00\x00\x00\x06\x00\x00\x00\x26\x45\x72\x72\x6f\ -\x72\x20\x63\x6f\x6e\x6e\x65\x63\x74\x69\x6e\x67\x20\x74\x6f\x20\ -\x70\x72\x6f\x76\x69\x64\x65\x72\x20\x28\x74\x69\x6d\x65\x6f\x75\ -\x74\x29\x07\x00\x00\x00\x10\x52\x65\x67\x69\x73\x74\x65\x72\x55\ -\x73\x65\x72\x50\x61\x67\x65\x01\x03\x00\x00\x00\x3c\x00\x45\x00\ -\x72\x00\x72\x00\x6f\x00\x72\x00\x20\x00\x64\x00\x75\x00\x72\x00\ -\x61\x00\x6e\x00\x74\x00\x65\x00\x20\x00\x65\x00\x6c\x00\x20\x00\ -\x72\x00\x65\x00\x67\x00\x69\x00\x73\x00\x74\x00\x72\x00\x6f\x00\ -\x20\x00\x28\x00\x25\x00\x73\x00\x29\x08\x00\x00\x00\x00\x06\x00\ -\x00\x00\x1e\x45\x72\x72\x6f\x72\x20\x64\x75\x72\x69\x6e\x67\x20\ -\x72\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x20\x28\x25\x73\ -\x29\x07\x00\x00\x00\x10\x52\x65\x67\x69\x73\x74\x65\x72\x55\x73\ -\x65\x72\x50\x61\x67\x65\x01\x03\x00\x00\x00\x40\x00\x4c\x00\x61\ -\x00\x73\x00\x20\x00\x63\x00\x6f\x00\x6e\x00\x74\x00\x72\x00\x61\ -\x00\x73\x00\x65\x00\x6e\x00\x61\x00\x73\x00\x20\x00\x6e\x00\x6f\ -\x00\x20\x00\x73\x00\x6f\x00\x6e\x00\x20\x00\x69\x00\x67\x00\x75\ -\x00\x61\x00\x6c\x00\x65\x00\x73\x00\x2e\x00\x2e\x08\x00\x00\x00\ -\x00\x06\x00\x00\x00\x19\x50\x61\x73\x73\x77\x6f\x72\x64\x20\x64\ -\x6f\x65\x73\x20\x6e\x6f\x74\x20\x6d\x61\x74\x63\x68\x2e\x2e\x07\ -\x00\x00\x00\x10\x52\x65\x67\x69\x73\x74\x65\x72\x55\x73\x65\x72\ -\x50\x61\x67\x65\x01\x03\x00\x00\x00\x36\x00\x43\x00\x6f\x00\x6e\ -\x00\x74\x00\x72\x00\x61\x00\x73\x00\x65\x00\x6e\x00\x61\x00\x20\ -\x00\x64\x00\x65\x00\x6d\x00\x61\x00\x73\x00\x69\x00\x61\x00\x64\ -\x00\x6f\x00\x20\x00\x6f\x00\x62\x00\x76\x00\x69\x00\x61\x00\x2e\ -\x08\x00\x00\x00\x00\x06\x00\x00\x00\x15\x50\x61\x73\x73\x77\x6f\ -\x72\x64\x20\x74\x6f\x6f\x20\x6f\x62\x76\x69\x6f\x75\x73\x2e\x07\ -\x00\x00\x00\x10\x52\x65\x67\x69\x73\x74\x65\x72\x55\x73\x65\x72\ -\x50\x61\x67\x65\x01\x03\x00\x00\x00\x36\x00\x43\x00\x6f\x00\x6e\ -\x00\x74\x00\x72\x00\x61\x00\x73\x00\x65\x00\x6e\x00\x61\x00\x20\ -\x00\x64\x00\x65\x00\x6d\x00\x61\x00\x73\x00\x69\x00\x61\x00\x64\ -\x00\x6f\x00\x20\x00\x63\x00\x6f\x00\x72\x00\x74\x00\x61\x00\x2e\ -\x08\x00\x00\x00\x00\x06\x00\x00\x00\x13\x50\x61\x73\x73\x77\x6f\ -\x72\x64\x20\x74\x6f\x6f\x20\x73\x68\x6f\x72\x74\x2e\x07\x00\x00\ -\x00\x10\x52\x65\x67\x69\x73\x74\x65\x72\x55\x73\x65\x72\x50\x61\ -\x67\x65\x01\x03\x00\x00\x00\x5e\x00\x52\x00\x65\x00\x67\x00\x69\ -\x00\x73\x00\x74\x00\x72\x00\x61\x00\x72\x00\x20\x00\x75\x00\x6e\ -\x00\x20\x00\x6e\x00\x75\x00\x65\x00\x76\x00\x6f\x00\x20\x00\x75\ -\x00\x73\x00\x75\x00\x61\x00\x72\x00\x69\x00\x6f\x00\x20\x00\x63\ -\x00\x6f\x00\x6e\x00\x20\x00\x65\x00\x6c\x00\x20\x00\x70\x00\x72\ -\x00\x6f\x00\x76\x00\x65\x00\x65\x00\x64\x00\x6f\x00\x72\x00\x20\ -\x00\x25\x00\x73\x00\x2e\x08\x00\x00\x00\x00\x06\x00\x00\x00\x25\ -\x52\x65\x67\x69\x73\x74\x65\x72\x20\x61\x20\x6e\x65\x77\x20\x75\ -\x73\x65\x72\x20\x77\x69\x74\x68\x20\x70\x72\x6f\x76\x69\x64\x65\ -\x72\x20\x25\x73\x2e\x07\x00\x00\x00\x10\x52\x65\x67\x69\x73\x74\ -\x65\x72\x55\x73\x65\x72\x50\x61\x67\x65\x01\x03\x00\x00\x00\x30\ -\x00\x43\x00\x75\x00\x65\x00\x6e\x00\x74\x00\x61\x00\x20\x00\x63\ -\x00\x72\x00\x65\x00\x61\x00\x64\x00\x61\x00\x20\x00\x63\x00\x6f\ -\x00\x6e\x00\x20\x00\x65\x00\x78\x00\x69\x00\x74\x00\x6f\x00\x21\ -\x08\x00\x00\x00\x00\x06\x00\x00\x00\x17\x52\x65\x67\x69\x73\x74\ -\x72\x61\x74\x69\x6f\x6e\x20\x73\x75\x63\x63\x65\x65\x64\x65\x64\ -\x21\x07\x00\x00\x00\x10\x52\x65\x67\x69\x73\x74\x65\x72\x55\x73\ -\x65\x72\x50\x61\x67\x65\x01\x03\x00\x00\x00\x18\x00\x4e\x00\x75\ -\x00\x65\x00\x76\x00\x61\x00\x20\x00\x43\x00\x75\x00\x65\x00\x6e\ -\x00\x74\x00\x61\x08\x00\x00\x00\x00\x06\x00\x00\x00\x07\x53\x69\ -\x67\x6e\x20\x55\x70\x07\x00\x00\x00\x10\x52\x65\x67\x69\x73\x74\ -\x65\x72\x55\x73\x65\x72\x50\x61\x67\x65\x01\x03\x00\x00\x00\x2c\ -\x00\x55\x00\x73\x00\x75\x00\x61\x00\x72\x00\x69\x00\x6f\x00\x20\ -\x00\x6e\x00\x6f\x00\x20\x00\x64\x00\x69\x00\x73\x00\x70\x00\x6f\ -\x00\x6e\x00\x69\x00\x62\x00\x6c\x00\x65\x00\x2e\x08\x00\x00\x00\ -\x00\x06\x00\x00\x00\x17\x55\x73\x65\x72\x6e\x61\x6d\x65\x20\x6e\ -\x6f\x74\x20\x61\x76\x61\x69\x6c\x61\x62\x6c\x65\x2e\x07\x00\x00\ -\x00\x10\x52\x65\x67\x69\x73\x74\x65\x72\x55\x73\x65\x72\x50\x61\ -\x67\x65\x01\x03\x00\x00\x00\x34\x00\x45\x00\x72\x00\x72\x00\x6f\ -\x00\x72\x00\x20\x00\x64\x00\x65\x00\x20\x00\x61\x00\x75\x00\x74\ -\x00\x65\x00\x6e\x00\x74\x00\x69\x00\x63\x00\x61\x00\x63\x00\x69\ -\x00\x6f\x00\x6e\x00\x3a\x00\x20\x00\x25\x00\x73\x08\x00\x00\x00\ -\x00\x06\x00\x00\x00\x18\x41\x75\x74\x68\x65\x6e\x74\x69\x63\x61\ -\x74\x69\x6f\x6e\x20\x65\x72\x72\x6f\x72\x3a\x20\x25\x73\x07\x00\ -\x00\x00\x1a\x52\x65\x67\x69\x73\x74\x65\x72\x55\x73\x65\x72\x56\ -\x61\x6c\x69\x64\x61\x74\x69\x6f\x6e\x50\x61\x67\x65\x01\x03\x00\ -\x00\x00\x34\x00\x4f\x00\x62\x00\x74\x00\x65\x00\x6e\x00\x69\x00\ -\x65\x00\x6e\x00\x64\x00\x6f\x00\x20\x00\x63\x00\x65\x00\x72\x00\ -\x74\x00\x69\x00\x66\x00\x69\x00\x63\x00\x61\x00\x64\x00\x6f\x00\ -\x20\x00\x65\x00\x69\x00\x70\x08\x00\x00\x00\x00\x06\x00\x00\x00\ -\x18\x46\x65\x74\x63\x68\x69\x6e\x67\x20\x65\x69\x70\x20\x63\x65\ -\x72\x74\x69\x66\x69\x63\x61\x74\x65\x07\x00\x00\x00\x1a\x52\x65\ -\x67\x69\x73\x74\x65\x72\x55\x73\x65\x72\x56\x61\x6c\x69\x64\x61\ -\x74\x69\x6f\x6e\x50\x61\x67\x65\x01\x03\x00\x00\x00\x52\x00\x4f\ -\x00\x62\x00\x74\x00\x65\x00\x6e\x00\x69\x00\x65\x00\x6e\x00\x64\ -\x00\x6f\x00\x20\x00\x63\x00\x6f\x00\x6e\x00\x66\x00\x69\x00\x67\ -\x00\x75\x00\x72\x00\x61\x00\x63\x00\x69\x00\x6f\x00\x6e\x00\x20\ -\x00\x64\x00\x65\x00\x6c\x00\x20\x00\x70\x00\x72\x00\x6f\x00\x76\ -\x00\x65\x00\x65\x00\x64\x00\x6f\x00\x72\x00\x2e\x00\x2e\x00\x2e\ -\x08\x00\x00\x00\x00\x06\x00\x00\x00\x1b\x46\x65\x74\x63\x68\x69\ -\x6e\x67\x20\x70\x72\x6f\x76\x69\x64\x65\x72\x20\x63\x6f\x6e\x66\ -\x69\x67\x2e\x2e\x2e\x07\x00\x00\x00\x1a\x52\x65\x67\x69\x73\x74\ -\x65\x72\x55\x73\x65\x72\x56\x61\x6c\x69\x64\x61\x74\x69\x6f\x6e\ -\x50\x61\x67\x65\x01\x03\x00\x00\x00\x34\x00\x56\x00\x61\x00\x6c\ -\x00\x69\x00\x64\x00\x61\x00\x63\x00\x69\x00\x6f\x00\x6e\x00\x20\ -\x00\x64\x00\x65\x00\x6c\x00\x20\x00\x63\x00\x65\x00\x72\x00\x74\ -\x00\x69\x00\x66\x00\x69\x00\x63\x00\x61\x00\x64\x00\x6f\x08\x00\ -\x00\x00\x00\x06\x00\x00\x00\x16\x43\x65\x72\x74\x69\x66\x69\x63\ -\x61\x74\x65\x20\x76\x61\x6c\x69\x64\x61\x74\x69\x6f\x6e\x07\x00\ -\x00\x00\x12\x53\x65\x6c\x65\x63\x74\x50\x72\x6f\x76\x69\x64\x65\ -\x72\x50\x61\x67\x65\x01\x03\x00\x00\x00\x6c\x00\x6e\x00\x6f\x00\ -\x20\x00\x73\x00\x65\x00\x20\x00\x70\x00\x75\x00\x64\x00\x6f\x00\ -\x20\x00\x6f\x00\x62\x00\x74\x00\x65\x00\x6e\x00\x65\x00\x72\x00\ -\x20\x00\x69\x00\x6e\x00\x66\x00\x6f\x00\x20\x00\x64\x00\x65\x00\ -\x6c\x00\x20\x00\x70\x00\x72\x00\x6f\x00\x76\x00\x65\x00\x65\x00\ -\x64\x00\x6f\x00\x72\x00\x20\x00\x28\x00\x72\x00\x65\x00\x66\x00\ -\x75\x00\x73\x00\x65\x00\x64\x00\x20\x00\x63\x00\x6f\x00\x6e\x00\ -\x6e\x00\x2e\x00\x29\x00\x2e\x08\x00\x00\x00\x00\x06\x00\x00\x00\ -\x31\x43\x6f\x75\x6c\x64\x20\x6e\x6f\x74\x20\x64\x6f\x77\x6e\x6c\ -\x6f\x61\x64\x20\x70\x72\x6f\x76\x69\x64\x65\x72\x20\x69\x6e\x66\ -\x6f\x20\x28\x72\x65\x66\x75\x73\x65\x64\x20\x63\x6f\x6e\x6e\x2e\ -\x29\x2e\x07\x00\x00\x00\x12\x53\x65\x6c\x65\x63\x74\x50\x72\x6f\ -\x76\x69\x64\x65\x72\x50\x61\x67\x65\x01\x03\x00\x00\x00\x4a\x00\ -\x6e\x00\x6f\x00\x20\x00\x73\x00\x65\x00\x20\x00\x70\x00\x75\x00\ -\x64\x00\x6f\x00\x20\x00\x6f\x00\x62\x00\x74\x00\x65\x00\x6e\x00\ -\x65\x00\x72\x00\x20\x00\x69\x00\x6e\x00\x66\x00\x6f\x00\x20\x00\ -\x64\x00\x65\x00\x6c\x00\x20\x00\x70\x00\x72\x00\x6f\x00\x76\x00\ -\x65\x00\x65\x00\x64\x00\x6f\x00\x72\x08\x00\x00\x00\x00\x06\x00\ -\x00\x00\x21\x43\x6f\x75\x6c\x64\x20\x6e\x6f\x74\x20\x67\x65\x74\ -\x20\x69\x6e\x66\x6f\x20\x66\x72\x6f\x6d\x20\x70\x72\x6f\x76\x69\ -\x64\x65\x72\x2e\x07\x00\x00\x00\x12\x53\x65\x6c\x65\x63\x74\x50\ -\x72\x6f\x76\x69\x64\x65\x72\x50\x61\x67\x65\x01\x03\x00\x00\x00\ -\x24\x00\x45\x00\x6e\x00\x74\x00\x72\x00\x61\x00\x20\x00\x74\x00\ -\x75\x00\x20\x00\x50\x00\x72\x00\x6f\x00\x76\x00\x65\x00\x65\x00\ -\x64\x00\x6f\x00\x72\x08\x00\x00\x00\x00\x06\x00\x00\x00\x0e\x45\ -\x6e\x74\x65\x72\x20\x50\x72\x6f\x76\x69\x64\x65\x72\x07\x00\x00\ -\x00\x12\x53\x65\x6c\x65\x63\x74\x50\x72\x6f\x76\x69\x64\x65\x72\ -\x50\x61\x67\x65\x01\x03\x00\x00\x00\x9c\x00\x50\x00\x6f\x00\x72\ -\x00\x20\x00\x66\x00\x61\x00\x76\x00\x6f\x00\x72\x00\x2c\x00\x20\ -\x00\x72\x00\x65\x00\x6c\x00\x6c\x00\x65\x00\x6e\x00\x61\x00\x20\ -\x00\x65\x00\x6c\x00\x20\x00\x64\x00\x6f\x00\x6d\x00\x69\x00\x6e\ -\x00\x69\x00\x6f\x00\x20\x00\x64\x00\x65\x00\x6c\x00\x20\x00\x70\ -\x00\x72\x00\x6f\x00\x76\x00\x65\x00\x65\x00\x64\x00\x6f\x00\x72\ -\x00\x20\x00\x71\x00\x75\x00\x65\x00\x20\x00\x71\x00\x75\x00\x69\ -\x00\x65\x00\x72\x00\x61\x00\x73\x00\x20\x00\x75\x00\x73\x00\x61\ -\x00\x72\x00\x20\x00\x70\x00\x61\x00\x72\x00\x61\x00\x20\x00\x74\ -\x00\x75\x00\x20\x00\x63\x00\x6f\x00\x6e\x00\x65\x00\x78\x00\x69\ -\x00\x6f\x00\x6e\x00\x2e\x08\x00\x00\x00\x00\x06\x00\x00\x00\x4c\ -\x50\x6c\x65\x61\x73\x65\x20\x65\x6e\x74\x65\x72\x20\x74\x68\x65\ -\x20\x64\x6f\x6d\x61\x69\x6e\x20\x6f\x66\x20\x74\x68\x65\x20\x70\ -\x72\x6f\x76\x69\x64\x65\x72\x20\x79\x6f\x75\x20\x77\x61\x6e\x74\ -\x20\x74\x6f\x20\x75\x73\x65\x20\x66\x6f\x72\x20\x79\x6f\x75\x72\ -\x20\x63\x6f\x6e\x6e\x65\x63\x74\x69\x6f\x6e\x2e\x07\x00\x00\x00\ -\x12\x53\x65\x6c\x65\x63\x74\x50\x72\x6f\x76\x69\x64\x65\x72\x50\ -\x61\x67\x65\x01\x03\x00\x00\x00\x62\x00\x4e\x00\x6f\x00\x20\x00\ -\x73\x00\x65\x00\x20\x00\x70\x00\x75\x00\x64\x00\x6f\x00\x20\x00\ -\x76\x00\x65\x00\x72\x00\x69\x00\x66\x00\x69\x00\x63\x00\x61\x00\ -\x72\x00\x20\x00\x65\x00\x6c\x00\x20\x00\x63\x00\x65\x00\x72\x00\ -\x74\x00\x69\x00\x66\x00\x69\x00\x63\x00\x61\x00\x64\x00\x6f\x00\ -\x20\x00\x64\x00\x65\x00\x6c\x00\x20\x00\x73\x00\x65\x00\x72\x00\ -\x76\x00\x69\x00\x64\x00\x6f\x00\x72\x00\x2e\x08\x00\x00\x00\x00\ -\x06\x00\x00\x00\x29\x53\x65\x72\x76\x65\x72\x20\x63\x65\x72\x74\ -\x69\x66\x69\x63\x61\x74\x65\x20\x63\x6f\x75\x6c\x64\x20\x6e\x6f\ -\x74\x20\x62\x65\x20\x76\x65\x72\x69\x66\x69\x65\x64\x2e\x07\x00\ -\x00\x00\x12\x53\x65\x6c\x65\x63\x74\x50\x72\x6f\x76\x69\x64\x65\ -\x72\x50\x61\x67\x65\x01\x03\x00\x00\x00\x16\x00\x63\x00\x6f\x00\ -\x6d\x00\x70\x00\x72\x00\x6f\x00\x26\x00\x62\x00\x61\x00\x72\x00\ -\x21\x08\x00\x00\x00\x00\x06\x00\x00\x00\x07\x63\x68\x65\x63\x26\ -\x6b\x21\x07\x00\x00\x00\x12\x53\x65\x6c\x65\x63\x74\x50\x72\x6f\ -\x76\x69\x64\x65\x72\x50\x61\x67\x65\x01\x03\x00\x00\x00\x3a\x00\ -\x63\x00\x6f\x00\x6d\x00\x70\x00\x72\x00\x6f\x00\x62\x00\x61\x00\ -\x6e\x00\x64\x00\x6f\x00\x20\x00\x6e\x00\x6f\x00\x6d\x00\x62\x00\ -\x72\x00\x65\x00\x20\x00\x64\x00\x65\x00\x20\x00\x64\x00\x6f\x00\ -\x6d\x00\x69\x00\x6e\x00\x69\x00\x6f\x08\x00\x00\x00\x00\x06\x00\ -\x00\x00\x14\x63\x68\x65\x63\x6b\x69\x6e\x67\x20\x64\x6f\x6d\x61\ -\x69\x6e\x20\x6e\x61\x6d\x65\x07\x00\x00\x00\x12\x53\x65\x6c\x65\ -\x63\x74\x50\x72\x6f\x76\x69\x64\x65\x72\x50\x61\x67\x65\x01\x03\ -\x00\x00\x00\x34\x00\x63\x00\x6f\x00\x6d\x00\x70\x00\x72\x00\x6f\ -\x00\x62\x00\x61\x00\x6e\x00\x64\x00\x6f\x00\x20\x00\x63\x00\x6f\ -\x00\x6e\x00\x65\x00\x78\x00\x69\x00\x6f\x00\x6e\x00\x20\x00\x68\ -\x00\x74\x00\x74\x00\x70\x00\x73\x08\x00\x00\x00\x00\x06\x00\x00\ -\x00\x19\x63\x68\x65\x63\x6b\x69\x6e\x67\x20\x68\x74\x74\x70\x73\ -\x20\x63\x6f\x6e\x6e\x65\x63\x74\x69\x6f\x6e\x07\x00\x00\x00\x12\ -\x53\x65\x6c\x65\x63\x74\x50\x72\x6f\x76\x69\x64\x65\x72\x50\x61\ -\x67\x65\x01\x03\x00\x00\x00\x3a\x00\x6f\x00\x62\x00\x74\x00\x65\ -\x00\x6e\x00\x69\x00\x65\x00\x6e\x00\x64\x00\x6f\x00\x20\x00\x69\ -\x00\x6e\x00\x66\x00\x6f\x00\x20\x00\x64\x00\x65\x00\x6c\x00\x20\ -\x00\x70\x00\x72\x00\x65\x00\x76\x00\x65\x00\x65\x00\x64\x00\x6f\ -\x00\x72\x08\x00\x00\x00\x00\x06\x00\x00\x00\x16\x66\x65\x74\x63\ -\x68\x69\x6e\x67\x20\x70\x72\x6f\x76\x69\x64\x65\x72\x20\x69\x6e\ -\x66\x6f\x07\x00\x00\x00\x12\x53\x65\x6c\x65\x63\x74\x50\x72\x6f\ -\x76\x69\x64\x65\x72\x50\x61\x67\x65\x01\x88\x00\x00\x00\x02\x01\ -\x01\ -" - -qt_resource_name = "\ -\x00\x0c\ -\x0d\xfc\x11\x13\ -\x00\x74\ -\x00\x72\x00\x61\x00\x6e\x00\x73\x00\x6c\x00\x61\x00\x74\x00\x69\x00\x6f\x00\x6e\x00\x73\ -\x00\x05\ -\x00\x6a\x85\x7d\ -\x00\x64\ -\x00\x65\x00\x2e\x00\x71\x00\x6d\ -\x00\x05\ -\x00\x6c\x65\x7d\ -\x00\x65\ -\x00\x73\x00\x2e\x00\x71\x00\x6d\ -" - -qt_resource_struct = "\ -\x00\x00\x00\x00\x00\x02\x00\x00\x00\x01\x00\x00\x00\x01\ -\x00\x00\x00\x00\x00\x02\x00\x00\x00\x02\x00\x00\x00\x02\ -\x00\x00\x00\x1e\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\ -\x00\x00\x00\x2e\x00\x00\x00\x00\x00\x01\x00\x00\x17\x98\ -" - -def qInitResources(): - QtCore.qRegisterResourceData(0x01, qt_resource_struct, qt_resource_name, qt_resource_data) - -def qCleanupResources(): - QtCore.qUnregisterResourceData(0x01, qt_resource_struct, qt_resource_name, qt_resource_data) - -qInitResources() diff --git a/src/leap/gui/loggerwindow.py b/src/leap/gui/loggerwindow.py new file mode 100644 index 00000000..dd724ac7 --- /dev/null +++ b/src/leap/gui/loggerwindow.py @@ -0,0 +1,124 @@ +# -*- coding: utf-8 -*- +# loggerwindow.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +""" +History log window +""" +import logging + +from PySide import QtGui +from ui_loggerwindow import Ui_LoggerWindow +from leap.common.check import leap_assert, leap_assert_type +from leap.util.leap_log_handler import LeapLogHandler + +logger = logging.getLogger(__name__) + + +class LoggerWindow(QtGui.QWidget): + """ + Window that displays a history of the logged messages in the app. + """ + def __init__(self, handler): + """ + Initialize the widget with the custom handler. + + :param handler: Custom handler that supports history and signal. + :type handler: LeapLogHandler. + """ + QtGui.QWidget.__init__(self) + leap_assert(handler, "We need a handler for the logger window") + leap_assert_type(handler, LeapLogHandler) + + # Load UI + self.ui = Ui_LoggerWindow() + self.ui.setupUi(self) + + # Make connections + self.ui.btnSave.clicked.connect(self._save_log_to_file) + self.ui.btnDebug.toggled.connect(self._load_history), + self.ui.btnInfo.toggled.connect(self._load_history), + self.ui.btnWarning.toggled.connect(self._load_history), + self.ui.btnError.toggled.connect(self._load_history), + self.ui.btnCritical.toggled.connect(self._load_history) + + # Load logging history and connect logger with the widget + self._logging_handler = handler + self._connect_to_handler() + self._load_history() + + def _connect_to_handler(self): + """ + This method connects the loggerwindow with the handler through a + signal communicate the logger events. + """ + self._logging_handler.new_log.connect(self._add_log_line) + + def _add_log_line(self, log): + """ + Adds a line to the history, only if it's in the desired levels to show. + + :param log: a log record to be inserted in the widget + :type log: a dict with RECORD_KEY and MESSAGE_KEY. + the record contains the LogRecord of the logging module, + the message contains the formatted message for the log. + """ + level = log[LeapLogHandler.RECORD_KEY].levelname + message = log[LeapLogHandler.MESSAGE_KEY] + + if self._logs_to_display[level]: + self.ui.txtLogHistory.append(message) + + def _load_history(self): + """ + Load the previous logged messages in the widget. + They are stored in the custom handler. + """ + self._set_logs_to_display() + self.ui.txtLogHistory.clear() + history = self._logging_handler.log_history + for line in history: + self._add_log_line(line) + + def _set_logs_to_display(self): + """ + Sets the logs_to_display dict getting the toggled options from the ui + """ + self._logs_to_display = { + 'DEBUG': self.ui.btnDebug.isChecked(), + 'INFO': self.ui.btnInfo.isChecked(), + 'WARNING': self.ui.btnWarning.isChecked(), + 'ERROR': self.ui.btnError.isChecked(), + 'CRITICAL': self.ui.btnCritical.isChecked() + } + + def _save_log_to_file(self): + """ + Lets the user save the current log to a file + """ + fileName, filtr = QtGui.QFileDialog.getSaveFileName( + self, self.tr("Save As")) + + if fileName: + try: + with open(fileName, 'w') as output: + output.write(self.ui.txtLogHistory.toPlainText()) + output.write('\n') + logger.debug('Log saved in %s' % (fileName, )) + except IOError, e: + logger.error("Error saving log file: %r" % (e, )) + else: + logger.debug('Log not saved!') diff --git a/src/leap/gui/login.py b/src/leap/gui/login.py new file mode 100644 index 00000000..8fc6ec24 --- /dev/null +++ b/src/leap/gui/login.py @@ -0,0 +1,214 @@ +# -*- coding: utf-8 -*- +# login.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +""" +Login widget implementation +""" +import logging +import keyring + +from PySide import QtCore, QtGui +from ui_login import Ui_LoginWidget + +from leap.util.keyring_helpers import has_keyring + +logger = logging.getLogger(__name__) + + +class LoginWidget(QtGui.QWidget): + """ + Login widget that emits signals to display the wizard or to + perform login. + """ + + # Emitted when the login button is clicked + login = QtCore.Signal() + # Emitted when the user selects "Other..." in the provider + # combobox or click "Create Account" + show_wizard = QtCore.Signal() + + def __init__(self, settings, parent=None): + """ + Constructs the LoginWidget. + + :param settings: client wide settings + :type settings: LeapSettings + :param parent: The parent widget for this widget + :type parent: QWidget or None + """ + QtGui.QWidget.__init__(self, parent) + + self._settings = settings + self._selected_provider_index = -1 + + self.ui = Ui_LoginWidget() + self.ui.setupUi(self) + + self.ui.chkRemember.stateChanged.connect( + self._remember_state_changed) + self.ui.chkRemember.setEnabled(has_keyring()) + + self.ui.lnPassword.setEchoMode(QtGui.QLineEdit.Password) + + self.ui.btnLogin.clicked.connect(self.login) + self.ui.lnPassword.returnPressed.connect(self.login) + + self.ui.lnUser.returnPressed.connect(self._focus_password) + + self.ui.cmbProviders.currentIndexChanged.connect( + self._current_provider_changed) + self.ui.btnCreateAccount.clicked.connect( + self.show_wizard) + + def _remember_state_changed(self, state): + """ + Saves the remember state in the LeapSettings + + :param state: possible stats can be Checked, Unchecked and + PartiallyChecked + :type state: QtCore.Qt.CheckState + """ + enable = True if state == QtCore.Qt.Checked else False + self._settings.set_remember(enable) + + def set_providers(self, provider_list): + """ + Set the provider list to provider_list plus an "Other..." item + that triggers the wizard + + :param provider_list: list of providers + :type provider_list: list of str + """ + self.ui.cmbProviders.blockSignals(True) + self.ui.cmbProviders.clear() + self.ui.cmbProviders.addItems(provider_list + ["Other..."]) + self.ui.cmbProviders.blockSignals(False) + + def select_provider_by_name(self, name): + """ + Given a provider name/domain, it selects it in the combobox + + :param name: name or domain for the provider + :type name: str + """ + provider_index = self.ui.cmbProviders.findText(name) + self.ui.cmbProviders.setCurrentIndex(provider_index) + + def get_selected_provider(self): + """ + Returns the selected provider in the combobox + """ + return self.ui.cmbProviders.currentText() + + def set_remember(self, value): + """ + Checks the remember user and password checkbox + + :param value: True to mark it checked, False otherwise + :type value: bool + """ + self.ui.chkRemember.setChecked(value) + + def get_remember(self): + """ + Returns the remember checkbox state + + :rtype: bool + """ + return self.ui.chkRemember.isChecked() + + def set_user(self, user): + """ + Sets the user and focuses on the next field, password. + + :param user: user to set the field to + :type user: str + """ + self.ui.lnUser.setText(user) + self._focus_password() + + def get_user(self): + """ + Returns the user that appears in the widget + + :rtype: str + """ + return self.ui.lnUser.text() + + def set_password(self, password): + """ + Sets the password for the widget + + :param password: password to set + :type password: str + """ + self.ui.lnPassword.setText(password) + + def get_password(self): + """ + Returns the password that appears in the widget + + :rtype: str + """ + return self.ui.lnPassword.text() + + def set_status(self, status, error=True): + """ + Sets the status label at the login stage to status + + :param status: status message + :type status: str + """ + if error: + status = "<font color='red'><b>%s</b></font>" % (status,) + self.ui.lblStatus.setText(status) + + def set_enabled(self, enabled=False): + """ + Enables or disables all the login widgets + + :param enabled: wether they should be enabled or not + :type enabled: bool + """ + self.ui.lnUser.setEnabled(enabled) + self.ui.lnPassword.setEnabled(enabled) + self.ui.btnLogin.setEnabled(enabled) + self.ui.chkRemember.setEnabled(enabled) + self.ui.cmbProviders.setEnabled(enabled) + + def _focus_password(self): + """ + Focuses in the password lineedit + """ + self.ui.lnPassword.setFocus() + + def _current_provider_changed(self, param): + """ + SLOT + TRIGGERS: self.ui.cmbProviders.currentIndexChanged + """ + if param == (self.ui.cmbProviders.count() - 1): + self.show_wizard.emit() + # Leave the previously selected provider in the combobox + prev_provider = 0 + if self._selected_provider_index != -1: + prev_provider = self._selected_provider_index + self.ui.cmbProviders.blockSignals(True) + self.ui.cmbProviders.setCurrentIndex(prev_provider) + self.ui.cmbProviders.blockSignals(False) + else: + self._selected_provider_index = param diff --git a/src/leap/gui/mainwindow.py b/src/leap/gui/mainwindow.py new file mode 100644 index 00000000..94343292 --- /dev/null +++ b/src/leap/gui/mainwindow.py @@ -0,0 +1,1336 @@ +# -*- coding: utf-8 -*- +# mainwindow.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +""" +Main window for the leap client +""" +import logging +import os +import platform +import tempfile +from functools import partial + +import keyring + +from PySide import QtCore, QtGui +from twisted.internet import threads + +from leap.common.check import leap_assert +from leap.common.events import register +from leap.common.events import events_pb2 as proto +from leap.config.leapsettings import LeapSettings +from leap.config.providerconfig import ProviderConfig +from leap.crypto.srpauth import SRPAuth +from leap.gui.loggerwindow import LoggerWindow +from leap.gui.wizard import Wizard +from leap.gui.login import LoginWidget +from leap.gui.statuspanel import StatusPanelWidget +from leap.platform_init import IS_MAC +from leap.services.eip.eipbootstrapper import EIPBootstrapper +from leap.services.eip.eipconfig import EIPConfig +from leap.services.eip.providerbootstrapper import ProviderBootstrapper +# XXX: comment out soledad temporarily to avoid problem in Windows, issue #2932 +# from leap.services.soledad.soledadbootstrapper import SoledadBootstrapper +from leap.services.mail.smtpbootstrapper import SMTPBootstrapper +from leap.platform_init import IS_WIN +from leap.platform_init.initializers import init_platform +from leap.services.eip.vpnprocess import VPN + +from leap.services.eip.vpnlaunchers import (VPNLauncherException, + OpenVPNNotFoundException, + EIPNoPkexecAvailable, + EIPNoPolkitAuthAgentAvailable) +from leap.util import __version__ as VERSION +from leap.util.keyring_helpers import has_keyring + +from leap.services.mail.smtpconfig import SMTPConfig + +if IS_WIN: + from leap.platform_init.locks import WindowsLock + +from ui_mainwindow import Ui_MainWindow + +logger = logging.getLogger(__name__) + + +class MainWindow(QtGui.QMainWindow): + """ + Main window for login and presenting status updates to the user + """ + + # StackedWidget indexes + LOGIN_INDEX = 0 + EIP_STATUS_INDEX = 1 + + # Keyring + KEYRING_KEY = "leap_client" + + # SMTP + PORT_KEY = "port" + IP_KEY = "ip_address" + + OPENVPN_SERVICE = "openvpn" + MX_SERVICE = "mx" + + # Signals + new_updates = QtCore.Signal(object) + raise_window = QtCore.Signal([]) + + # We use this flag to detect abnormal terminations + user_stopped_eip = False + + def __init__(self, quit_callback, + standalone=False, bypass_checks=False): + """ + Constructor for the client main window + + :param quit_callback: Function to be called when closing + the application. + :type quit_callback: callable + + :param standalone: Set to true if the app should use configs + inside its pwd + :type standalone: bool + + :param bypass_checks: Set to true if the app should bypass + first round of checks for CA + certificates at bootstrap + :type bypass_checks: bool + """ + QtGui.QMainWindow.__init__(self) + + # register leap events + + # XXX ------- this is blocking ----------- + register(signal=proto.UPDATER_NEW_UPDATES, + callback=self._new_updates_available) + register(signal=proto.RAISE_WINDOW, + callback=self._on_raise_window_event) + # XXX ------- this is blocking ----------- + + self._quit_callback = quit_callback + + self._updates_content = "" + + self.ui = Ui_MainWindow() + self.ui.setupUi(self) + + self._settings = LeapSettings(standalone) + + self._login_widget = LoginWidget( + self._settings, + self.ui.stackedWidget.widget(self.LOGIN_INDEX)) + self.ui.loginLayout.addWidget(self._login_widget) + + self._login_widget.login.connect(self._login) + self._login_widget.show_wizard.connect( + self._launch_wizard) + + self.ui.btnShowLog.clicked.connect(self._show_logger_window) + + self._status_panel = StatusPanelWidget( + self.ui.stackedWidget.widget(self.EIP_STATUS_INDEX)) + self.ui.statusLayout.addWidget(self._status_panel) + + self.ui.stackedWidget.setCurrentIndex(self.LOGIN_INDEX) + + self._status_panel.start_eip.connect(self._start_eip) + self._status_panel.stop_eip.connect(self._stop_eip) + + # This is loaded only once, there's a bug when doing that more + # than once + ProviderConfig.standalone = standalone + EIPConfig.standalone = standalone + self._standalone = standalone + self._provider_config = ProviderConfig() + # Used for automatic start of EIP + self._provisional_provider_config = ProviderConfig() + self._eip_config = EIPConfig() + + self._already_started_eip = False + + # This is created once we have a valid provider config + self._srp_auth = None + self._logged_user = None + + # This thread is always running, although it's quite + # lightweight when it's done setting up provider + # configuration and certificate. + self._provider_bootstrapper = ProviderBootstrapper(bypass_checks) + + # Intermediate stages, only do something if there was an error + self._provider_bootstrapper.name_resolution.connect( + self._intermediate_stage) + self._provider_bootstrapper.https_connection.connect( + self._intermediate_stage) + self._provider_bootstrapper.download_ca_cert.connect( + self._intermediate_stage) + + # Important stages, loads the provider config and checks + # certificates + self._provider_bootstrapper.download_provider_info.connect( + self._load_provider_config) + self._provider_bootstrapper.check_api_certificate.connect( + self._provider_config_loaded) + + # This thread is similar to the provider bootstrapper + self._eip_bootstrapper = EIPBootstrapper() + + self._eip_bootstrapper.download_config.connect( + self._eip_intermediate_stage) + self._eip_bootstrapper.download_client_certificate.connect( + self._finish_eip_bootstrap) + + #self._soledad_bootstrapper = SoledadBootstrapper() + #self._soledad_bootstrapper.download_config.connect( + #self._soledad_intermediate_stage) + #self._soledad_bootstrapper.gen_key.connect( + #self._soledad_bootstrapped_stage) + + self._smtp_bootstrapper = SMTPBootstrapper() + self._smtp_bootstrapper.download_config.connect( + self._smtp_bootstrapped_stage) + + self._vpn = VPN() + self._vpn.qtsigs.state_changed.connect( + self._status_panel.update_vpn_state) + self._vpn.qtsigs.status_changed.connect( + self._status_panel.update_vpn_status) + self._vpn.qtsigs.process_finished.connect( + self._eip_finished) + + self.ui.action_sign_out.setEnabled(False) + self.ui.action_sign_out.triggered.connect(self._logout) + self.ui.action_about_leap.triggered.connect(self._about) + self.ui.action_quit.triggered.connect(self.quit) + self.ui.action_wizard.triggered.connect(self._launch_wizard) + self.ui.action_show_logs.triggered.connect(self._show_logger_window) + self.raise_window.connect(self._do_raise_mainwindow) + + # Used to differentiate between real quits and close to tray + self._really_quit = False + + self._systray = None + + self._action_eip_provider = QtGui.QAction( + self.tr("No default provider"), self) + self._action_eip_provider.setEnabled(False) + self._action_eip_status = QtGui.QAction( + self.tr("Encrypted internet is OFF"), + self) + self._action_eip_status.setEnabled(False) + + self._status_panel.set_action_eip_status( + self._action_eip_status) + + self._action_eip_startstop = QtGui.QAction( + self.tr("Turn ON"), self) + self._action_eip_startstop.triggered.connect( + self._stop_eip) + + self._action_visible = QtGui.QAction(self.tr("Hide Main Window"), self) + self._action_visible.triggered.connect(self._toggle_visible) + + self._enabled_services = [] + + self._center_window() + + self.ui.lblNewUpdates.setVisible(False) + self.ui.btnMore.setVisible(False) + self.ui.btnMore.clicked.connect(self._updates_details) + self.new_updates.connect(self._react_to_new_updates) + + init_platform() + + self._wizard = None + self._wizard_firstrun = False + + self._logger_window = None + + self._bypass_checks = bypass_checks + + self._soledad = None + self._keymanager = None + + self._login_defer = None + + self._smtp_config = SMTPConfig() + + if self._first_run(): + self._wizard_firstrun = True + self._wizard = Wizard(standalone=standalone, + bypass_checks=bypass_checks) + # Give this window time to finish init and then show the wizard + QtCore.QTimer.singleShot(1, self._launch_wizard) + self._wizard.accepted.connect(self._finish_init) + self._wizard.rejected.connect(self._rejected_wizard) + else: + self._finish_init() + + def _rejected_wizard(self): + """ + SLOT + TRIGGERS: self._wizard.rejected + + Called if the wizard has been cancelled or closed before + finishing. + """ + if self._wizard_firstrun: + self._settings.set_properprovider(False) + self.quit() + else: + self._finish_init() + + def _launch_wizard(self): + """ + SLOT + TRIGGERS: + self._login_widget.show_wizard + self.ui.action_wizard.triggered + + Also called in first run. + + Launches the wizard, creating the object itself if not already + there. + """ + if self._wizard is None: + self._wizard = Wizard(bypass_checks=self._bypass_checks) + self._wizard.accepted.connect(self._finish_init) + + self.setVisible(False) + self._wizard.exec_() + # We need this to process any wizard related event + QtCore.QCoreApplication.processEvents() + self._wizard = None + self.setVisible(True) + + def _get_leap_logging_handler(self): + """ + Gets the leap handler from the top level logger + + :return: a logging handler or None + :rtype: LeapLogHandler or None + """ + from leap.util.leap_log_handler import LeapLogHandler + leap_logger = logging.getLogger('leap') + for h in leap_logger.handlers: + if isinstance(h, LeapLogHandler): + return h + return None + + def _show_logger_window(self): + """ + SLOT + TRIGGERS: + self.ui.action_show_logs.triggered + self.ui.btnShowLog.clicked + + Displays the window with the history of messages logged until now + and displays the new ones on arrival. + """ + if self._logger_window is None: + leap_log_handler = self._get_leap_logging_handler() + if leap_log_handler is None: + logger.error('Leap logger handler not found') + else: + self._logger_window = LoggerWindow(handler=leap_log_handler) + self._logger_window.setVisible( + not self._logger_window.isVisible()) + self.ui.btnShowLog.setChecked(self._logger_window.isVisible()) + else: + self._logger_window.setVisible(not self._logger_window.isVisible()) + self.ui.btnShowLog.setChecked(self._logger_window.isVisible()) + + def _new_updates_available(self, req): + """ + Callback for the new updates event + + :param req: Request type + :type req: leap.common.events.events_pb2.SignalRequest + """ + self.new_updates.emit(req) + + def _react_to_new_updates(self, req): + """ + SLOT + TRIGGER: self._new_updates_available + + Displays the new updates label and sets the updates_content + """ + self.moveToThread(QtCore.QCoreApplication.instance().thread()) + self.ui.lblNewUpdates.setVisible(True) + self.ui.btnMore.setVisible(True) + self._updates_content = req.content + + def _updates_details(self): + """ + SLOT + TRIGGER: self.ui.btnMore.clicked + + Parses and displays the updates details + """ + msg = self.tr("The LEAPClient app is ready to update, please" + " restart the application.") + + # We assume that if there is nothing in the contents, then + # the LEAPClient bundle is what needs updating. + if len(self._updates_content) > 0: + files = self._updates_content.split(", ") + files_str = "" + for f in files: + final_name = f.replace("/data/", "") + final_name = final_name.replace(".thp", "") + files_str += final_name + files_str += "\n" + msg += self.tr(" The following components will be updated:\n%s") \ + % (files_str,) + + QtGui.QMessageBox.information(self, + self.tr("Updates available"), + msg) + + def _finish_init(self): + """ + SLOT + TRIGGERS: + self._wizard.accepted + + Also called at the end of the constructor if not first run, + and after _rejected_wizard if not first run. + + Implements the behavior after either constructing the + mainwindow object, loading the saved user/password, or after + the wizard has been executed. + """ + # XXX: May be this can be divided into two methods? + + self._login_widget.set_providers(self._configured_providers()) + self._show_systray() + self.show() + + if self._wizard: + possible_username = self._wizard.get_username() + possible_password = self._wizard.get_password() + + # select the configured provider in the combo box + domain = self._wizard.get_domain() + self._login_widget.select_provider_by_name(domain) + + self._login_widget.set_remember(self._wizard.get_remember()) + self._enabled_services = list(self._wizard.get_services()) + self._settings.set_enabled_services( + self._login_widget.get_selected_provider(), + self._enabled_services) + if possible_username is not None: + self._login_widget.set_user(possible_username) + if possible_password is not None: + self._login_widget.set_password(possible_password) + self._login_widget.set_remember(has_keyring()) + self._login() + self._wizard = None + self._settings.set_properprovider(True) + else: + self._try_autostart_eip() + if not self._settings.get_remember(): + # nothing to do here + return + + saved_user = self._settings.get_user() + + try: + username, domain = saved_user.split('@') + except (ValueError, AttributeError) as e: + # if the saved_user does not contain an '@' or its None + logger.error('Username@provider malformed. %r' % (e, )) + saved_user = None + + if saved_user is not None and has_keyring(): + # fill the username + self._login_widget.set_user(username) + + # select the configured provider in the combo box + self._login_widget.select_provider_by_name(domain) + + self._login_widget.set_remember(True) + + saved_password = None + try: + saved_password = keyring.get_password(self.KEYRING_KEY, + saved_user + .encode("utf8")) + except ValueError, e: + logger.debug("Incorrect Password. %r." % (e,)) + + if saved_password is not None: + self._login_widget.set_password( + saved_password.decode("utf8")) + self._login() + + def _try_autostart_eip(self): + """ + Tries to autostart EIP + """ + default_provider = self._settings.get_defaultprovider() + + if default_provider is None: + logger.info("Cannot autostart Encrypted Internet because there is " + "no default provider configured") + return + + self._action_eip_provider.setText(default_provider) + + self._enabled_services = self._settings.get_enabled_services( + default_provider) + + if self._provisional_provider_config.load( + os.path.join("leap", + "providers", + default_provider, + "provider.json")): + self._download_eip_config() + else: + # XXX: Display a proper message to the user + logger.error("Unable to load %s config, cannot autostart." % + (default_provider,)) + + def _show_systray(self): + """ + Sets up the systray icon + """ + if self._systray is not None: + self._systray.setVisible(True) + return + systrayMenu = QtGui.QMenu(self) + systrayMenu.addAction(self._action_visible) + systrayMenu.addAction(self.ui.action_sign_out) + systrayMenu.addSeparator() + systrayMenu.addAction(self.ui.action_quit) + systrayMenu.addSeparator() + systrayMenu.addAction(self._action_eip_provider) + systrayMenu.addAction(self._action_eip_status) + systrayMenu.addAction(self._action_eip_startstop) + self._systray = QtGui.QSystemTrayIcon(self) + self._systray.setContextMenu(systrayMenu) + self._systray.setIcon(self._status_panel.ERROR_ICON) + self._systray.setVisible(True) + self._systray.activated.connect(self._tray_activated) + + self._status_panel.set_systray(self._systray) + + def _tray_activated(self, reason=None): + """ + SLOT + TRIGGER: self._systray.activated + + Displays the context menu from the tray icon + """ + get_action = lambda visible: ( + self.tr("Show Main Window"), + self.tr("Hide Main Window"))[int(visible)] + + # set labels + visible = self.isVisible() + self._action_visible.setText(get_action(visible)) + + context_menu = self._systray.contextMenu() + if not IS_MAC: + # for some reason, context_menu.show() + # is failing in a way beyond my understanding. + # (not working the first time it's clicked). + # this works however. + context_menu.exec_(self._systray.geometry().center()) + + def _toggle_visible(self): + """ + SLOT + TRIGGER: self._action_visible.triggered + + Toggles the window visibility + """ + self.setVisible(not self.isVisible()) + + def _center_window(self): + """ + Centers the mainwindow based on the desktop geometry + """ + geometry = self._settings.get_geometry() + state = self._settings.get_windowstate() + + if geometry is None: + app = QtGui.QApplication.instance() + width = app.desktop().width() + height = app.desktop().height() + window_width = self.size().width() + window_height = self.size().height() + x = (width / 2.0) - (window_width / 2.0) + y = (height / 2.0) - (window_height / 2.0) + self.move(x, y) + else: + self.restoreGeometry(geometry) + + if state is not None: + self.restoreState(state) + + def _about(self): + """ + SLOT + TRIGGERS: self.ui.action_about_leap.triggered + + Display the About LEAP dialog + """ + QtGui.QMessageBox.about( + self, self.tr("About LEAP - %s") % (VERSION,), + self.tr("version: <b>%s</b><br>" + "LEAP is a non-profit dedicated to giving " + "all internet users access to secure " + "communication. Our focus is on adapting " + "encryption technology to make it easy to use " + "and widely available. " + "<a href=\"https://leap.se\">More about LEAP" + "</a>") % (VERSION,)) + + def changeEvent(self, e): + """ + Reimplements the changeEvent method to minimize to tray + """ + if QtGui.QSystemTrayIcon.isSystemTrayAvailable() and \ + e.type() == QtCore.QEvent.WindowStateChange and \ + self.isMinimized(): + self._toggle_visible() + e.accept() + return + QtGui.QMainWindow.changeEvent(self, e) + + def closeEvent(self, e): + """ + Reimplementation of closeEvent to close to tray + """ + if QtGui.QSystemTrayIcon.isSystemTrayAvailable() and \ + not self._really_quit: + self._toggle_visible() + e.ignore() + return + + self._settings.set_geometry(self.saveGeometry()) + self._settings.set_windowstate(self.saveState()) + + QtGui.QMainWindow.closeEvent(self, e) + + def _configured_providers(self): + """ + Returns the available providers based on the file structure + + :rtype: list + """ + + # TODO: check which providers have a valid certificate among + # other things, not just the directories + providers = [] + try: + providers = os.listdir( + os.path.join(self._provider_config.get_path_prefix(), + "leap", + "providers")) + except Exception as e: + logger.debug("Error listing providers, assume there are none. %r" + % (e,)) + + return providers + + def _first_run(self): + """ + Returns True if there are no configured providers. False otherwise + + :rtype: bool + """ + has_provider_on_disk = len(self._configured_providers()) != 0 + is_proper_provider = self._settings.get_properprovider() + return not (has_provider_on_disk and is_proper_provider) + + def _download_provider_config(self): + """ + Starts the bootstrapping sequence. It will download the + provider configuration if it's not present, otherwise will + emit the corresponding signals inmediately + """ + provider = self._login_widget.get_selected_provider() + + self._provider_bootstrapper.run_provider_select_checks( + provider, + download_if_needed=True) + + def _load_provider_config(self, data): + """ + SLOT + TRIGGER: self._provider_bootstrapper.download_provider_info + + Once the provider config has been downloaded, this loads the + self._provider_config instance with it and starts the second + part of the bootstrapping sequence + + :param data: result from the last stage of the + run_provider_select_checks + :type data: dict + """ + if data[self._provider_bootstrapper.PASSED_KEY]: + provider = self._login_widget.get_selected_provider() + if self._provider_config.loaded() or \ + self._provider_config.load(os.path.join("leap", + "providers", + provider, + "provider.json")): + self._provider_bootstrapper.run_provider_setup_checks( + self._provider_config, + download_if_needed=True) + else: + self._login_widget.set_status( + self.tr("Could not load provider configuration.")) + self._login_widget.set_enabled(True) + else: + self._login_widget.set_status( + data[self._provider_bootstrapper.ERROR_KEY]) + self._login_widget.set_enabled(True) + + def _login(self): + """ + SLOT + TRIGGERS: + self.ui.btnLogin.clicked + self.ui.lnPassword.returnPressed + + Starts the login sequence. Which involves bootstrapping the + selected provider if the selection is valid (not empty), then + start the SRP authentication, and as the last step + bootstrapping the EIP service + """ + leap_assert(self._provider_config, "We need a provider config") + + username = self._login_widget.get_user() + password = self._login_widget.get_password() + provider = self._login_widget.get_selected_provider() + + self._enabled_services = self._settings.get_enabled_services( + self._login_widget.get_selected_provider()) + + if len(provider) == 0: + self._login_widget.set_status( + self.tr("Please select a valid provider")) + return + + if len(username) == 0: + self._login_widget.set_status( + self.tr("Please provide a valid username")) + return + + if len(password) == 0: + self._login_widget.set_status( + self.tr("Please provide a valid Password")) + return + + self._login_widget.set_status(self.tr("Logging in..."), error=False) + self._login_widget.set_enabled(False) + + if self._login_widget.get_remember() and has_keyring(): + # in the keyring and in the settings + # we store the value 'usename@provider' + username_domain = (username + '@' + provider).encode("utf8") + try: + keyring.set_password(self.KEYRING_KEY, + username_domain, + password.encode("utf8")) + # Only save the username if it was saved correctly in + # the keyring + self._settings.set_user(username_domain) + except Exception as e: + logger.error("Problem saving data to keyring. %r" + % (e,)) + + self._download_provider_config() + + def _provider_config_loaded(self, data): + """ + SLOT + TRIGGER: self._provider_bootstrapper.check_api_certificate + + Once the provider configuration is loaded, this starts the SRP + authentication + """ + leap_assert(self._provider_config, "We need a provider config!") + + if data[self._provider_bootstrapper.PASSED_KEY]: + username = self._login_widget.get_user().encode("utf8") + password = self._login_widget.get_password().encode("utf8") + + if self._srp_auth is None: + self._srp_auth = SRPAuth(self._provider_config) + self._srp_auth.authentication_finished.connect( + self._authentication_finished) + self._srp_auth.logout_finished.connect( + self._done_logging_out) + + # TODO: Add errback! + self._login_defer = self._srp_auth.authenticate(username, password) + else: + self._login_widget.set_status( + data[self._provider_bootstrapper.ERROR_KEY]) + self._login_widget.set_enabled(True) + + def _authentication_finished(self, ok, message): + """ + SLOT + TRIGGER: self._srp_auth.authentication_finished + + Once the user is properly authenticated, try starting the EIP + service + """ + self._login_widget.set_status(message, error=not ok) + if ok: + self._logged_user = self._login_widget.get_user() + self.ui.action_sign_out.setEnabled(True) + # We leave a bit of room for the user to see the + # "Succeeded" message and then we switch to the EIP status + # panel + QtCore.QTimer.singleShot(1000, self._switch_to_status) + self._login_defer = None + else: + self._login_widget.set_enabled(True) + + def _switch_to_status(self): + """ + Changes the stackedWidget index to the EIP status one and + triggers the eip bootstrapping + """ + if not self._already_started_eip: + self._status_panel.set_provider( + "%s@%s" % (self._login_widget.get_user(), + self._get_best_provider_config().get_domain())) + + self.ui.stackedWidget.setCurrentIndex(self.EIP_STATUS_INDEX) + + # XXX disabling soledad for now + #self._soledad_bootstrapper.run_soledad_setup_checks( + #self._provider_config, + #self._login_widget.get_user(), + #self._login_widget.get_password(), + #download_if_needed=True) + + self._download_eip_config() + + def _soledad_intermediate_stage(self, data): + """ + SLOT + TRIGGERS: + self._soledad_bootstrapper.download_config + + If there was a problem, displays it, otherwise it does nothing. + This is used for intermediate bootstrapping stages, in case + they fail. + """ + passed = data[self._soledad_bootstrapper.PASSED_KEY] + if not passed: + # TODO: display in the GUI + logger.error("Soledad failed to start: %s" % + (data[self._soledad_bootstrapper.ERROR_KEY],)) + + def _soledad_bootstrapped_stage(self, data): + """ + SLOT + TRIGGERS: + self._soledad_bootstrapper.gen_key + + If there was a problem, displays it, otherwise it does nothing. + This is used for intermediate bootstrapping stages, in case + they fail. + + :param data: result from the bootstrapping stage for Soledad + :type data: dict + """ + passed = data[self._soledad_bootstrapper.PASSED_KEY] + if not passed: + logger.error(data[self._soledad_bootstrapper.ERROR_KEY]) + else: + logger.debug("Done bootstrapping Soledad") + + self._soledad = self._soledad_bootstrapper.soledad + self._keymanager = self._soledad_bootstrapper.keymanager + + if self._provider_config.provides_mx() and \ + self._enabled_services.count(self.MX_SERVICE) > 0: + self._smtp_bootstrapper.run_smtp_setup_checks( + self._provider_config, + self._smtp_config, + True) + else: + if self._enabled_services.count(self.MX_SERVICE) > 0: + pass # TODO: show MX status + #self._status_panel.set_eip_status( + # self.tr("%s does not support MX") % + # (self._provider_config.get_domain(),), + # error=True) + else: + pass # TODO: show MX status + #self._status_panel.set_eip_status( + # self.tr("MX is disabled")) + + def _smtp_bootstrapped_stage(self, data): + """ + SLOT + TRIGGERS: + self._smtp_bootstrapper.download_config + + If there was a problem, displays it, otherwise it does nothing. + This is used for intermediate bootstrapping stages, in case + they fail. + + :param data: result from the bootstrapping stage for Soledad + :type data: dict + """ + passed = data[self._smtp_bootstrapper.PASSED_KEY] + if not passed: + logger.error(data[self._smtp_bootstrapper.ERROR_KEY]) + else: + logger.debug("Done bootstrapping SMTP") + + hosts = self._smtp_config.get_hosts() + # TODO: handle more than one host and define how to choose + if len(hosts) > 0: + hostname = hosts.keys()[0] + logger.debug("Using hostname %s for SMTP" % (hostname,)) + host = hosts[hostname][self.IP_KEY].encode("utf-8") + port = hosts[hostname][self.PORT_KEY] + # TODO: pick local smtp port in a better way + # TODO: Make the encrypted_only configurable + + from leap.mail.smtp import setup_smtp_relay + setup_smtp_relay(port=1234, + keymanager=self._keymanager, + smtp_host=host, + smtp_port=port, + smtp_username=".", + smtp_password=".", + encrypted_only=False) + + def _get_socket_host(self): + """ + Returns the socket and port to be used for VPN + + :rtype: tuple (str, str) (host, port) + """ + + # TODO: make this properly multiplatform + + if platform.system() == "Windows": + host = "localhost" + port = "9876" + else: + host = os.path.join(tempfile.mkdtemp(prefix="leap-tmp"), + 'openvpn.socket') + port = "unix" + + return host, port + + def _start_eip(self): + """ + SLOT + TRIGGERS: + self.ui.btnEipStartStop.clicked + self._action_eip_startstop.triggered + or called from _finish_eip_bootstrap + + Starts EIP + """ + self._status_panel.eip_pre_up() + self.user_stopped_eip = False + provider_config = self._get_best_provider_config() + + try: + host, port = self._get_socket_host() + self._vpn.start(eipconfig=self._eip_config, + providerconfig=provider_config, + socket_host=host, + socket_port=port) + + self._settings.set_defaultprovider( + provider_config.get_domain()) + + provider = provider_config.get_domain() + if self._logged_user is not None: + provider = "%s@%s" % (self._logged_user, provider) + + self._status_panel.set_provider(provider) + + self._action_eip_provider.setText(provider_config.get_domain()) + + self._status_panel.eip_started() + + self._action_eip_startstop.setText(self.tr("Turn OFF")) + self._action_eip_startstop.disconnect(self) + self._action_eip_startstop.triggered.connect( + self._stop_eip) + except EIPNoPolkitAuthAgentAvailable: + self._status_panel.set_global_status( + # XXX this should change to polkit-kde where + # applicable. + self.tr("We could not find any " + "authentication " + "agent in your system.<br/>" + "Make sure you have " + "<b>polkit-gnome-authentication-" + "agent-1</b> " + "running and try again."), + error=True) + self._set_eipstatus_off() + except EIPNoPkexecAvailable: + self._status_panel.set_global_status( + self.tr("We could not find <b>pkexec</b> " + "in your system."), + error=True) + self._set_eipstatus_off() + except OpenVPNNotFoundException: + self._status_panel.set_global_status( + self.tr("We could not find openvpn binary."), + error=True) + self._set_eipstatus_off() + except VPNLauncherException as e: + self._status_panel.set_gloal_status("%s" % (e,), error=True) + self._set_eipstatus_off() + else: + self._already_started_eip = True + + def _set_eipstatus_off(self): + """ + Sets eip status to off + """ + self._status_panel.set_eip_status(self.tr("OFF"), error=True) + self._status_panel.set_startstop_enabled(True) + + def _stop_eip(self, abnormal=False): + """ + Stops vpn process and makes gui adjustments to reflect + the change of state. + + :param abnormal: whether this was an abnormal termination. + :type abnormal: bool + "" + """ + self.user_stopped_eip = True + self._vpn.terminate() + + self._status_panel.set_eip_status(self.tr("OFF")) + self._status_panel.set_eip_status_icon("error") + self._status_panel.eip_stopped() + self._action_eip_startstop.setText(self.tr("Turn ON")) + self._action_eip_startstop.disconnect(self) + self._action_eip_startstop.triggered.connect( + self._start_eip) + self._already_started_eip = False + self._settings.set_defaultprovider(None) + if self._logged_user: + self._status_panel.set_provider( + "%s@%s" % (self._logged_user, + self._get_best_provider_config().get_domain())) + if abnormal: + self._status_panel.set_startstop_enabled(True) + + def _get_best_provider_config(self): + """ + Returns the best ProviderConfig to use at a moment. We may + have to use self._provider_config or + self._provisional_provider_config depending on the start + status. + + :rtype: ProviderConfig + """ + leap_assert(self._provider_config is not None or + self._provisional_provider_config is not None, + "We need a provider config") + + provider_config = None + if self._provider_config.loaded(): + provider_config = self._provider_config + elif self._provisional_provider_config.loaded(): + provider_config = self._provisional_provider_config + else: + leap_assert(False, "We could not find any usable ProviderConfig.") + + return provider_config + + def _download_eip_config(self): + """ + Starts the EIP bootstrapping sequence + """ + leap_assert(self._eip_bootstrapper, "We need an eip bootstrapper!") + + provider_config = self._get_best_provider_config() + + if provider_config.provides_eip() and \ + self._enabled_services.count(self.OPENVPN_SERVICE) > 0 and \ + not self._already_started_eip: + + self._status_panel.set_eip_status( + self.tr("Starting...")) + self._eip_bootstrapper.run_eip_setup_checks( + provider_config, + download_if_needed=True) + self._already_started_eip = True + elif not self._already_started_eip: + if self._enabled_services.count(self.OPENVPN_SERVICE) > 0: + self._status_panel.set_eip_status( + self.tr("Not supported"), + error=True) + else: + self._status_panel.set_eip_status(self.tr("Disabled")) + self.ui.btnEipStartStop.setEnabled(False) + + def _finish_eip_bootstrap(self, data): + """ + SLOT + TRIGGER: self._eip_bootstrapper.download_client_certificate + + Starts the VPN thread if the eip configuration is properly + loaded + """ + leap_assert(self._eip_config, "We need an eip config!") + + provider_config = self._get_best_provider_config() + + domain = provider_config.get_domain() + + if data[self._eip_bootstrapper.PASSED_KEY] and \ + (self._eip_config.loaded() or + self._eip_config.load(os.path.join("leap", + "providers", + domain, + "eip-service.json"))): + self._start_eip() + else: + if data[self._eip_bootstrapper.PASSED_KEY]: + self._status_panel.set_eip_status( + self.tr("Could not load Encrypted Internet " + "Configuration."), + error=True) + else: + self._status_panel.set_eip_status( + data[self._eip_bootstrapper.ERROR_KEY], + error=True) + self._already_started_eip = False + + def _logout(self): + """ + SLOT + TRIGGER: self.ui.action_sign_out.triggered + + Starts the logout sequence + """ + # XXX: If other defers are doing authenticated stuff, this + # might conflict with those. CHECK! + threads.deferToThread(self._srp_auth.logout) + + def _done_logging_out(self, ok, message): + """ + SLOT + TRIGGER: self._srp_auth.logout_finished + + Switches the stackedWidget back to the login stage after + logging out + """ + self._logged_user = None + self.ui.action_sign_out.setEnabled(False) + self.ui.stackedWidget.setCurrentIndex(self.LOGIN_INDEX) + self._login_widget.set_password("") + self._login_widget.set_enabled(True) + self._login_widget.set_status("") + + def _intermediate_stage(self, data): + """ + SLOT + TRIGGERS: + self._provider_bootstrapper.name_resolution + self._provider_bootstrapper.https_connection + self._provider_bootstrapper.download_ca_cert + self._eip_bootstrapper.download_config + + If there was a problem, displays it, otherwise it does nothing. + This is used for intermediate bootstrapping stages, in case + they fail. + """ + passed = data[self._provider_bootstrapper.PASSED_KEY] + if not passed: + self._login_widget.set_enabled(True) + self._login_widget.set_status( + data[self._provider_bootstrapper.ERROR_KEY]) + + def _eip_intermediate_stage(self, data): + """ + SLOT + TRIGGERS: + self._eip_bootstrapper.download_config + + If there was a problem, displays it, otherwise it does nothing. + This is used for intermediate bootstrapping stages, in case + they fail. + """ + passed = data[self._provider_bootstrapper.PASSED_KEY] + if not passed: + self._login_widget.set_status( + data[self._provider_bootstrapper.ERROR_KEY]) + self._already_started_eip = False + + def _eip_finished(self, exitCode): + """ + SLOT + TRIGGERS: + self._vpn.process_finished + + Triggered when the EIP/VPN process finishes to set the UI + accordingly. + """ + logger.info("VPN process finished with exitCode %s..." + % (exitCode,)) + + # Ideally we would have the right exit code here, + # but the use of different wrappers (pkexec, cocoasudo) swallows + # the openvpn exit code so we get zero exit in some cases where we + # shouldn't. As a workaround we just use a flag to indicate + # a purposeful switch off, and mark everything else as unexpected. + + # In the near future we should trigger a native notification from here, + # since the user really really wants to know she is unprotected asap. + # And the right thing to do will be to fail-close. + + # TODO we should have a way of parsing the latest lines in the vpn + # log buffer so we can have a more precise idea of which type + # of error did we have (server side, local problem, etc) + abnormal = True + + # XXX check if these exitCodes are pkexec/cocoasudo specific + if exitCode in (126, 127): + self._status_panel.set_global_status( + self.tr("Encrypted Internet could not be launched " + "because you did not authenticate properly."), + error=True) + self._vpn.killit() + elif exitCode != 0 or not self.user_stopped_eip: + self._status_panel.set_global_status( + self.tr("Encrypted Internet finished in an " + "unexpected manner!"), error=True) + else: + abnormal = False + if exitCode == 0: + # XXX remove this warning after I fix cocoasudo. + logger.warning("The above exit code MIGHT BE WRONG.") + self._stop_eip(abnormal) + + def _on_raise_window_event(self, req): + """ + Callback for the raise window event + """ + self.raise_window.emit() + + def _do_raise_mainwindow(self): + """ + SLOT + TRIGGERS: + self._on_raise_window_event + + Triggered when we receive a RAISE_WINDOW event. + """ + TOPFLAG = QtCore.Qt.WindowStaysOnTopHint + self.setWindowFlags(self.windowFlags() | TOPFLAG) + self.show() + self.setWindowFlags(self.windowFlags() & ~TOPFLAG) + self.show() + + def _cleanup_pidfiles(self): + """ + Removes lockfiles on a clean shutdown. + + Triggered after aboutToQuit signal. + """ + if IS_WIN: + lockfile = WindowsLock() + lockfile.release_lock() + + def _cleanup_and_quit(self): + """ + Call all the cleanup actions in a serialized way. + Should be called from the quit function. + """ + logger.debug('About to quit, doing cleanup...') + + logger.debug('Cleaning pidfiles') + self._cleanup_pidfiles() + + logger.debug('Terminating vpn') + self._vpn.terminate(shutdown=True) + + def quit(self): + """ + Cleanup and tidely close the main window before quitting. + """ + self._cleanup_and_quit() + + self._really_quit = True + if self._wizard: + self._wizard.close() + + if self._logger_window: + self._logger_window.close() + + if self._login_defer: + self._login_defer.cancel() + + self.close() + + if self._quit_callback: + self._quit_callback() + + logger.debug('Bye.') + + +if __name__ == "__main__": + import signal + + def sigint_handler(*args, **kwargs): + logger.debug('SIGINT catched. shutting down...') + mainwindow = args[0] + mainwindow.quit() + + import sys + + logger = logging.getLogger(name='leap') + logger.setLevel(logging.DEBUG) + console = logging.StreamHandler() + console.setLevel(logging.DEBUG) + formatter = logging.Formatter( + '%(asctime)s ' + '- %(name)s - %(levelname)s - %(message)s') + console.setFormatter(formatter) + logger.addHandler(console) + + app = QtGui.QApplication(sys.argv) + mainwindow = MainWindow() + mainwindow.show() + + timer = QtCore.QTimer() + timer.start(500) + timer.timeout.connect(lambda: None) + + sigint = partial(sigint_handler, mainwindow) + signal.signal(signal.SIGINT, sigint) + + sys.exit(app.exec_()) diff --git a/src/leap/gui/mainwindow_rc.py b/src/leap/gui/mainwindow_rc.py deleted file mode 100644 index 9edb712a..00000000 --- a/src/leap/gui/mainwindow_rc.py +++ /dev/null @@ -1,2564 +0,0 @@ -# -*- coding: utf-8 -*- - -# Resource object code -# -# Created: Fri Feb 1 00:37:24 2013 -# by: The Resource Compiler for PyQt (Qt v4.8.2) -# -# WARNING! All changes made in this file will be lost! - -from PyQt4 import QtCore - -qt_resource_data = "\ -\x00\x00\x05\x95\ -\x89\ -\x50\x4e\x47\x0d\x0a\x1a\x0a\x00\x00\x00\x0d\x49\x48\x44\x52\x00\ -\x00\x00\x40\x00\x00\x00\x40\x08\x03\x00\x00\x00\x9d\xb7\x81\xec\ -\x00\x00\x00\x03\x73\x42\x49\x54\x08\x08\x08\xdb\xe1\x4f\xe0\x00\ -\x00\x00\x09\x70\x48\x59\x73\x00\x00\x37\x5d\x00\x00\x37\x5d\x01\ -\x19\x80\x46\x5d\x00\x00\x00\x19\x74\x45\x58\x74\x53\x6f\x66\x74\ -\x77\x61\x72\x65\x00\x77\x77\x77\x2e\x69\x6e\x6b\x73\x63\x61\x70\ -\x65\x2e\x6f\x72\x67\x9b\xee\x3c\x1a\x00\x00\x00\x1f\x74\x45\x58\ -\x74\x54\x69\x74\x6c\x65\x00\x47\x6e\x6f\x6d\x65\x20\x53\x79\x6d\ -\x62\x6f\x6c\x69\x63\x20\x49\x63\x6f\x6e\x20\x54\x68\x65\x6d\x65\ -\x8e\xa4\x29\xab\x00\x00\x02\x13\x50\x4c\x54\x45\xff\xff\xff\xff\ -\x00\x00\xff\x00\x00\xaa\x00\x00\xbf\x00\x00\xbf\xbf\xbf\xd5\x00\ -\x00\xc6\x00\x00\xc4\x00\x00\xbb\xbb\xbb\xcc\x00\x00\xcf\x00\x00\ -\xcc\x00\x00\xce\x00\x00\xb9\xb9\xb9\xc2\xc2\xc2\xce\x00\x00\xca\ -\x00\x00\xcc\x00\x00\xcd\x00\x00\xcc\x00\x00\xc1\xc1\xc1\xce\x00\ -\x00\xca\x00\x00\xcb\x00\x00\xcd\x00\x00\xcb\x00\x00\xcd\x00\x00\ -\xce\x00\x00\xbe\xbe\xbe\xcc\x00\x00\xbf\xbf\xbf\xbe\xbe\xbe\xcd\ -\x00\x00\xcb\x00\x00\xcc\x00\x00\xcd\x00\x00\xcc\x00\x00\xcc\x00\ -\x00\xbe\xbe\xbe\xbf\xbf\xbf\xcb\x00\x00\xcb\x00\x00\xcb\x00\x00\ -\xcc\x00\x00\xcc\x00\x00\xbf\xbf\xbf\xcd\x00\x00\xcb\x00\x00\xcc\ -\x00\x00\xcc\x00\x00\xbf\xbf\xbf\xcc\x00\x00\xcc\x00\x00\xcc\x00\ -\x00\xbe\xbe\xbe\xcc\x00\x00\xbe\xbe\xbe\xcc\x00\x00\xcc\x00\x00\ -\xcc\x00\x00\xcc\x00\x00\xbe\xbe\xbe\xbe\xbe\xbe\xcc\x00\x00\xcc\ -\x00\x00\xcc\x00\x00\xcc\x00\x00\xbe\xb7\xb7\xbe\xb8\xb8\xbe\xba\ -\xba\xbe\xbc\xbc\xbe\xbd\xbd\xbe\xbe\xbe\xbf\xaa\xaa\xbf\xab\xab\ -\xbf\xac\xac\xbf\xad\xad\xbf\xae\xae\xbf\xb0\xb0\xbf\xb1\xb1\xbf\ -\xb4\xb4\xbf\xb6\xb6\xbf\xb7\xb7\xc0\x9c\x9c\xc0\x9d\x9d\xc0\xa1\ -\xa1\xc0\xa2\xa2\xc0\xa4\xa4\xc0\xa5\xa5\xc0\xa6\xa6\xc0\xa7\xa7\ -\xc0\xa8\xa8\xc1\x8d\x8d\xc1\x91\x91\xc1\x94\x94\xc1\x95\x95\xc1\ -\x96\x96\xc1\x99\x99\xc1\x9c\x9c\xc2\x82\x82\xc2\x87\x87\xc2\x88\ -\x88\xc2\x8d\x8d\xc2\x8e\x8e\xc3\x73\x73\xc3\x74\x74\xc3\x76\x76\ -\xc3\x79\x79\xc3\x7c\x7c\xc3\x7d\x7d\xc3\x7f\x7f\xc4\x67\x67\xc4\ -\x6c\x6c\xc4\x6d\x6d\xc4\x6e\x6e\xc4\x70\x70\xc5\x59\x59\xc5\x5d\ -\x5d\xc5\x5f\x5f\xc5\x62\x62\xc5\x63\x63\xc6\x4c\x4c\xc6\x4f\x4f\ -\xc6\x50\x50\xc6\x53\x53\xc6\x56\x56\xc6\x58\x58\xc7\x3e\x3e\xc7\ -\x41\x41\xc7\x43\x43\xc7\x45\x45\xc7\x46\x46\xc7\x47\x47\xc7\x4b\ -\x4b\xc8\x31\x31\xc8\x35\x35\xc8\x36\x36\xc8\x38\x38\xc8\x3a\x3a\ -\xc8\x3c\x3c\xc9\x22\x22\xc9\x25\x25\xc9\x26\x26\xc9\x27\x27\xc9\ -\x28\x28\xc9\x2a\x2a\xc9\x2d\x2d\xc9\x2e\x2e\xca\x16\x16\xca\x17\ -\x17\xca\x1a\x1a\xca\x1b\x1b\xca\x1c\x1c\xca\x1d\x1d\xca\x1e\x1e\ -\xca\x20\x20\xca\x21\x21\xcb\x07\x07\xcb\x09\x09\xcb\x0a\x0a\xcb\ -\x0c\x0c\xcb\x0d\x0d\xcb\x0e\x0e\xcb\x0f\x0f\xcb\x10\x10\xcb\x11\ -\x11\xcb\x12\x12\xcb\x13\x13\xcc\x00\x00\xcc\x01\x01\xcc\x02\x02\ -\xcc\x03\x03\xcc\x04\x04\xcc\x05\x05\xcc\x06\x06\xcc\x07\x07\xd4\ -\x0d\x79\xbb\x00\x00\x00\x44\x74\x52\x4e\x53\x00\x01\x02\x03\x04\ -\x04\x06\x09\x0d\x0f\x0f\x10\x14\x15\x16\x19\x1a\x1d\x1e\x24\x28\ -\x29\x2a\x30\x36\x3d\x40\x42\x43\x4b\x55\x58\x5e\x60\x63\x64\x65\ -\x6e\x73\x7d\x7f\x8a\x94\x99\x9a\xaa\xb2\xbb\xbc\xc3\xc9\xca\xd2\ -\xd5\xde\xe0\xe3\xe6\xe8\xed\xef\xf6\xf7\xfa\xfa\xfb\xfc\xfd\xef\ -\xfa\x14\xec\x00\x00\x02\x79\x49\x44\x41\x54\x58\xc3\xed\x96\xd7\ -\x5b\x13\x41\x14\x47\x47\x05\x15\x5b\x2c\xa0\x58\x62\xb0\x26\xb6\ -\xa0\x46\xc5\x28\x12\x6c\x49\xae\x0d\x62\x01\xc5\x82\x58\x10\x7b\ -\x2f\xd8\x1b\x8a\xbd\x00\x62\x41\x45\x14\xf5\x04\x51\xff\x44\x1f\ -\x76\x37\x1f\x09\xc9\x66\x37\x8f\xc8\xef\xed\xee\xf7\x9d\xb3\x33\ -\x73\x67\x66\x57\xa9\xfe\x98\x65\x94\xd3\xe3\xf5\xfb\xbd\x1e\xe7\ -\xa8\x8c\xf0\x6c\x77\x40\xf4\x04\xdc\xd9\xf6\xf9\x3c\x9f\xf4\x88\ -\x2f\xcf\x2e\x5f\x50\x22\x71\x29\x29\xb0\xf9\xfe\x04\x5e\xa4\xc4\ -\xd6\x18\xb2\x7d\xd2\x2b\x3e\x3b\xeb\xe0\x96\x24\x71\xdb\xe8\x5f\ -\x20\x99\x20\x60\xbd\x9b\x4e\x83\x29\x72\x39\x1c\xae\x22\xa3\x72\ -\x5a\x16\x78\x0c\x3e\x47\x29\xa5\x72\x0c\x83\xc7\xb2\xc0\xab\x13\ -\x2e\xad\x74\xe9\xa5\xd7\xb2\xc0\xaf\x13\x0e\xad\x74\xe8\xa5\xdf\ -\x12\x3c\x31\x57\x29\x63\xd2\xc6\xb3\x58\x3d\x60\xda\xa0\x74\x7c\ -\x6e\x71\xf1\x94\x94\x82\x21\x0b\x98\x9b\x86\x1f\xb9\x0c\x56\xcf\ -\x4c\x21\xd8\xb4\x18\x98\x65\x2e\x28\x04\xe0\x66\x38\x99\xe0\x60\ -\x0b\xc0\x9a\x7c\x53\xc1\x84\xe5\x00\x3c\xd9\xda\x7b\x1f\x1d\x6e\ -\x07\x60\xce\x40\xf3\x21\x8c\x7e\x01\xc0\xf3\x0d\x89\xfc\xd9\x2e\ -\x80\xee\xa3\x69\xbb\xb0\xed\x29\x00\x3f\x0f\xc4\xe1\xa1\x6b\x00\ -\x7c\x39\x22\x69\x05\x12\xbe\x05\xc0\xa7\x43\x3d\xf8\x48\x23\x00\ -\xad\x15\x62\x41\x20\x72\xac\x1b\x20\x7a\x26\xc6\x57\xb5\x01\xd0\ -\x54\x26\xd6\x04\x52\xd7\x01\xc0\x83\xa0\xc6\x57\x77\x02\x70\x2f\ -\x28\x56\x05\x52\xf9\x16\x80\x87\xe5\x22\x22\x27\x7f\x03\x44\xaf\ -\xc4\xb7\xd6\x5c\x20\x65\xcd\x00\xbc\xdf\x29\x72\x19\x80\x3f\xa7\ -\xc4\x96\x40\x82\x0d\x00\x7c\xdd\x7b\x17\x80\xce\x6a\xb1\x29\x10\ -\xa9\x8f\x02\x44\x01\x68\xab\x12\xfb\x02\x39\xfd\x17\x3d\x8d\x11\ -\xc9\x44\x20\x35\x5a\x33\xb8\x1a\x92\xcc\x04\x17\x7e\x69\x82\x57\ -\x9b\x33\x12\x84\x6e\x18\x33\xa0\x65\x7b\x06\x82\xc8\x63\x00\x3e\ -\x03\xd0\x5e\x6b\x5b\xb0\xe7\x19\x00\x2f\x37\x9e\xef\x02\xe8\x3a\ -\x67\x53\x50\xf3\x03\x80\xdb\xeb\x44\x6a\xb5\x7b\xe0\x7a\xc8\x8e\ -\x40\xef\xe0\xc5\xb0\x88\xc8\x8e\x37\x00\x3c\x8a\x58\x17\x68\x7b\ -\xa8\xfb\xb8\x3e\xea\x2d\xaf\x01\xf8\xb8\xdb\xa2\x20\x78\x1f\x80\ -\x8e\xba\xd8\xc2\xad\xbf\x03\xc0\xf7\xfd\x96\x04\x65\x4d\x00\xbc\ -\xab\xec\xd1\xfc\xf0\xa5\xd8\x89\x4a\x2b\xa8\x68\x05\xa0\xb9\x3c\ -\xfe\x4a\x3c\x61\x9c\xe9\x74\xfc\x64\x6d\xfb\x36\x04\x13\x2f\xd5\ -\x7d\xdf\xb4\x5b\x65\xb0\x39\x3f\xa3\x14\x20\x5a\x9f\xe4\xf7\x60\ -\xd7\x07\x00\x16\x8d\x30\x15\xcc\x03\x58\x35\x35\xf1\x9b\xa8\x94\ -\x52\x6a\xf8\x42\x80\x95\xe3\x4c\x05\x59\x85\xb0\x22\x5f\x25\x15\ -\xa8\xac\xf9\x50\x3a\x29\xcd\x1a\x0c\x5b\xba\x64\xac\x4a\x21\x50\ -\x6a\xf6\xda\xe9\x69\xbb\x30\x66\xa8\x4a\x2d\x50\xe3\xed\xfd\x2d\ -\x5a\x3e\x40\x7d\x44\x20\x36\xd3\x2f\xe8\x9b\x82\xff\x38\xff\x00\ -\xc1\x36\x30\x95\xf0\x66\xca\x60\x00\x00\x00\x00\x49\x45\x4e\x44\ -\xae\x42\x60\x82\ -\x00\x00\x04\xec\ -\x89\ -\x50\x4e\x47\x0d\x0a\x1a\x0a\x00\x00\x00\x0d\x49\x48\x44\x52\x00\ -\x00\x00\x18\x00\x00\x00\x18\x08\x06\x00\x00\x00\xe0\x77\x3d\xf8\ -\x00\x00\x00\x04\x73\x42\x49\x54\x08\x08\x08\x08\x7c\x08\x64\x88\ -\x00\x00\x00\x09\x70\x48\x59\x73\x00\x00\x06\xec\x00\x00\x06\xec\ -\x01\x1e\x75\x38\x35\x00\x00\x00\x19\x74\x45\x58\x74\x53\x6f\x66\ -\x74\x77\x61\x72\x65\x00\x77\x77\x77\x2e\x69\x6e\x6b\x73\x63\x61\ -\x70\x65\x2e\x6f\x72\x67\x9b\xee\x3c\x1a\x00\x00\x00\x13\x74\x45\ -\x58\x74\x41\x75\x74\x68\x6f\x72\x00\x52\x6f\x64\x6e\x65\x79\x20\ -\x44\x61\x77\x65\x73\x0e\xd8\x7e\x1d\x00\x00\x04\x4a\x49\x44\x41\ -\x54\x48\x89\x8d\x96\x5d\x6c\x53\x65\x18\xc7\x7f\xef\x39\x6b\xbb\ -\x7e\x9c\x75\x65\xad\x2b\x9b\xfb\xd0\x31\xdd\x14\xb6\x8c\x19\x44\ -\x90\x44\x63\x82\x42\x88\x5e\x90\x98\xcc\x19\x15\x13\xd4\x18\x76\ -\x61\xd4\x18\xe3\x85\x57\xca\x05\xe1\xc2\x0c\xa3\xa8\x51\xd0\x4c\ -\x12\xe3\x85\x31\x80\x26\x6a\xe2\x85\x23\xb0\x38\xb6\xc1\x1c\xce\ -\xb1\x40\x59\xf6\xe5\xca\xda\xae\xed\xfa\x75\x7a\x5e\x2f\x4e\xd7\ -\x59\xd6\x32\xfe\xc9\x7b\xf3\x9e\xe7\xf9\xff\x9f\xe7\xff\x9e\xf3\ -\x9c\x57\x48\x29\x59\x0f\xbd\x7b\x85\x0d\x17\xed\x1e\xbb\xb2\x07\ -\x20\x94\x30\x7e\x22\xc6\x48\xcf\x59\x99\x5a\x2f\x57\x94\x12\xf8\ -\xec\x55\x61\x71\x65\x6d\x47\xfc\xbe\xda\x47\x9d\x5a\xa5\xbf\xda\ -\x69\xaf\xda\xe0\x28\x2f\x07\x58\x5c\x4e\x26\xe7\xe3\x89\x9b\xf1\ -\x68\x78\x6e\x6e\x61\xfa\x8f\x98\x9a\x7a\xfb\x95\xe3\x32\x73\xc7\ -\x02\x9f\x76\x89\x8e\xba\xda\xda\x2f\xb7\x37\xdf\xdf\xe6\x2a\x13\ -\x8a\x94\x06\x82\xc2\x38\x89\x40\x08\x85\x98\x2e\x8d\xf3\x13\xe3\ -\x97\xa6\xa6\xa7\x5f\x7e\xed\x94\x1c\x5a\x57\xa0\xef\xa0\xfd\x70\ -\x5b\xf3\x96\x03\xcd\xde\x8a\x6a\x61\x64\xd7\x73\xc0\x14\x53\x54\ -\x26\x82\x4b\xf3\x97\x26\x2e\x7f\xd5\xfd\x79\xe2\xdd\x92\x02\x27\ -\x5f\x2a\x7b\xe1\x89\xce\x1d\xc7\xbc\x76\x55\x13\xc5\x98\xac\x4e\ -\x10\x0a\xa4\xa2\x6b\x45\x80\x60\x22\x1b\xfd\x6d\xf0\xdc\xa1\x17\ -\x4f\xe8\x5f\xaf\x11\x38\xfa\x9c\xf0\x6e\xdb\xf4\xc0\xf9\x6d\xf5\ -\xfe\x26\x30\xf2\x89\xca\xc6\x76\xd4\x07\xf7\xa3\xd4\x74\x80\xd5\ -\x65\x6e\xa6\xe3\x64\x03\xfd\x64\x2f\x9e\x40\x46\x67\xff\x27\xa3\ -\x30\x70\x63\x6e\x72\xe0\xea\xd8\xf6\x37\xbf\x95\x41\x73\x27\x87\ -\x06\x8f\xa7\x6f\x6b\x7d\x4d\x01\x39\x80\x52\xff\x08\x4a\xe3\xae\ -\x55\xf2\x5c\x27\x6a\xf3\x6e\x2c\x7b\x8f\x9a\x5d\xe5\x61\xb0\xb5\ -\xbe\xa6\xa9\xc1\xe3\xe9\x5b\x95\x04\x7a\xbb\x44\x47\x5b\x53\xcb\ -\x4e\x15\xbd\x98\x31\xc8\x70\x00\xfd\xfc\xc7\x64\xce\xbc\x81\x7e\ -\xe1\x13\xc8\x75\x2d\xb4\x8d\x28\xb5\x0f\x15\xc4\xaa\xe8\xb4\x35\ -\xb5\xec\xec\xed\x12\x1d\x00\x65\x00\xee\x72\x65\x9f\x5f\x73\x38\ -\x05\x6b\x0f\x35\x3b\xf6\x03\xfa\xc0\xf1\x3c\x29\xb3\xc3\xa8\xf7\ -\x3e\x8e\xf0\xb5\x98\x22\xf6\x0d\x05\xf1\x02\xf0\x6b\x0e\xa7\xbb\ -\x5c\xd9\x07\x0c\x29\x00\x9a\xc3\xd5\x69\x55\xd5\xe2\xd5\x47\xe7\ -\x56\xc9\x01\xe1\xbe\x1b\xe1\xb9\x67\xf5\x79\x70\x7c\x4d\x8e\x55\ -\x55\xd1\x1c\xae\xce\xbc\x45\x15\x6e\x5f\x9d\x90\xc5\xed\x29\xa8\ -\xae\xa2\x06\xcb\x53\x47\xa0\xcc\x66\x76\x37\xfa\x3d\xd9\xa9\x81\ -\xb5\x71\x52\xa7\xc2\xed\xab\x83\x9c\x45\x76\xbb\x56\x25\xa5\xa4\ -\xe8\xab\xb9\x02\x9b\x86\x65\xf7\x87\x08\xcd\x6f\x92\x8f\x9f\x21\ -\xf5\xdd\xf3\xa0\xa7\x10\xe5\x6e\x44\x45\x2d\x38\x7d\x08\x21\x90\ -\xd2\xe4\xcc\x0b\x24\x12\xd1\x9b\x42\xbd\xab\x81\x6c\xba\x28\xb7\ -\x94\x06\x65\xcd\x4f\x22\x2a\x1b\x00\x30\xa6\xff\x24\xd5\xb7\x1f\ -\x74\x73\x14\xc9\x64\x04\x99\x8c\x80\xc5\x8e\xe2\xae\x03\xab\x93\ -\x44\x22\x7a\x33\x6f\xd1\x52\x64\x61\x0a\xb5\xbc\x28\xb1\xb1\x34\ -\x83\x91\xb3\xc1\x98\x1d\xc1\x98\x1d\x41\x3f\xd7\x9b\x27\x2f\x40\ -\x26\x81\x11\xfc\x07\x99\x8a\x99\x9c\x2b\x1d\x44\x97\x63\x83\xc9\ -\xe8\xfc\x33\x36\x23\x05\xaa\x05\xd2\xcb\xc8\x74\xcc\xfc\x88\x72\ -\x5d\xa5\x7f\x3c\x74\x3b\x03\x0b\x90\x52\xed\x44\x97\x63\x83\x79\ -\x81\x48\xd2\x38\x3d\x1b\xcf\xbc\x53\x1f\xb9\xe4\x44\x1a\x45\x93\ -\xac\xcf\x7e\x83\xda\xb8\xcb\x2c\xf4\xd7\xf7\xd1\x2f\x9e\x2c\xce\ -\x2e\x14\xe6\xd2\x65\xf1\x48\xd2\x38\x0d\x39\x8b\x7a\x4e\xc9\xa1\ -\xd1\xc0\xb5\xfe\xac\xb7\xb5\x64\x55\xc2\xe5\x47\x54\x36\x98\xe7\ -\x60\xd3\x4a\xc6\x65\xbd\xad\x8c\x06\xae\xf5\xf7\xe4\x26\x6b\x7e\ -\x54\x04\x42\xa1\xee\xe1\x90\x31\x29\x1c\xde\xd2\xbd\xaf\x03\xe1\ -\xf0\x32\x1c\x32\x26\x03\xa1\x50\x77\x7e\xef\xd6\x69\xfa\x58\x7b\ -\xe7\x31\x5f\x78\x54\x23\xb3\x5c\x90\xac\xf8\xdb\x10\x0e\xf3\xab\ -\x35\x82\x13\xc8\xa5\xe9\x42\x76\x8b\x83\x85\xca\xcd\xd1\xdf\x47\ -\x06\x8b\x4f\xd3\x15\xf4\x1d\xb4\x1f\xde\xd2\xd4\x7a\x60\x93\x1a\ -\xaa\x26\x74\xfd\xce\x4a\xf7\x34\x72\x35\xeb\x99\xbf\x3c\x79\xe5\ -\xf6\xff\x83\x15\x7c\xf0\xb4\xd8\xbe\xb9\xa9\xe6\x8b\x1d\x0d\xd5\ -\xad\xae\xd8\x94\x22\x13\x21\x90\xb7\xcc\x29\xa1\x22\xec\x1e\x62\ -\xae\x3a\xa3\xff\xfa\xfc\xdf\xe7\xc6\x66\x5e\x3f\xf2\x0b\xfd\x52\ -\x16\x8e\x84\x02\x01\x21\x84\x0a\x54\x01\x95\x9a\x1d\xdf\x7b\x7b\ -\xac\x6f\xdd\x57\xb7\xb1\x6d\x83\xbb\xd2\x53\xe3\x10\x2e\x9f\xcd\ -\xb0\x00\xfc\x9b\x54\xf4\x99\x84\x8c\x2d\x86\xc3\xe1\x2b\x81\xd9\ -\xbf\x0e\xff\x9c\xfe\x28\x9e\x22\x08\x84\x80\xb0\x94\x32\x5c\xb2\ -\x03\x21\x84\x13\xf0\x00\xee\xdc\xd2\x5c\x56\x3c\x5b\xeb\x69\x79\ -\xb8\x51\x74\x18\x12\xe5\xc2\x75\x39\x3c\x74\x83\xc9\x78\x86\x10\ -\x10\x03\x96\x80\x48\x6e\x2d\x4a\xb9\x7a\x01\x28\x79\xab\xc8\x89\ -\x59\x00\x2b\x60\xcb\x2d\x0b\xa0\x02\x3a\x90\x02\xd2\x40\x12\xc8\ -\x48\x79\xab\x87\x26\xfe\x03\x26\x93\xd5\x41\x51\x76\x98\xdb\x00\ -\x00\x00\x00\x49\x45\x4e\x44\xae\x42\x60\x82\ -\x00\x00\x01\xaa\ -\x89\ -\x50\x4e\x47\x0d\x0a\x1a\x0a\x00\x00\x00\x0d\x49\x48\x44\x52\x00\ -\x00\x00\x40\x00\x00\x00\x40\x08\x03\x00\x00\x00\x9d\xb7\x81\xec\ -\x00\x00\x00\x03\x73\x42\x49\x54\x08\x08\x08\xdb\xe1\x4f\xe0\x00\ -\x00\x00\x09\x70\x48\x59\x73\x00\x00\x37\x5d\x00\x00\x37\x5d\x01\ -\x19\x80\x46\x5d\x00\x00\x00\x19\x74\x45\x58\x74\x53\x6f\x66\x74\ -\x77\x61\x72\x65\x00\x77\x77\x77\x2e\x69\x6e\x6b\x73\x63\x61\x70\ -\x65\x2e\x6f\x72\x67\x9b\xee\x3c\x1a\x00\x00\x00\x1f\x74\x45\x58\ -\x74\x54\x69\x74\x6c\x65\x00\x47\x6e\x6f\x6d\x65\x20\x53\x79\x6d\ -\x62\x6f\x6c\x69\x63\x20\x49\x63\x6f\x6e\x20\x54\x68\x65\x6d\x65\ -\x8e\xa4\x29\xab\x00\x00\x00\x36\x50\x4c\x54\x45\xff\xff\xff\xbf\ -\xbf\xbf\xbb\xbb\xbb\xb9\xb9\xb9\xc2\xc2\xc2\xc1\xc1\xc1\xbe\xbe\ -\xbe\xbf\xbf\xbf\xbe\xbe\xbe\xbe\xbe\xbe\xbf\xbf\xbf\xbf\xbf\xbf\ -\xbf\xbf\xbf\xbe\xbe\xbe\xbe\xbe\xbe\xbe\xbe\xbe\xbe\xbe\xbe\xbe\ -\xbe\xbe\xf1\xb6\xe9\xa5\x00\x00\x00\x11\x74\x52\x4e\x53\x00\x04\ -\x0f\x16\x19\x29\x4b\x58\x5e\x7d\x7f\xb2\xca\xe0\xe6\xf7\xfa\x2a\ -\xb3\x5d\x53\x00\x00\x00\x9e\x49\x44\x41\x54\x58\xc3\xed\x95\xb9\ -\x12\x83\x30\x0c\x05\x31\x18\x1b\x1f\x18\xeb\xff\x7f\x36\xc9\x20\ -\xcd\x24\xe1\x92\xe8\x00\x6d\xf7\x8a\x5d\xc0\x2e\x68\x1a\x65\x8f\ -\xce\xc5\x54\x4a\x8a\xae\x3b\xa5\x9b\x50\x01\xa9\xc1\xc8\xfd\x3e\ -\xc3\x17\xb9\x97\xfa\xc3\x04\x3f\x4c\x83\xf0\xf9\x7f\xfe\xbb\x20\ -\x7a\x07\x93\x61\x41\x96\x9c\x43\x80\x15\x82\xe0\xfe\xea\x5a\xa0\ -\xf2\x6f\xd3\x91\x33\x7a\x6b\xfd\x48\xcb\xb1\x03\x91\xfc\xf6\xb3\ -\x5a\x2a\x44\x76\x20\xa1\xe1\xe7\xe9\x71\x26\x76\xa0\xa0\x61\xe7\ -\x69\x71\x16\x76\x80\x3e\x7a\x6b\xdf\x3d\x00\x07\x68\x40\x03\x1a\ -\xd0\x80\x06\x9e\x15\xd8\xfb\xc1\x88\xd1\xc0\xe5\x02\x20\x44\x03\ -\xf7\x0c\x3c\x98\x17\xb4\xcd\x62\x13\x3b\x4c\x60\xe6\x00\x00\x00\ -\x00\x49\x45\x4e\x44\xae\x42\x60\x82\ -\x00\x00\x59\x23\ -\x89\ -\x50\x4e\x47\x0d\x0a\x1a\x0a\x00\x00\x00\x0d\x49\x48\x44\x52\x00\ -\x00\x00\xce\x00\x00\x01\x39\x08\x06\x00\x00\x00\xd8\xff\x1f\xd1\ -\x00\x00\x00\x06\x62\x4b\x47\x44\x00\xff\x00\xff\x00\xff\xa0\xbd\ -\xa7\x93\x00\x00\x00\x09\x70\x48\x59\x73\x00\x00\x06\xf5\x00\x00\ -\x06\xf5\x01\xa1\xac\xc2\x7e\x00\x00\x00\x07\x74\x49\x4d\x45\x07\ -\xdd\x01\x1f\x0f\x1b\x31\xa4\xda\x47\xb5\x00\x00\x20\x00\x49\x44\ -\x41\x54\x78\xda\xec\xbd\x79\x70\x1c\x59\x7e\xdf\xf9\x79\x99\x59\ -\x77\x15\xaa\x50\x85\xfb\x20\xc1\xfb\xbe\xc9\x26\xd9\x3c\x7b\xa6\ -\x7b\x0e\x5b\x33\x23\x69\x64\xcb\xa3\xf1\x58\xd2\xb8\x24\x87\x24\ -\x87\x7c\xc9\xb2\xd6\xb6\x1c\xeb\xb5\x65\xad\xb5\x11\xbb\x96\xe5\ -\x90\x65\xbb\x64\x59\xd2\x48\x11\x3b\x92\xac\xd5\x39\x1a\x1d\x1e\ -\x92\x7d\x91\xcd\xa3\x9b\xf7\x09\x10\xc4\x7d\x15\x50\xf7\x99\x99\ -\x6f\xff\x28\x90\x44\x01\x05\xa0\x00\x14\x48\x76\x23\xbf\x11\x19\ -\x40\xe5\xf1\x32\xf3\x65\x7e\xf3\x77\xbc\xdf\xef\xf7\x84\x94\x12\ -\x0b\x16\x2c\x2c\x0d\x8a\xd5\x05\x16\x2c\x58\xc4\xb1\x60\xc1\x22\ -\x8e\x05\x0b\x16\x71\x2c\x58\xf8\x04\x41\xb3\xba\xc0\x82\x85\xea\ -\x11\x0e\x87\x4f\x01\x7b\x2d\xe2\x58\xb0\x30\x3f\x49\xea\x22\x91\ -\x48\x22\x1c\x0e\x2b\xc0\xdf\x00\x7e\x1a\x38\x08\x20\x2c\x77\xb4\ -\x05\x0b\x65\x64\x11\xc0\x5b\xc0\x3f\x00\x3e\x0f\x8c\x01\x19\x60\ -\xc3\xcc\xfd\x2c\xe2\x58\xb0\xf0\x9c\x34\x8d\xc0\xb7\x81\x03\x8b\ -\xed\x6b\x11\xc7\x82\x85\x12\x69\x7c\xc0\x77\x80\x43\x96\x73\xc0\ -\x82\x85\xea\x48\xe3\x00\xfe\xa0\x1a\xd2\xd4\xdb\x6c\x74\x79\x3c\ -\x16\x71\x2c\x7c\x22\x89\xe0\x01\x7e\x08\xb8\x05\xdc\x8c\x44\x22\ -\x93\x8b\xd8\x34\xbf\x01\xbc\x31\xdf\x3e\x87\xeb\xeb\x39\x18\x08\ -\xb0\xde\xed\xc6\xa7\x69\x96\xaa\x66\xe1\x13\x6d\xe0\xa7\x00\xf7\ -\xf4\xaa\x21\xe0\xe6\xf4\x72\x1d\xb8\x01\xdc\x05\x8e\x00\xff\x1a\ -\x78\xb3\x52\x3b\x5d\x6e\x37\x5f\x6e\x6f\x67\xbd\xdb\x6d\xd9\x38\ -\x16\xd6\x0c\x79\xae\x2d\x62\xe4\x1b\x80\x5a\x69\x43\xc0\x66\xe3\ -\x8b\xad\xad\x1c\xaa\xaf\x47\x58\x36\x8e\x85\x35\x86\x7b\x8b\x10\ -\x67\x0e\x69\x6c\x42\xf0\xe9\xa6\x26\xde\x6c\x6a\xc2\xae\x28\x96\ -\x73\xc0\xc2\x9a\x44\xcf\x52\x76\x3e\x14\x08\xf0\xc5\xd6\x56\xea\ -\xed\xf6\xaa\xf6\xb7\x88\x63\xe1\x93\x66\xdb\x7c\x1a\xf8\x71\xe0\ -\x8b\xd5\x1c\xb3\xde\xe5\xe2\x7b\xdb\xdb\xd9\xe0\xf1\x2c\xe9\x5c\ -\x16\x71\x2c\x7c\x92\xb0\x0d\xf8\x8b\x85\x76\x10\x40\x97\xc7\xc3\ -\x0e\x9f\x8f\x1d\x3e\x1f\xeb\xdc\xee\x79\xed\x18\x8b\x38\x16\xd6\ -\x0a\xfa\xe6\x33\xf6\xb7\xfb\x7c\xec\xf4\xf9\xd8\xea\xf3\xe1\x56\ -\xd5\x15\x9f\xc8\xf2\xaa\x59\xf8\xa4\xa9\x6b\xa3\x40\xd3\xd3\xdf\ -\xcd\xf5\x82\xbf\xb3\xb9\x9d\xce\x42\xa8\xa6\xe7\xb1\xf2\x71\x2c\ -\x7c\xd2\xf0\x64\xe6\x8f\xbc\x2e\xf1\x1d\x1c\x60\xd0\x16\xb5\x88\ -\x63\xc1\xc2\x02\xe8\x9f\xf9\x23\x9b\x07\xbb\x03\x5c\x87\x06\x18\ -\xb2\x4d\x59\xc4\xb1\x60\x61\x1e\x7c\x87\xd2\xe0\x66\x49\xe2\x14\ -\x40\x9a\xe0\x74\x80\xf3\x60\x1f\x23\x5a\xcc\x22\x8e\x05\x0b\xb3\ -\x11\x89\x44\xfe\x13\xf0\x8d\x32\xa9\x53\x28\xfd\x75\x3a\xc1\x76\ -\xe8\x09\xa3\x5a\xdc\x22\x8e\x05\x0b\xb3\x9c\x03\x3e\xe0\xcb\x33\ -\xd7\x65\x72\xcf\xff\x77\x39\x41\x3d\xd8\xcb\xa4\x2d\x91\xb3\x88\ -\x63\xc1\xc2\x73\x6c\x01\xbc\x65\x12\x67\x16\x45\xdc\x2e\x30\xf6\ -\x3f\x76\xe6\x9c\xe9\x51\x8b\x38\x16\x2c\x94\x54\xb5\x6b\xc0\x83\ -\xd9\x0e\x82\xd9\xf0\xb8\x21\xb5\xe7\x51\xc8\x74\xe5\x9e\x58\xc4\ -\xb1\x60\xa1\x84\x5f\x9f\xf9\x23\x97\xaf\xbc\x93\xdb\x8d\x96\x3b\ -\x7c\xdf\x61\xba\xf2\xfd\x16\x71\x2c\x58\x80\xdf\x04\x64\x25\x1b\ -\xa7\x02\x03\x5a\x72\x87\xef\x29\xa6\x33\x3f\x68\x11\xc7\xc2\x5a\ -\xc7\x06\xc0\x9c\xcf\xc6\xa9\xc0\x82\xf6\xdc\x91\x7b\xa6\xe9\x28\ -\x0c\x5b\xc4\xb1\xb0\x96\xf1\x73\xcc\xc8\xb7\xc9\xe4\xab\x62\x42\ -\x67\xee\xb5\x7b\x05\xd3\x51\x18\xb5\x88\x63\x61\xcd\x21\x1c\x0e\ -\x9f\x05\x4e\x2e\xe6\x1c\xa8\xcc\x06\xb9\x3e\xf7\xda\xbd\x8c\x69\ -\x2f\x8c\x59\xc4\xb1\xb0\xd6\xf0\x13\xb3\x57\x54\x4d\x9c\x12\x79\ -\x36\xe4\x5f\xbb\x97\x94\x36\x3d\x6a\x11\xc7\xc2\x5a\xc2\xae\xd9\ -\x2b\x32\x4b\x1c\xea\x94\xaa\xdc\x94\x3b\x7a\x67\x52\x6a\xfa\xa4\ -\x45\x1c\x0b\x6b\x41\x4d\x53\x81\x4d\x2b\x92\x38\xcf\xc9\xb3\x25\ -\x77\xec\xee\xb8\xb4\x19\x31\x8b\x38\x16\x3e\xe9\xd8\x00\xcc\x29\ -\x1a\x90\x5d\x66\x70\x8d\x54\xcd\x6d\xb9\xa3\x77\x86\xa5\x66\xc4\ -\x2d\xe2\x58\xf8\x24\x63\x53\xa5\x95\xcb\x91\x38\x33\xc8\xb3\x23\ -\x7b\xf4\xee\x80\xd4\x8c\xa4\x45\x1c\x0b\x9f\x54\x14\x2b\xad\x2c\ -\x14\xc1\x34\x56\xd0\xaa\x66\xec\xca\x1d\xbd\xdb\x2b\x15\x23\x6d\ -\x11\xc7\xc2\x27\x11\xc9\xf9\x36\x64\xf2\x2b\x6b\x58\x6a\xc6\x9e\ -\xdc\xb1\xbb\x8f\x9e\x92\xc7\x22\x8e\x85\x35\x41\x9c\x6c\x7e\xe5\ -\x8d\x4b\x9b\xb1\x2f\x77\xf4\xee\x43\xa9\x98\x59\x8b\x38\xaf\x20\ -\xc2\xe1\xb0\xd3\xea\x85\xda\x12\x27\x97\xab\xcd\x09\xa4\xdd\xd8\ -\x9f\x3b\x7a\xf7\xae\x55\x1e\xea\xe5\x93\xa4\x0b\xf8\x05\x60\x2b\ -\x10\x02\x1a\x00\x67\x38\x1c\xbe\x01\xfc\x3f\xc0\x6f\x47\x22\x91\ -\x82\xd5\x53\x2b\x54\xd5\x72\xb5\x3b\x89\xb4\xeb\x07\xad\xf2\x50\ -\x2f\x8f\x30\x76\xe0\xa7\x80\x7f\xc1\xf3\xaa\xfa\x95\x30\x0c\xfc\ -\x22\xf0\x8b\x91\x48\x24\x67\xf5\xdc\x82\x7d\xaa\x30\xa3\xde\xc0\ -\x4c\xfc\xad\xcf\xc0\xfe\xed\xb5\x3b\x97\xa5\xaa\xbd\x9c\x07\x7c\ -\x94\xd2\x54\x13\x3f\xb7\x08\x69\x00\x5a\x81\xff\x13\xb8\x13\x0e\ -\x87\xbf\x68\xf5\xde\xfc\x88\x44\x22\x26\xa5\xf9\x3a\x57\xc5\xc6\ -\xb1\x88\xf3\x72\x49\xb3\x1b\xf8\x33\x4a\xe5\x5a\x97\x82\x0d\xc0\ -\x1f\x84\xc3\xe1\x3f\x0e\x87\xc3\x1b\xad\x9e\x5c\x9a\xba\x96\xb1\ -\x88\xf3\xb1\x26\xcd\xba\x69\xd2\x04\x2a\xee\xb0\xfd\x53\xac\xfb\ -\xea\x4f\xe1\xd8\x72\x04\x54\xdb\x7c\xcd\xfc\x75\xe0\x76\x38\x1c\ -\xfe\x57\xe1\x70\xd8\x6d\xf5\x6a\x75\xc4\xc9\xe6\x2c\xe2\x7c\x5c\ -\x49\x13\x9a\x26\x4d\xfb\x9c\x8d\x76\x37\x9c\xfa\x7b\xd8\xd6\xef\ -\xa3\xae\x63\x1d\x9b\xbf\xfb\x07\xf0\x9e\xfe\x0a\x6c\x3a\x0e\x5a\ -\xc5\x69\x27\x9c\x94\x66\x12\xeb\x0d\x87\xc3\x3f\x33\x5d\xd9\xc5\ -\x42\x09\x31\x4b\x55\xfb\xe4\x90\xc6\x3b\x4d\x9a\x1d\x73\x36\x06\ -\xd7\xc3\x67\x7e\x1a\xda\x76\x11\xaa\x2f\x49\x19\xa1\xa8\x74\xbd\ -\x76\x98\xd6\xc3\xc7\x11\x27\x7e\x08\x36\x9f\x04\xcd\x51\xa9\xe9\ -\x46\xe0\xe7\xa7\x09\xf4\x7f\x85\xc3\xe1\x3d\x56\x6f\x53\xb1\x68\ -\x5a\xa6\xc6\x12\xc7\x72\x47\xaf\x3e\x69\x6c\xc0\xef\x01\x87\xe7\ -\x6c\xdc\x72\x06\xf6\x7f\x09\x14\x0d\x91\x99\xa4\x61\x67\xb9\x30\ -\x0a\x75\x75\x51\xd7\x92\xa5\x87\x22\xc5\x8d\x47\xe1\xf1\x07\xa5\ -\x45\x9f\xf3\xf9\x0c\x52\xf2\xd0\xfd\x54\x38\x1c\xbe\x4e\x29\xe7\ -\xfe\xb7\x23\x91\xc8\xf0\x1a\xec\xf2\x17\x22\x71\x2c\xe2\xac\x2e\ -\x69\x04\xf0\x6b\xc0\x67\xca\x7b\xdd\x09\x47\x7f\x00\x3a\xf6\x3f\ -\x5b\xe5\x31\xa7\x4c\x08\xce\xd1\x00\x6c\x4e\x17\xdb\x8e\x1d\x60\ -\xe8\xf6\x1d\x26\x37\x1e\x85\x0d\xaf\x41\xef\x15\x78\x7c\x09\x8a\ -\x15\x3f\xa3\xfb\xa6\x97\x7f\x1f\x0e\x87\xcf\x03\x7f\x08\xfc\x71\ -\x24\x12\xe9\x5e\xcb\x12\xc7\x22\xce\xc7\x0b\xbf\x00\x7c\xb5\x6c\ -\x4d\xa0\x1d\x4e\x7c\x1d\xbc\x8d\xcf\xd7\x99\x06\xed\xdb\xd6\xa7\ -\x80\xba\xf9\x1a\x6a\xdb\xb5\x93\xc0\x54\x94\xde\x07\xc3\x98\x5b\ -\x4e\xc2\x86\x23\x25\x02\xf5\x5c\x82\x62\xb6\xd2\x21\x2a\xf0\xa9\ -\xe9\xe5\x3f\x84\xc3\xe1\xbb\xc0\x1f\x4d\x2f\xef\x47\x22\x11\xe3\ -\x13\xda\xe7\x31\x4b\x55\xfb\x78\x3b\x02\xfe\x33\xf0\x37\xca\x36\ -\x6c\x3c\x0e\x07\xbf\x6f\x8e\xc7\xcc\x66\xa6\x7a\x6c\x36\xff\xa2\ -\x2e\x66\x77\x7d\x88\x1d\xaf\xd5\xf3\xe4\xda\x0d\x52\xb6\x66\xd8\ -\x7c\x02\xba\x0e\x43\xf4\x4f\x60\xea\x21\x8c\xe8\x90\x9e\xf7\xf0\ -\x1d\xd3\xcb\x4f\x03\x93\xe1\x70\xf8\x12\x70\xed\xe9\x12\x89\x44\ -\x7a\x2d\x89\x63\x11\xe7\x65\x90\xa5\x0e\x78\x1d\x38\x06\xfc\x3d\ -\xa0\xe5\xf9\xb7\xdf\x06\x87\xbf\x1f\xba\x5e\xab\x78\x6c\x4b\xab\ -\xbf\xea\x12\xfa\x42\x28\x74\x1d\xda\xcf\x54\x7f\x3f\x43\x23\x59\ -\xa4\xcb\x0f\xf5\x9f\x87\x5d\x21\x48\xf5\x41\x66\x10\xc6\x0c\x18\ -\x01\x46\x01\xbd\x62\x33\x41\xe0\xf3\xd3\xcb\xd3\xeb\x9f\x9c\x26\ -\xd1\x87\xc0\x55\xe0\xdd\x48\x24\x32\xf0\x31\x7c\x14\x15\x5d\xf4\ -\xba\x0e\xba\x01\x9a\x5a\x9b\x93\x58\x21\x37\xb5\x21\xcd\xf7\x01\ -\xff\x65\xfa\x85\x2c\x47\x5d\x33\xbc\xfe\x75\xf0\xb7\xce\x77\x78\ -\xff\xee\x2e\x3a\x60\xe9\x53\x51\xea\xf9\x1c\x8f\x3f\xbc\x4b\xde\ -\xdb\x06\xf9\x38\xec\xb8\x01\xf6\x22\x3c\xee\x07\x6d\x08\x30\x21\ -\x4a\x89\x44\x23\xc0\x24\x33\xca\xf4\x55\x85\x7e\xe0\xdd\x19\xcb\ -\x8d\x57\x59\xc5\x0b\x87\xc3\xa7\x28\x4d\xf3\x51\x91\x1e\xff\xf2\ -\xef\x82\xd7\x63\x11\xe7\x55\x31\xfe\x23\xc0\xd7\x2b\xee\xb0\xfe\ -\x10\x1c\xfe\x5b\xf3\xb9\x92\x4b\x26\x8f\x97\x73\x1d\x0d\x9c\x5d\ -\xc9\x75\x8c\xdc\xbb\xc7\x44\xd6\x05\xc5\x24\x1c\xbc\x0b\x2e\x20\ -\x55\x80\x27\xfd\xa0\x0d\x83\x32\xfd\x8c\x8b\xd3\x52\xe8\xa9\x34\ -\x4a\x2d\xf9\x54\x29\xe0\x12\xf0\x6d\xe0\x37\x22\x91\xc8\xe8\x2b\ -\xf4\x2c\x42\xc0\x47\x40\xc7\x7c\xfb\xfc\xe3\xaf\x42\x53\xc8\x22\ -\xce\xab\xf0\xb0\x7e\x1a\xf8\xf7\x73\x36\x28\x1a\x1c\xfc\x32\x6c\ -\x3a\xb1\xa8\xd0\xd8\xd6\xc1\xa4\x4d\x7b\x3e\x67\xe5\x72\x91\x8d\ -\xc7\x65\xef\xdd\x3e\x61\x88\x02\x1c\x7b\x0c\xda\xf4\x73\x4d\xe4\ -\xa1\xbf\x0f\xec\xa3\x73\xc5\x4d\x7a\x86\x34\x1a\x65\x9e\xfc\xc9\ -\xf9\xaf\x1d\xf8\x63\xe0\x57\x81\x6f\x55\x2b\x89\xa6\xdd\xf3\xeb\ -\xa6\x97\xf5\x33\xfe\x6f\x03\x26\x28\x4d\x80\xfb\x74\xe9\x07\x7a\ -\x22\x91\x48\xb6\x8a\x0f\xd8\x1f\x03\x7f\x6d\xa1\xfd\x7e\xec\xfb\ -\x60\x7d\x9b\x45\x9c\x97\x4d\x9a\xa3\xc0\x3b\x73\xec\x44\x4f\x08\ -\x4e\xfe\x5d\x08\x74\x2c\xda\x86\x4d\xe3\xd2\xb6\x0e\x8e\xd6\xf0\ -\xb2\x64\xdf\xad\x7b\xb1\x44\x3a\x1a\xe0\xc4\xb0\x40\xcc\x78\xb6\ -\xb1\x1c\x0c\x3c\x01\xc7\x3c\xb5\xf6\xe4\xb4\x2a\xf7\x94\x48\xd1\ -\x25\xa9\x75\x43\xc0\xff\x00\xfe\x7b\x25\xb7\x77\x38\x1c\x6e\xa6\ -\x14\x2a\xf4\x5d\xc0\x5b\xcc\x9a\x86\x63\x11\xe4\x80\xf3\xc0\xb7\ -\xa6\x09\xfa\xa0\x42\xfb\x3f\x43\x69\x20\x78\x41\xfc\xd0\x17\x60\ -\xfb\x06\x8b\x38\x2f\x9b\x38\xb7\x98\x5d\xc3\xab\x63\x2f\xbc\xf6\ -\x55\xb0\xb9\xaa\x6a\xa3\xa3\x91\x2b\x01\x4f\x85\x81\xd1\x15\x22\ -\x9d\x2e\x3c\x1a\x18\xbb\x91\x2d\x6e\x7d\x3c\x37\x92\x60\x32\x03\ -\x43\x4f\xc0\x31\xb1\xb8\x3c\x19\x9d\x41\xa4\xea\xd4\x3a\x09\xfc\ -\x09\xa5\x70\xa0\x01\xe0\x87\x81\xef\x06\x8e\x2c\xc7\x86\x5b\x40\ -\x5d\xec\x05\x7a\xa6\x25\x54\x10\xf8\x52\x35\xed\x7f\xff\x5b\x70\ -\x60\x87\x45\x9c\x97\x49\x9a\x63\xc0\xfb\xe5\x7e\xaa\xf5\xf0\xd6\ -\x3f\x62\x09\x51\x4c\x83\xbb\xba\x68\x15\x55\x1e\x20\x04\xba\x82\ -\xcc\x0b\x21\x0b\x42\x50\x50\x04\x45\x45\xc8\xa2\x22\x28\x0a\x21\ -\x75\x55\xa0\x0b\x81\xa1\x0a\x53\x17\x02\x53\x48\x99\xbf\x93\xbf\ -\x55\x1c\x55\x7a\x3e\x5d\xb1\xc1\xf1\x14\x8c\x3e\x01\xc7\x64\x95\ -\x6c\x5c\xb2\x5a\xa7\xf3\x8a\x79\x6d\xdf\x3c\xee\xe5\xcd\x23\xa9\ -\x9a\xb4\x65\xb9\xa3\x97\x87\x1f\x9e\xfd\x56\x73\xe4\xfb\x17\x25\ -\x8d\x0a\x71\xaf\x41\x77\x9d\x49\xc2\xab\x48\x63\xbb\x3f\xfb\xc8\ -\xe5\x32\xea\x00\x4d\x20\x35\x21\xd0\x04\xd8\x00\x1b\x02\x9b\x28\ -\xd5\x08\xb3\x03\x8e\xe9\x67\xa5\x01\x55\xf9\x85\xee\x4d\x66\xce\ -\xdb\x0b\x0d\x67\x7d\x5a\xe6\x83\xa4\x36\x32\xd7\x0f\xde\xe8\x85\ -\xc6\x5d\x30\x9e\x2a\x30\xfa\xd8\x8e\x63\x11\x8f\xb8\x87\x52\xf1\ -\xa5\x4d\xb3\xd4\xba\xd1\xe9\xef\xbe\x7c\x75\xde\x2d\x4d\xb3\x61\ -\xb3\x39\xb0\xdb\x1d\xd8\x6c\x76\x6c\x36\x07\x9e\x40\x3b\xc9\xba\ -\xe3\xbc\x73\xff\x8f\x78\x7d\xcb\x7d\x94\x15\x46\x69\x5a\x12\x67\ -\xe9\xd2\xc6\x45\x29\x2b\xd3\xff\x6c\xe5\xb6\x37\x60\xff\xf7\x94\ -\xfb\x07\xa4\x99\xf3\x18\x66\x4f\x1d\xda\xb8\xc7\xc0\xe6\x90\xb4\ -\x4f\x1b\xc1\xcf\x55\x0a\x41\xb4\x6b\x47\xb6\x27\xd4\x52\x3c\x52\ -\x33\x23\x07\xcc\xab\xe3\xc9\x77\xe2\x39\xfd\xf4\xf4\xaa\xc2\x84\ -\xfd\xe1\xfd\xac\x32\xb5\x70\x00\x68\x36\xf7\x88\xa1\x87\x1e\xcc\ -\x58\xeb\x92\x4f\xfa\x54\xad\x7b\xaa\xda\x25\x97\x77\xed\xaa\xaa\ -\xe1\x74\xba\xb0\xd9\x1c\xd3\x8b\xbd\xec\xff\x12\x11\x66\xae\xb7\ -\xcf\x20\x88\x63\xfa\x7f\xdb\x1c\xad\xcd\x34\x0d\x9e\x44\x0d\x72\ -\x46\x89\x2d\x3e\xf3\x1a\xa7\x36\xfe\x2f\x5c\x4e\x8b\x38\x2f\x92\ -\x38\x3f\x00\xfc\xd6\xb3\x15\xee\x7a\xc4\x67\x7e\x1a\x57\x36\x8e\ -\x2b\x9b\xc1\x8d\x42\x5d\x5d\xc7\xa0\xa2\xda\x5b\xab\xd5\xdb\xbc\ -\x01\xe3\xfc\xd6\xfd\xe9\x63\x42\xc1\xb1\x92\x6b\x33\xa4\xcc\x5c\ -\x1c\x49\xde\xca\xe9\xc6\x6c\x09\x93\x18\x71\xdc\x9e\x28\x8a\xf4\ -\xe2\x09\x70\x7a\xe1\x0a\x23\xf7\x3c\x64\xe3\xcb\xb7\x06\xd2\x94\ -\xbb\xbd\x2b\x55\x4c\x10\xe0\xac\xd3\x70\xd6\x6b\x38\x03\xa5\xbf\ -\x9e\xa0\x83\x86\xa6\x56\x3a\xb3\x9f\x46\x31\x6d\x35\x7b\x66\x4f\ -\xc6\xd3\x64\x8c\xf2\xae\x75\xc8\x61\xde\xdc\xf4\xcd\x21\xa7\xbd\ -\xd8\x66\x11\xe7\xc5\x10\xe7\xcf\xa7\x3d\x43\xa5\x07\x10\xe8\x64\ -\xf3\x89\xbf\x8f\xa2\xb9\x56\xd4\xae\xa2\xc8\x07\xdb\x0e\xa5\x35\ -\xb7\xcf\x5c\x56\x76\x67\xc1\x34\x27\xde\x1b\x4e\x8c\x19\xa6\xdc\ -\x59\x51\x12\x09\x86\x47\xec\xd7\x15\x5d\xe4\x9b\xab\x6a\xb0\x98\ -\xbb\xc4\xf0\xdd\x10\xf9\xd4\xe6\x95\xf6\x99\x9a\x16\xb8\xf2\x36\ -\x7c\xaa\x9d\x80\xc7\x89\x33\x60\xc3\xe9\x57\x11\x4a\x65\x7b\x5e\ -\xcd\xd6\xb1\x3e\xf5\x39\x14\xb9\x72\xf2\x44\x53\xe6\xe0\x58\xca\ -\x6c\xaf\xa8\xd2\x89\x82\xfe\xa9\xae\x6f\xdc\xf2\x39\x26\xf7\x5b\ -\xc4\x59\x7d\xe2\x7c\x9b\x59\xd1\xce\xde\xc6\x6d\x74\x1d\xfb\x51\ -\x84\xb2\xe2\x07\x9d\x6d\x59\x9f\xbf\xd2\xbe\x29\x7f\x6a\x29\x07\ -\x4d\x25\xd2\xd1\xab\xe3\x49\xbb\xb0\x3b\x16\x4c\x68\x93\xc2\x7c\ -\x34\x68\xff\xa8\x49\x0a\xbd\xae\xca\xa6\x4d\x0a\xd9\x8b\x8c\xdc\ -\x69\x23\x9f\xe9\xaa\xde\x70\x16\x38\x34\x0d\x97\xdd\x86\xd3\xa6\ -\xe1\x54\x35\x1c\x9a\x8a\x53\xd3\xb0\xab\x5a\x55\xee\x35\x35\x5b\ -\x67\xac\x4f\x7d\x5e\x55\xe4\xf2\x4d\xa5\x74\x5e\x76\xf7\x4d\x19\ -\x9b\x16\x76\xba\x48\x0e\xb5\x7c\xfb\xda\x7a\xff\xad\x03\x4b\xf1\ -\xfc\x59\xc4\x59\x3a\x71\xce\x00\xe7\x66\xaf\xf7\x35\xef\x62\xfd\ -\x6b\x61\x84\xb2\xf2\x60\x28\x87\xcb\xbc\xb8\xfd\x70\x66\x9b\x66\ -\x33\xeb\x17\xdb\xb7\xbb\xa7\x9f\xc7\xa6\x0d\xe1\xa8\x4e\xcb\x33\ -\x15\xfd\xa3\x41\xfb\x47\x3b\xc1\xb4\x2f\x45\x0b\x54\x73\xc9\x1b\ -\xe6\xe8\xfd\x75\xb2\x90\x0d\x09\xd0\x1d\x9a\x96\x77\xda\x34\xc5\ -\xa5\x6a\x2e\xa7\x4d\xc3\xa1\x6a\xcf\x48\xa2\x88\xda\x78\x9e\x1d\ -\x7a\x60\xaa\x7d\xea\xb3\xf5\xcb\x21\x4f\xc1\xa0\xbb\x67\x42\xdf\ -\x54\xed\xeb\xbd\xde\x7f\xfb\xe1\xe1\xd6\x6f\xb5\x55\xeb\x7c\xb1\ -\x88\xb3\x3c\xf2\xbc\x03\xcc\x09\x0b\xf0\xb7\xee\x63\xdd\x91\x1f\ -\x06\x51\x8b\xc4\x5a\x63\x62\xdd\x96\xa9\x74\x63\xa7\x7d\xfd\x7c\ -\x7b\xdc\xbc\xfd\x88\x51\x4f\x00\xa1\x2e\x8d\xac\x85\x42\xfc\xce\ -\x68\xdd\x83\x1d\x20\x2b\xbd\xe1\x52\x45\xa6\x6c\xd2\xc8\x3b\xa4\ -\x8e\x4b\x16\x5d\x4e\x59\xf4\x38\xa4\x81\x43\x16\x71\xe8\x59\x6c\ -\x8a\xfa\xc2\xfa\xda\xa1\xd7\x8f\x77\x4c\x7d\xae\x51\xc8\xea\xfb\ -\xd4\x94\x0c\x3c\x1a\xd3\xdb\x0d\xb9\xb4\xb1\xa3\x80\x63\x6c\xf2\ -\x8d\xf5\xbf\x9d\x57\x14\xbd\xd5\x22\xce\xea\x10\xe7\xf3\xc0\x9f\ -\x56\xec\xfc\x8e\x43\x74\x1e\xfa\x1a\xb5\xc9\x4a\x37\x41\x7f\xc0\ -\xfe\x4f\xb7\xa0\xaa\xe5\xed\x5d\xbc\x76\x97\x74\x63\xcb\xd2\xbd\ -\x6e\xc5\x22\x32\x9f\xa2\xa8\x3f\x4a\x14\x82\xc9\x98\x5b\x35\x71\ -\x9b\x85\x7a\x87\xd4\x7d\x0e\x74\x1c\xa6\x81\xe0\xd5\x7a\x27\xec\ -\x7a\x70\xb8\x73\xea\xb3\xad\xd5\x90\x47\xc2\x54\xcf\xb8\xee\x28\ -\x18\x2c\xab\x90\x89\x43\xcd\xea\x9f\x5a\xff\x8d\x1e\xb7\x3d\xbe\ -\xd5\x22\xce\xea\x90\xe7\x22\x54\x0e\x97\xa9\x5f\x77\x8c\x8e\x03\ -\x5f\xa1\x56\x83\xe5\xc5\xcc\x10\x5b\x0f\x49\x82\xad\x3e\x4c\xd3\ -\xe4\xc2\x87\xf7\x30\x9a\xe6\x7e\x14\xa5\x69\x62\xa4\x92\x18\x89\ -\x24\x46\x32\x81\xd7\x9d\x46\x53\xb3\x68\x5a\x01\xa7\x37\x8f\xcb\ -\x5b\x40\x59\x62\x40\xda\xab\x02\x87\x1e\xec\xeb\x98\xfa\xec\xba\ -\x45\xc8\x93\xef\x9b\x34\x26\xd3\x05\xd9\xba\x92\x73\x29\xc2\xe4\ -\x68\xdb\x1f\xdd\x6b\xf3\x3d\xdc\x6e\x11\xa7\xf6\xc4\xf1\x03\xdf\ -\x9c\xed\x28\x78\xf6\xa0\xbd\xcd\xa8\x36\x17\x8a\x6a\x43\xa8\x36\ -\x14\xc5\x86\x50\x35\x84\x62\x9b\x5e\xa7\x95\xd6\x29\x36\x94\xb2\ -\xf5\x36\x14\x45\x43\xa8\x36\x84\xa2\x3d\x5b\x87\x34\x69\x68\x8d\ -\x32\x90\x8b\x92\x93\x0a\x7a\x22\x81\x91\x4c\xa0\x27\xa7\x89\x92\ -\x48\x60\x64\x32\x30\xe3\x79\xda\x1c\xb0\xe7\x14\x1c\xf8\x14\x38\ -\xbd\x60\xe8\x90\x4a\xa9\xa4\x93\x0a\xd9\xac\x4a\x2e\xaf\x52\x28\ -\x2a\x14\x4d\x15\xd5\xa9\x8d\xda\xea\x6c\xa3\x52\x51\x9d\x52\x12\ -\x90\x52\x84\x98\x27\x3c\xff\x25\x92\xa7\xa7\x73\xea\x73\x1b\x2b\ -\x6b\x98\xc8\xe1\x84\x71\x3f\x96\x91\x35\xab\xd7\xb9\x25\x78\xf5\ -\xc9\xde\xc6\xef\xb4\x21\xb0\x59\xc4\xa9\x2d\x79\x34\x4a\xd1\xd1\ -\x61\x16\x48\x7b\x7e\xd9\xd0\xec\x25\x02\x1d\xfc\x74\x89\x40\xd5\ -\x6a\x75\xba\xa1\x4c\x15\x0d\x75\x32\xaf\x6b\xc9\x82\xae\x65\x0b\ -\x86\x5a\x2c\xe8\x9a\x2c\x18\xaa\x6a\x98\x8a\xd3\x30\x15\x8f\x29\ -\x45\x40\x4a\x11\xa4\x54\xb2\xea\x45\x90\xe7\x5e\xe7\xe4\xe7\xb6\ -\xcf\x96\xe6\xf1\xac\xbc\x32\x14\x37\x6a\x1e\xf7\xd7\xe0\xea\x8f\ -\x9f\xee\xfc\x5d\x43\x28\x46\x50\x11\xe4\xb0\xa9\x83\xc2\xa1\x46\ -\x2d\xe2\xd4\x86\x40\x4e\xe0\x37\x98\x9d\x2a\xfd\xc9\x20\x50\x75\ -\xae\x0c\x53\x24\x75\x43\x8d\xe6\x75\x2d\x51\x34\xb4\x4c\x4e\xd7\ -\x0a\x45\x5d\x33\x0b\x86\xaa\x14\x0d\xc5\x6e\x48\xc5\x23\x4d\x51\ -\x67\x96\x48\xe6\x5b\x21\x79\x6e\x74\x4e\x7e\x7e\xef\xd3\xdf\xd9\ -\xa2\xfc\xa0\x37\x6a\xbc\xb6\x92\xcb\x07\x26\x4c\x29\xa7\x0c\x29\ -\x53\x45\xd3\xcc\x15\x4c\x53\x2f\x18\xa6\xc8\x19\xba\xdd\x6f\x4f\ -\x25\x7e\xf4\x8b\xdf\x5a\xaf\x6a\xe6\xb6\xa7\xfa\xb7\x45\x9c\xda\ -\x91\xa7\x15\xb8\x5f\xc5\x4b\x51\xab\xe0\x47\x83\x52\x84\xf0\xd0\ -\xf4\x32\x48\x29\x6a\xac\x83\xd2\xcc\x07\x5b\x28\xe5\xbb\x28\xf3\ -\x11\xe8\xc0\xa7\xc0\xf5\x12\x4a\x19\x4a\x53\xe4\x0a\xa6\x1a\x2d\ -\xea\x6a\x2c\x6f\x68\x99\xa2\xae\xe5\xf2\xba\x6a\x14\x75\x4d\x14\ -\x4c\xc5\xa6\x9b\xaa\xdb\x34\x85\x4f\x4a\x51\x0f\xd4\x57\x32\x16\ -\x1d\x7a\xf0\x4a\xe7\xd4\xe7\x0e\x19\x86\xb8\xf9\x70\x5c\xdf\x25\ -\x65\x45\xb5\x32\x26\xa5\x9c\x34\x90\x09\xdd\x34\x33\x05\x43\x16\ -\xf3\xa6\x41\xc1\xd0\xb5\xbc\x29\x9d\x39\xc3\xf0\x15\x4c\x33\x58\ -\x34\xcd\x20\xcc\x63\x3c\x99\xca\x0d\xe2\xa1\x9d\xbb\x36\xf6\xdf\ -\x0e\x7f\xe9\xcf\x77\x3d\x7d\x76\x16\x71\x6a\x4b\x9e\x7f\x48\x69\ -\x6a\x8e\xf9\xf0\x0b\xc0\xbf\x05\xde\xa0\x14\x7d\x70\x9c\x52\x29\ -\xa7\x6a\x89\x64\x02\x17\xa6\x6d\xab\xdf\x8b\x44\x22\x63\x8b\x5c\ -\x8f\x03\x38\x08\xfc\x2c\x33\xea\x0b\x3c\x23\x90\x6d\x9a\x40\x9f\ -\x7e\x39\x04\xaa\x8e\x65\xe8\x45\x53\x8d\x16\x74\x35\x5e\x34\xb4\ -\x64\xbe\xa8\xe5\xf2\x86\x5a\xd4\x75\xad\xa8\x26\xb6\x27\x7a\xef\ -\x1c\xaa\xcf\xea\xba\x92\xd7\x4d\x35\x6f\x18\x8e\x9c\x69\x7a\x0a\ -\x86\x51\x5f\x90\x66\x48\x4a\xe9\x58\xe1\xd9\xa3\x24\x82\x3a\x86\ -\xda\x0c\xf0\xdd\x67\xde\xbf\x70\xe6\xe0\x9d\xd3\x16\x71\x6a\x4f\ -\x1c\x95\x52\xa1\x8b\x7d\x15\x36\xff\x21\xf0\x3d\xd3\x15\xf5\x67\ -\x1e\xe3\x02\x0e\x51\x2a\xf2\xf1\x74\x69\x9b\x96\x22\xdd\xb3\x96\ -\xef\x2c\x37\x5d\x39\x1c\x0e\x9f\x00\xfe\x1d\x70\xba\x12\x81\x76\ -\x9f\x84\x83\x6f\xbe\x72\x04\x92\x36\x18\x70\xc3\x88\x13\x32\xce\ -\x92\xb0\x0c\x9a\x86\xda\xf2\xc7\x37\x3f\x73\xfd\x76\x7a\xab\x39\ -\xfa\x30\xf6\x06\xb5\xcb\xf5\x29\xff\x48\xa5\x7d\x1f\x51\x70\x1e\ -\x9c\xb9\xf2\x9f\x7e\xed\xf7\xdf\x69\x6b\x98\x3c\x69\x11\xa7\xf6\ -\xe4\xd9\x44\x69\x26\x82\x29\x4a\x35\xbe\x62\x40\x3c\x12\x89\x64\ -\x96\xd0\x86\x2d\x12\x89\x14\x57\xe9\xfa\x3e\x4b\x69\x7a\x91\x43\ -\xf3\x12\xe8\xd3\xe0\x7a\x81\xae\x0e\x01\xa6\x06\x83\x6e\x18\x76\ -\x42\xd6\x05\x9a\x06\x21\xb5\x14\x4d\x5e\x36\x1e\xf3\x68\xac\xeb\ -\xc3\x3f\xbd\xf9\x99\xa0\x61\x2a\xeb\x07\x5a\x9b\xc7\x8a\xd7\x9e\ -\x64\x31\xe5\xfa\x9a\x5f\x54\xc1\x71\x8e\x74\xdd\xd9\x39\x7d\xa4\ -\x19\xb9\x7f\xfb\xa3\xdf\x78\x6c\x11\x67\x6d\x92\x5b\x00\x5f\xa3\ -\x94\x6e\xdc\xf6\xa2\x08\x24\xc0\xb4\xc1\x80\x0b\x46\xdc\x25\x09\ -\x62\x53\x4b\x04\x59\x4f\xa9\xc4\xc8\xbc\xc8\x15\x1c\x53\xbf\xf7\ -\xe1\x17\x6e\x8d\x25\x1a\x4e\x01\x48\x45\xe9\xee\xed\x68\xdb\xc4\ -\x47\xbd\xef\x93\x2d\x1e\xaf\xad\x9c\x13\xd7\x88\x87\xf6\x23\x2b\ -\x87\x80\x04\xfd\xa9\x21\x8b\x38\x6b\x9b\x40\x1e\xe0\x9f\x51\xaa\ -\x3b\xed\xaa\x44\xa0\x5d\x27\x4a\x2a\x9c\xbb\x6e\xc9\x04\xe9\x77\ -\xc1\xe8\x53\x82\x68\x10\x52\xaa\x20\x48\x25\x5c\x7b\xb2\xf7\xdd\ -\xb7\x1f\x1e\xdf\x6a\x4a\xf1\xac\xfc\x69\xc2\xe7\xbd\x1e\xad\x0f\ -\xec\xa3\x7b\xf4\x3c\x63\x89\x33\x35\xec\x96\x51\xe2\x21\x15\x53\ -\x69\x58\xf0\x1e\x2d\xe2\x58\x08\x87\xc3\x9d\x94\x66\x7d\xab\x18\ -\xee\x30\x2f\x81\x4c\xc8\xc5\xc0\x48\x80\x5a\x04\xa7\x0a\x01\x2f\ -\x66\x63\x03\x86\xa2\xb0\xe2\x50\xf1\x78\xc6\x37\xf8\xcd\x2b\x5f\ -\x1a\x4c\xe5\xbd\x73\x5c\xcd\xfd\x6d\x2d\x79\x5d\xd3\x1c\x44\x93\ -\x1f\xf2\x60\xe4\x40\x8d\xba\xc2\x20\x15\xb8\x45\xd1\xb6\x6f\xd1\ -\x8f\x83\x45\x1c\x0b\x33\x08\x74\x88\x92\xe7\xef\x53\x95\xb6\x6b\ -\x36\xd8\x73\x02\x8e\xef\x83\x80\x17\x42\x41\xb0\xd9\x6a\x7f\x1d\ -\xa6\xc4\x3c\xff\xe0\xe4\x85\xeb\xfd\xbb\x8e\x48\x29\xe6\x44\x2b\ -\x9b\xaa\xd2\xfb\xa4\xbd\xad\x0b\x00\xdd\x9c\xe2\x72\x77\x7d\x4d\ -\x4e\x9c\x77\x9d\x23\xe3\x3d\x5b\x95\x54\xb5\x88\x63\xa1\x02\x81\ -\x3e\x3f\x2d\x81\xf6\x56\xda\xbe\x6f\x1f\xfc\xe0\x0f\x96\x2c\xf8\ -\x5a\x63\x24\xde\x78\xff\xf7\xae\x7d\xb1\x58\xd0\x6d\xbb\xe7\xdb\ -\x27\xe6\xaf\xeb\x9d\xf2\xd7\x75\x3d\x5b\x71\xf1\xd1\x00\x52\x76\ -\xac\x8c\xad\xea\x65\xe2\xc1\xc3\x54\xe9\xa1\xb3\x88\x63\x61\x3e\ -\xf2\x28\xd3\x0e\x84\x7f\x4d\xc9\x36\x29\xc3\x96\x2d\xf0\x23\x3f\ -\x02\xce\x1a\x05\xda\xe8\x86\x9a\xfd\x93\x9b\x9f\xb9\xd8\x33\xbe\ -\xfe\x24\x2c\xa8\xe6\xc9\xbe\xb6\x56\x61\xcc\x2c\x02\x7d\xad\xf7\ -\x22\xf9\xe2\xb1\x15\x9c\x7e\x88\x78\x83\x0b\x53\x54\x2d\xb9\x2c\ -\xe2\x58\x58\x8c\x40\xda\xb4\xed\xf3\x33\x40\x59\x5a\x76\x67\x27\ -\xfc\xd8\x8f\x81\x77\x85\xe1\x3b\xdd\x63\x5d\xd7\xfe\xe4\xe6\x67\ -\xea\x0d\x53\x59\xb4\x5c\xa0\xae\xa9\xfd\xfd\x6d\xad\x9d\x65\x2b\ -\x1f\x8d\x9e\x63\x3c\x71\x76\x99\xa7\x2f\x92\x0c\x3c\x40\xb7\xed\ -\x5a\xca\x41\x16\x71\x2c\x54\x4b\x20\x41\xa9\xb8\xe0\xff\x46\xa9\ -\xc0\x20\x00\xcd\xcd\xf0\xe3\x3f\x0e\xf5\xcb\xb0\x32\xa6\x5d\xcc\ -\x37\xa7\x5d\xcc\x55\xa9\x48\x93\xf5\xfe\xa9\xb8\xcf\x57\x7e\xb6\ -\x89\xe4\x15\x1e\x8e\x2c\x2f\xc0\x33\xef\x3a\x4f\xc6\xbb\x64\xaf\ -\x9c\x45\x1c\x0b\xcb\x75\x22\x7c\x1e\xf8\x02\xf0\x5a\x20\x00\x3f\ -\xf1\x13\x25\x12\x55\x8b\x0f\xfb\xf6\xbc\x7b\xfe\xc1\xeb\x5b\xa4\ -\x14\x4b\xa9\x9b\x2d\xfb\xda\x5b\x85\x31\x3b\xe3\xb5\x68\x44\xb9\ -\xd2\xb3\xf4\x72\xea\x86\x7a\x91\x44\x70\x59\x2a\x9e\x45\x1c\x0b\ -\x2b\x21\x90\x1b\x18\x07\xdc\x1e\x4f\x49\x6d\x5b\xb7\x6e\xe1\x63\ -\xe2\x19\xdf\xe0\x37\xaf\x7e\x69\x20\x95\xf3\x2e\xb9\x66\x76\xd1\ -\x6e\x1f\x19\x68\x69\xaa\x9c\xf6\x7a\xf1\xd1\x30\x72\x09\x09\x6c\ -\x52\xf4\x91\x08\xd6\x63\x2a\xcb\x0a\x32\xb2\x66\x9d\xb6\xb0\x6c\ -\x4c\x87\x11\x7d\x0b\x20\x9d\x86\x5f\xfa\x25\x78\xf0\xa0\xf2\xbe\ -\xa6\xc4\x38\x77\xff\xc4\x77\x7e\xed\xdd\xaf\xfa\x97\x43\x1a\x80\ -\x84\xd7\x1d\x9c\x77\xa3\x5d\xeb\x5b\x8a\x96\x48\xca\x9f\x59\x2e\ -\x69\x2c\xe2\x58\xa8\x05\x3e\x7c\x66\x2e\xe4\xe1\x57\x7e\x05\xae\ -\x5f\x2f\xdf\x61\x34\xde\x78\xff\x3f\x9f\xfb\xfa\x9d\x0f\xfb\xf6\ -\xbc\x21\x97\x36\x53\xc1\x4c\x11\x61\xa6\x5c\xee\xf9\x2b\xf3\x78\ -\x9d\xd9\xea\x69\xe3\xbe\x8c\x6e\x5b\x51\xa6\xa8\x55\x3b\xda\xc2\ -\x4a\xf1\x68\xe6\x0f\x5d\x87\xff\xfe\xdf\xe1\x2b\x5f\x81\xfd\x07\ -\x54\x7e\xe7\xc2\x91\xf8\x04\xfb\x37\xc2\xca\x22\x09\x72\x0e\x67\ -\xdc\x54\x95\xf9\x5d\x10\x01\xb7\x87\x68\x15\xb5\x77\x0d\xed\x5d\ -\xb2\x9e\x53\x2b\xbd\x69\x8b\x38\x16\x6a\x4a\x1c\x28\x95\x3d\xf8\ -\x9f\xdf\x6e\xe5\xdd\xb1\x33\x28\xae\x80\xbf\x16\x27\x49\x7a\x3d\ -\x0b\xfb\xed\x02\xee\x75\x8b\x0b\x2d\x7a\x48\x05\xf6\xd7\xe2\x7a\ -\x2c\xe2\x58\xa8\x39\x71\x42\xbb\x8e\x53\xb7\x71\x2f\x35\x4b\x93\ -\x11\x18\x69\x97\x73\xe1\xc2\x21\x76\xad\x19\xc1\x18\x72\xde\xd9\ -\xed\x32\xa4\xea\x4d\x4c\x51\x93\x59\x40\x2d\x1b\xc7\xc2\x4a\x51\ -\x66\x77\x08\x4d\xa3\xeb\xe4\x69\x8a\xc9\x68\xcd\x4e\x90\x75\x38\ -\x0a\xb2\x9a\x79\x39\x6c\xda\x93\xf9\x1b\xf1\x7c\x88\xae\x6d\xae\ -\xd5\x35\x59\xc4\xb1\xb0\x52\x94\x19\xd9\xce\x40\x08\x9b\xc7\x43\ -\xc7\xc1\xbd\xc8\xfc\x14\x48\x73\xc5\xe3\x1d\x29\x8f\xa7\xba\x54\ -\x04\xaf\x33\x5d\x71\xbd\x6e\x7b\x9b\x9c\xfb\x44\x0d\xee\x35\xa5\ -\xc9\xe2\xa5\x50\x61\xf2\x2f\x2d\x55\xcd\xc2\x4a\xf1\xfa\xcc\x1f\ -\xae\xc0\x73\x8f\x71\xcb\xee\x5d\xa4\xc7\xc6\xb2\xe9\xa4\x3e\x2e\ -\x4d\x96\x97\xa5\x29\x84\x9e\x76\xb9\xaa\x7b\x4f\x03\x6e\x17\x93\ -\xb3\x66\x5c\x93\xe2\x01\x29\xff\x72\xe7\x1f\x2a\xa8\xd2\xbc\xe9\ -\x33\x52\xd1\x50\x21\x1a\xf0\xe9\xa9\x3d\x02\x79\xd4\xb2\x71\x2c\ -\xd4\x02\x65\x29\x08\xce\xfa\xf2\xfc\x2f\x4f\x53\x93\xdb\x15\x32\ -\x43\x53\x03\x13\xef\xe9\x05\xfd\xf5\x25\xab\x69\x2e\x67\x5e\x2a\ -\xa2\x4a\xe2\x78\x3a\x67\x4b\x08\x92\xf5\x76\xa4\xa8\x36\x14\xd5\ -\x14\x98\xb7\x3d\x7a\x66\x38\x54\x9c\x74\x05\x8a\x89\xdd\x0a\xe6\ -\x21\xcb\x39\x60\xa1\xa6\x08\x87\xc3\x76\xe0\x64\x99\xc4\xa9\x9f\ -\x1b\xf9\xa2\xa8\x8a\x37\xb4\xbe\xe9\xf5\x54\x34\xf1\x4e\x7a\x32\ -\x75\x10\xaa\xaf\xeb\x9c\x74\xbb\xab\x37\xe6\x1d\x5a\x1b\xa5\x49\ -\x16\x4b\x62\x2f\xe3\xbd\x89\xa1\x2e\x92\x56\x2d\x1f\xb9\xcd\x5c\ -\x4f\xb0\x30\xa5\xd6\x17\x63\x5b\x35\xa9\xef\x01\xf6\x2c\x76\x2a\ -\x8b\x38\x16\x56\x82\x63\xb3\x49\xe0\xac\x9f\x3f\x64\xcc\x1b\xaa\ -\x3b\xe9\xf0\x3a\x7b\x62\x03\x51\xc3\x34\xe5\x96\x2a\x2c\xf0\x7c\ -\xc6\xe5\x5c\x5a\x89\x27\xbb\xf6\x98\x82\x1e\xc4\xd0\x2e\x90\x77\ -\x9d\xae\xb0\xc7\x80\x43\x16\xee\xd5\x17\x26\xf5\x50\x21\xd6\x65\ -\x97\x85\x6d\xc0\x92\x9d\x06\x16\x71\x2c\xd4\x4c\x4d\x5b\x8c\x38\ -\x00\x36\x87\x7d\x63\xc3\x86\x96\xdc\xd4\xe0\xc4\xdb\xc5\x5c\x71\ -\xc1\x81\xc8\xac\xdd\x19\x95\x42\x2c\x6d\xaa\x41\x8f\x33\x49\x3e\ -\x7d\x87\x64\xe0\x69\xf0\xe6\x84\x4d\x16\x6f\x06\x8a\x89\x74\xa8\ -\x10\x6d\x73\x99\xb9\x3d\x94\x8a\x36\xae\x08\x16\x71\x2c\xac\x04\ -\x65\x2f\xbe\xea\x70\x60\x73\x2f\x1e\x51\x23\x14\xe1\x0c\x76\x36\ -\x9e\xca\xc4\xd3\xef\x27\xc7\xe2\xbb\x98\xa7\xee\x76\xd2\xe7\x09\ -\x2e\xf9\x8a\x82\x1e\xc5\xf6\x58\xf4\x78\x0b\xf1\xee\x86\x42\xb4\ -\xde\x6b\x64\xf6\x83\x7c\xa3\xd6\x37\x6e\x11\xc7\xc2\x4a\x50\x36\ -\x0a\xef\x0c\x2c\x2d\xb2\xdf\xed\xf7\x1c\x77\xb8\x1d\xfd\x93\xfd\ -\xe3\xfd\xa6\x21\xcb\x13\xc9\x04\xe9\xb4\xd3\x59\x8d\x7d\x63\x0a\ -\xdd\xbc\xe9\x9d\x48\x0c\x84\xba\x87\x9d\x81\x81\xe8\x1e\x21\xcd\ -\xa6\xd5\xbe\x71\x8b\x38\x16\x96\xeb\x18\xe8\x7c\x66\x84\x2f\x93\ -\x38\x00\xaa\x4d\xeb\x6c\xd8\xd0\x5a\x8c\x0d\x47\xcf\x17\xd2\xf9\ -\xd3\x4c\x87\x1b\xe4\x1c\xf6\x1e\x84\xa8\x6c\xa4\x4b\xd9\xe7\x8c\ -\x67\x1e\x86\x7a\x47\xcd\x60\xcf\xe8\x66\xad\x50\xdc\x47\xe5\xea\ -\xa9\x16\x71\x2c\xbc\x72\x98\xf3\xa2\xba\xea\x43\xcb\x6a\x48\x08\ -\x6c\xf5\x6d\xa1\x33\xb9\x44\xe6\x72\x7c\x34\xb6\x09\x08\x26\xbc\ -\xbe\x19\xd2\x46\x26\x6d\x99\xc2\xad\xc0\xc0\x44\x3a\xd4\x3d\xd2\ -\xe6\x8a\xa7\x77\x50\xaa\xf2\xf9\xd2\x60\x11\xc7\x42\x4d\xd4\xb4\ -\x92\x63\xa0\x61\x45\x0d\x3a\xeb\xdc\x47\x6c\x6e\xc7\xe8\xe4\xc0\ -\xc4\xfb\x39\x4d\xf3\x06\xfa\x27\xbe\x13\xea\x19\x0e\xf8\x46\x62\ -\xbb\x84\x94\xc7\x5f\xa5\x9b\xb7\x88\x63\xa1\x66\x12\xc7\xb9\x4c\ -\x89\x33\x13\x8a\x2a\xd2\x13\x76\x33\xb5\xe5\xdc\xf5\x5c\x20\x93\ -\xd9\x8e\x24\x29\x6d\xe2\x96\x29\xc9\x49\x29\x74\xa4\x34\xa5\x44\ -\x91\x52\xd8\xa4\x94\x2e\x4a\xf9\x3d\x7e\x4a\xd3\x81\x68\x16\x71\ -\x2c\x7c\x0c\x25\xce\xca\x88\x93\x2c\xe4\xde\xbe\x3b\x35\x72\xc8\ -\x4c\x33\x1e\x6f\x6e\x38\xda\x92\x4c\x5d\xec\x8a\x4e\xee\x51\xc0\ -\xa3\x3c\x8b\xb4\x16\x65\x1e\x84\x32\xcb\x07\x62\x52\x12\x43\x92\ -\x34\x4d\xb2\x12\xf2\xd2\x34\xcd\xd2\xd4\x37\x52\x35\x4d\xe9\x00\ -\xc5\x0d\xb2\x6e\x9a\x68\x5e\x8b\x38\x16\x5e\xa4\x63\xc0\x0b\x6c\ -\x2a\x7b\x91\x5c\x1e\x34\xc7\xf2\x8a\xac\x49\x29\x27\x7b\x12\xe3\ -\x8f\xc6\xb3\xa9\x92\x7b\xdb\x54\x8a\x00\x23\x3e\xef\xb1\x84\xd3\ -\xde\xb3\x77\x68\x54\x08\xc9\x62\xa5\xa3\x84\x80\x80\x10\x04\x10\ -\xf0\x3c\x98\x5a\x99\x41\xb2\x72\xf2\x49\xc8\x23\x99\x42\xca\x84\ -\x94\x22\x65\x4a\x59\xb5\x54\xb3\x88\x63\x61\x39\x98\x93\x6c\xb3\ -\x5c\xc7\x40\xd1\x30\xae\xde\x9c\x1c\xec\x28\x18\xfa\xf3\xfa\xd0\ -\x86\x30\x9e\xfe\x9b\xb1\xd9\x37\x5e\x5e\xd7\x9e\xda\x3b\x38\x7a\ -\xc9\xa9\xeb\x47\x6b\x79\x13\x02\x1c\x08\x5a\x10\xa2\x45\x00\x4b\ -\x91\x6a\x56\x5a\x81\x85\x97\x65\xdf\xe4\x47\xd2\x89\xf3\x57\xc7\ -\x9f\x1c\x2c\x18\x7a\x79\x61\x29\x29\xca\x52\x11\x0c\xa1\x78\x3f\ -\xec\x68\x79\x6d\xdc\xeb\x3e\x47\x69\x56\xba\x97\x05\x21\x20\xa0\ -\x08\xba\x2c\x89\x63\xe1\x85\xdb\x37\xa6\x29\xbb\xef\x4c\x0d\x1b\ -\xa9\x62\xae\x72\x21\x40\x5d\x8a\xb9\xd9\xa3\x42\x3c\x6a\x08\x9d\ -\x9d\x72\xbb\xae\x6e\x1d\x8f\x6e\x40\x12\x7c\x99\x1d\x60\x49\x1c\ -\x0b\xcb\x55\xd5\xca\x89\x53\xe5\xe0\x67\xb2\x90\xbb\x70\x79\xfc\ -\x49\x5b\xaa\x98\xdb\x3a\x3f\xb3\xe6\x37\x21\xa2\x6e\xf7\xa1\x0f\ -\xdb\x5b\x33\xa6\x10\xf7\x2c\xe2\x58\xf8\xb8\xa1\x71\xa9\x12\x47\ -\x22\xa3\xdd\xb1\x89\xcb\xb7\x27\x87\x4e\x4b\x69\xba\x16\xd9\x79\ -\xc1\x8a\x38\x39\x4d\xeb\xf8\x60\x7d\x7b\x57\xc6\x6e\x7b\xc7\x22\ -\x8e\x85\x8f\x13\xe6\xa8\x49\x0b\x39\x07\x0a\x86\x71\xe5\xda\x58\ -\x9f\x39\x9e\x4b\x54\x97\x89\x69\xb2\x68\x2a\x81\x44\x38\xaf\xb7\ -\xb5\x9c\x1c\xf2\xfb\x2e\x00\xc5\x17\xdd\x01\x96\x8d\x63\x61\x49\ -\x98\x9e\xfe\xa3\xac\xe4\x93\xdd\xe7\x47\xd1\x2a\x0a\x89\xdc\x48\ -\x26\x71\xa9\x37\x31\xf1\x2c\x06\xad\x2a\xc8\xea\x13\xdd\x9e\xd4\ -\x07\x4e\xc7\x5c\xce\x5b\x3b\x46\xc7\x1b\x85\xa4\xf9\x45\xf5\x83\ -\x25\x71\x2c\x2c\x15\xfe\xd9\xef\x8d\x33\x30\xd7\x4e\x37\xa4\xf9\ -\xe8\xe6\xc4\x60\x7f\x6f\x62\xe2\x0c\x4b\xae\x13\xb5\xb4\x12\x4e\ -\x71\xa7\x73\xf7\xd5\x8e\x76\xa1\xab\xe2\xc6\x6a\xdf\xbc\x09\xdd\ -\x13\x45\xe7\x39\x4b\xe2\x58\xa8\x81\x9a\x56\x1e\xa3\x96\x28\xe4\ -\xce\xdf\x9d\x1c\x39\x2a\x31\x97\x3b\x22\x5a\xb7\x54\xae\x15\x55\ -\xa5\xe9\x4a\x67\x7b\x70\xe7\xc8\xf8\xf9\xba\x5c\xbe\x96\x93\xe9\ -\x22\xa1\x7f\xaa\x68\xef\x1e\xcc\x79\xda\x53\x86\x6d\x0b\xb0\xc9\ -\x22\x8e\x85\x15\x6b\x29\x4f\x1d\x03\xc5\x4c\x9a\xee\xe1\x5e\x23\ -\xe6\x71\x9d\x59\xc1\x5b\x6a\x80\xf0\x2e\xef\x50\xa1\xdd\x6e\x69\ -\x3a\xd3\x9e\x48\xbe\xbb\x6e\x32\x76\x80\x25\xd4\x36\xa8\x40\x96\ -\x91\x84\x6e\xbb\x3f\x90\xf3\x34\x24\x74\xfb\x2e\xa0\xd3\xb2\x71\ -\x2c\xac\x04\x03\x95\x88\x33\x35\xd4\x47\xb7\x9e\x43\xf7\xb8\xd4\ -\x15\xea\x42\x09\x4a\xa1\x2d\xcb\xc6\x60\x9d\xef\x44\xdc\x61\x7f\ -\xb0\x7b\x64\xcc\x25\x24\x9d\x4b\x20\xcb\x64\xca\xd0\x6e\x0d\x66\ -\xbd\xfe\x29\xdd\xbe\x07\x68\xb1\x9c\x03\x16\x6a\x85\xcf\x02\xfa\ -\xcc\x77\x67\x34\x16\x25\xd6\xd6\x02\xf6\x1a\xbc\x4e\x26\xa9\x95\ -\x12\x07\x20\xe5\x70\x6c\xbd\xd2\xd1\x1e\xdb\x37\x3c\x7c\xc5\xae\ -\x9b\x87\x17\x20\x4b\x22\x6b\x68\x37\x06\x73\x6e\x57\xb4\xe8\xd8\ -\x27\x11\xa7\xab\xb2\xc2\xac\x89\xa5\x2c\x54\x83\x70\x38\xac\x02\ -\xbf\x0d\xfc\xcd\xb2\x0d\x01\x37\xf8\x77\x43\x20\x00\x1b\x83\xe0\ -\x5a\xe1\x6c\xba\x79\x71\x97\x51\x75\x47\x2d\xed\xf9\x6d\xe3\x13\ -\x17\x82\xe9\xec\x4c\x27\x45\x26\x6b\xa8\xd7\x87\x0b\x6e\x65\x2c\ -\xef\xdc\x2f\x11\x8e\xa5\x36\x6a\x49\x1c\x0b\xd5\xe2\x1f\xcd\x21\ -\x0d\xc0\xba\x10\xb8\x52\x30\xd8\x05\x53\x06\x84\x86\x60\x63\x03\ -\x38\xec\xcb\x3b\x8b\x21\x72\xb5\xb6\xc9\xee\x37\x36\x9c\x6d\x72\ -\xa5\xde\x6f\x1f\x8b\x8b\x91\xbc\xdb\x1c\xcd\xbb\xf6\x99\x88\x15\ -\x25\xc6\x59\xc4\xb1\x50\x8d\xb4\xd9\x0c\xfc\x1f\x73\x36\x78\x1c\ -\xd0\xe0\x2d\x29\x3c\xe6\x28\x88\x16\x98\xa8\x87\xc9\x3c\xac\xcb\ -\x3f\xa0\xd3\xd7\x0e\x2c\x6d\x76\x00\x83\x7c\x0d\x2f\xdd\x40\x97\ -\xd7\x99\x30\x32\x63\x13\xf6\x3d\x63\x7a\x83\xbf\x56\x0d\x5b\xc4\ -\xb1\x50\x0d\x7e\x19\x98\x1b\x26\xd3\x39\xc3\x33\x1d\x8a\x42\x6c\ -\xda\x96\x36\x35\xe8\x65\x2b\x43\xd9\x28\xdb\x1c\x57\x08\x28\xc7\ -\x80\xea\xd4\x21\x73\xc5\x51\x00\x12\x43\xde\x24\x6a\xc6\x18\x33\ -\x76\xa2\xcb\x83\xab\xd1\x21\x16\x71\x2c\x2c\x26\x6d\x0e\x01\x6f\ -\xcd\xd9\x60\xd7\xa0\x65\xc6\x07\xbc\xd1\x80\xc9\x54\x1e\xc5\xfb\ -\x9c\x20\x05\x42\xdc\xcc\x9f\xc1\xa9\x0c\xb1\xc3\xde\x8d\x57\xbc\ -\x0e\xa8\x8b\xa8\x6a\xcb\x4b\x1b\x30\xe4\x5d\x62\xe6\x18\xa3\xc6\ -\x56\x0a\x72\xef\x6a\xf7\x8b\x45\x1c\x0b\x8b\xe1\x1f\x57\x5c\xdb\ -\x59\x0f\xca\xac\x41\xca\x86\xcc\x65\x26\xbd\x27\xe7\xec\x9b\x33\ -\xdb\xf8\x30\xd7\x86\x5b\x79\xcc\x4e\xfb\x08\x2e\x71\x8c\xf9\x46\ -\x38\x0d\xaa\xf7\x56\x49\x1e\x11\x37\x07\x18\xd6\x37\x90\x97\x3b\ -\x80\x1d\x2f\xaa\x53\x2c\xaf\x9a\x85\x85\xa4\x4d\x3d\x30\x3c\x47\ -\xcd\x52\x05\xbc\xbe\x05\x6c\xb3\x84\x87\x54\xb2\x3c\xda\x9d\x63\ -\x31\x77\x72\x9d\x7a\x8f\xed\xf6\x14\x0e\xe6\xba\x89\x47\xd5\x0b\ -\xe4\x17\x70\x09\x4b\xfa\x48\x98\x8f\x19\xd1\xdb\xc9\xca\xcd\x2f\ -\xab\x6f\x2c\x89\x63\x61\x21\x7c\xa5\xa2\x6d\xd2\x1a\x98\x4b\x1a\ -\x00\x61\xba\x70\x27\x3e\x20\x53\xb7\x70\xe4\x40\xc2\xd8\xce\x07\ -\x59\x08\x2a\x37\xd8\x6a\x07\x9b\xd8\x3b\xc3\xc6\xa9\xd0\xb0\x1c\ -\x21\xc5\x7d\x46\x8a\x8d\xa4\xe4\x4e\x5e\x72\x4d\x35\x8b\x38\x16\ -\x16\xc3\x0f\xcf\x25\x07\x25\x17\xf4\x7c\x68\x1a\xda\x4c\x6f\x9d\ -\xb1\xa8\x2d\x03\x30\x69\xee\xe5\x62\x0e\x9a\xb5\xcb\x6c\xb2\xd5\ -\xa1\xb2\x0d\x29\x9e\xfa\xb1\xa3\xa4\xe5\x6d\xc6\x74\x3f\x71\x73\ -\x2f\x0b\x8c\xe2\xbf\x0c\x58\xaa\x9a\x85\xf9\xd4\xb4\x5d\xc0\xad\ -\x39\x1b\x9a\xeb\x60\x57\xfb\xc2\x07\xf7\x6e\xbf\x44\xd1\xbe\xd4\ -\xc2\x1a\x92\x76\xdb\x45\x21\xb5\x31\x39\x48\x3b\x71\x63\x3f\xf2\ -\xd5\xfd\xb0\x5b\x69\x05\x16\xe6\xc3\x0f\x56\x5c\xbb\xae\x8a\x14\ -\xe9\x86\x21\xc7\x32\xce\x27\x18\x2c\xee\xa7\x67\xf4\xf5\xc6\xb1\ -\xfe\x29\x5f\x21\xf1\xae\x22\xcd\x5b\x80\xb4\x88\x63\xe1\xe3\x84\ -\xd7\xe6\xac\xa9\xf7\x80\xaf\x8a\x90\x1a\x6f\x62\x3f\x98\x8f\x96\ -\x7c\x46\x29\x6f\x4b\x68\x1c\xf7\xdb\xdf\xd2\xb4\x84\xba\x21\xdd\ -\xbd\x61\x7d\xba\x77\xcc\x5f\x8c\x5d\x50\xa5\xfe\x11\x60\xbc\x2a\ -\x9d\x63\xd9\x38\x16\xe6\xc3\x5c\x8f\xd5\xba\x25\x14\x96\xa9\x9f\ -\x18\x66\xaa\x69\x69\x5e\x2f\xa3\xf8\x6c\xd6\xe8\x29\xb7\xf3\x64\ -\xca\x6e\xef\xed\x88\x25\xb2\x0d\xf9\x89\xd3\x0d\xf9\x09\x0c\xa1\ -\x4e\xc6\x6d\xfe\xdb\x09\x9b\xdf\x69\x08\x75\x1f\xb3\xa6\x8a\xb7\ -\x6c\x1c\x0b\x2f\xdb\xbe\x71\x02\x19\x66\x8e\xb5\x78\x1c\x70\x74\ -\x63\xf5\x8d\x98\x4a\x86\xee\xdd\x05\x20\x50\xf5\x31\x85\xd4\x63\ -\x4c\x73\x76\xc5\xce\x62\x6b\x3c\xfd\x9e\xbb\x50\x2c\x4b\xbf\x36\ -\x51\x92\x09\x5b\xdd\x8d\xb8\xcd\xaf\xea\x8a\x6d\x2f\x2b\xc8\xbd\ -\xb1\x24\x8e\x85\x5a\x61\x13\xb3\x07\x28\xd7\x2d\xb1\x8c\x99\x62\ -\xba\x71\x27\x2f\x93\xf1\x55\x9b\xd4\x36\x50\x81\x34\x00\xb6\x61\ -\xbf\xe7\x8c\x37\x5f\xbc\xda\x94\x48\x77\x0a\x68\x2a\xd9\x18\xa6\ -\x2f\x50\x8c\x9d\x08\x14\x63\x98\x88\x4c\xd2\x56\x77\x31\x6e\xab\ -\x33\x8b\x8a\x7d\x0f\x08\x9f\x65\xe3\x58\x78\x19\xf8\xee\xb2\x5f\ -\x8e\x59\xe1\x35\xd5\xa2\x69\x68\x23\xd5\x56\xde\x34\x8d\xc7\x0b\ -\x6d\x4e\x39\x6c\x87\x9e\x34\xf8\x15\x5d\x51\xae\xcc\x7d\x89\xa5\ -\xdb\x5f\x8c\x1f\x5b\x97\xe9\x7f\x7d\x63\xaa\xc7\xd1\x94\x1b\xb9\ -\xec\x30\xf2\x6f\x23\xe5\xa4\xa5\xaa\x59\x78\x51\x6a\x9a\x06\xf4\ -\x02\xcf\x7d\xce\xdb\x80\x40\x03\xb8\x1b\x4a\x45\x60\x97\x82\xc7\ -\xdb\x3f\x40\xb7\xbf\xb6\xe8\x7e\xc5\xdc\x25\x8c\x42\x35\x2e\x6c\ -\xd9\x90\xca\x5e\xf0\x67\xf3\xc7\x17\xb3\x71\x24\x18\x19\xd5\x7b\ -\x33\x66\x0f\x24\x72\xaa\x63\x1b\x88\x9a\x55\xc1\xb1\x54\x35\x0b\ -\xb3\xf1\x3d\x65\xa4\x81\xd2\x1c\xcd\x0d\x13\x30\x91\x86\x5c\xdb\ -\xd2\x72\x6d\x1a\x86\x6d\x8c\xac\x5f\x94\x36\x98\xc5\x5d\xd5\x7e\ -\xec\x27\xbc\xae\x33\x29\xa7\xed\x5e\xdb\x54\xca\x21\x98\x7f\x16\ -\x03\x01\xaa\xc7\x48\xed\xf7\x64\x53\x00\x32\xa3\xba\x6f\xc5\x6c\ -\x81\x68\x56\x75\x6d\x44\x88\xce\x95\x74\x92\xa5\xaa\x59\x98\x8d\ -\x9f\x28\xfb\xe5\x04\x9e\x16\xb1\x69\xc8\x42\xcb\x63\x89\x92\xbb\ -\x58\x75\x6b\xbe\xf8\x01\x84\xec\x5e\x58\x86\xc8\x3b\x48\xb9\xa4\ -\x02\x1d\x39\x4d\xdb\xfe\xb8\x21\xd0\x94\xd7\xd4\x6a\xab\x79\x0a\ -\xb7\x91\xd9\xdd\x96\x1b\x3a\xb3\x29\xdd\xdd\xd9\x9e\x1d\xb8\xef\ -\xd1\xd3\xe7\x04\x8b\x5c\x9b\xa5\xaa\x59\xa8\x42\x4d\xdb\x02\xdc\ -\x2f\x73\x0c\x6c\x02\x2a\x65\xec\xe7\x82\xef\x93\x6a\xda\x89\x14\ -\x8b\x1b\x3f\xd1\x96\x0b\x4c\x36\xcd\x1f\xb8\x69\x16\xcf\x51\xc8\ -\x9e\x5d\xee\x75\xfb\xb3\xf9\xf7\x43\xa9\xcc\x2e\x81\xa8\x5b\xce\ -\xf1\x79\xe1\xe8\x89\xdb\xeb\xfb\x52\x9a\xbb\x45\x0a\x65\xbb\x25\ -\x71\x2c\x2c\x99\x3b\xcc\xf6\xa6\xcd\x17\x5d\xe3\x9c\x3c\x4e\x7d\ -\x77\x1a\x45\xbf\xbe\x68\xab\xf5\x63\x87\x80\xf8\xbc\xdb\xf5\x62\ -\xeb\x4a\x2e\x3a\xee\x72\x1c\xef\x0f\x05\x12\x86\x10\x37\x97\x73\ -\xbc\x43\xe6\x37\x36\xe5\x47\xce\x6e\x4c\xf7\x6c\xef\x4c\xf7\x0e\ -\xd4\x15\xe3\xe7\x15\x69\xde\x64\x81\xa8\x05\x4b\xe2\x58\x78\x2a\ -\x6d\x6c\x94\x4a\x3f\x35\x95\x59\xc0\xdf\xb3\xe8\xe7\xd5\x24\xd9\ -\x7a\x81\x5c\xe0\xe4\x82\x36\xf3\xe0\xc6\xf3\x64\xbc\x67\x2a\x58\ -\xf0\x63\xc8\x7b\xad\xe4\x00\x00\x20\x00\x49\x44\x41\x54\xe4\x13\ -\x8d\x2c\xb9\xda\x67\x65\x0a\x36\x27\xd2\xef\x78\xf3\xc5\xd3\xb5\ -\x10\x0a\xba\xd0\x46\xe3\xf6\xc0\xfd\xa4\xe6\xf3\x19\x42\xdd\x33\ -\xf3\xfe\x2c\xe7\x80\x85\xa7\xf8\x52\x19\x69\x00\x5a\xab\x7a\xfd\ -\x14\x7c\xc3\x67\x71\xc6\xef\x10\x5f\xe7\x41\x8a\xca\x9e\x80\xa6\ -\x81\x8d\xf4\x6e\x37\xe7\xb4\x28\xcd\x07\x73\xce\xbb\x7c\x68\xa3\ -\x75\x9e\xb3\xc9\x42\xf1\x7a\x4b\x3c\xdd\x24\x4a\x77\xb0\xfc\xc6\ -\xa4\xde\x1c\xca\x4f\x34\x87\x9e\x46\x2d\x68\xfe\x3b\x09\xbb\xdf\ -\x61\x08\x75\xaf\xa5\xaa\x59\x78\x8a\x1f\x98\xb3\xa6\x63\x09\x47\ -\xdb\x32\x3b\x09\xde\x6f\x40\xcb\x55\x36\xd6\x6d\x85\x4e\xb4\xc2\ -\xd5\x0a\xf6\x4d\xcd\xdf\xc1\x8c\xdd\xb6\xaf\xb7\x21\xe0\xd4\x55\ -\xf5\x52\xad\xda\x54\xa5\x11\x0c\x16\x27\x4f\x76\xa5\x1f\x1f\xd9\ -\x90\xea\x29\x58\xc4\xb1\x40\x38\x1c\xb6\x33\xbb\xae\x80\x02\xb4\ -\x2d\xb1\x21\x45\x7a\xa8\x7f\x7c\x12\xef\xf0\x45\x04\x53\x73\xb6\ -\x37\x8e\xa8\x73\xd4\x3c\xa3\xb0\x7d\x35\xee\xc9\x14\xd4\x3f\x09\ -\xfa\x8e\xc6\x5c\xce\x0b\x40\xb6\x96\x6d\x2b\x98\x3e\x8b\x38\x16\ -\x00\xce\x32\x7b\xea\xf2\xa6\x15\x28\xf2\xae\xd8\x31\x82\x8f\x72\ -\x08\xe3\xa3\xb2\xf5\xde\xd8\x01\x84\xec\x99\xb1\xe6\x2e\x52\xae\ -\xea\x94\x84\x51\xaf\xf3\xf4\x40\xbd\x6f\xd0\x84\x47\xb5\x25\x8f\ -\x05\x0b\xf0\x85\x15\xa9\x69\x15\xdf\xac\x62\x2b\x0d\x0f\xf6\xe2\ -\x8c\x9d\xe7\xf9\xc4\x4f\x02\xff\xc4\xf3\xda\xd3\xa6\x3e\xfe\x22\ -\x6e\x2e\xaf\xa9\x9b\x7b\x1b\x03\x1d\x39\x9b\x7a\xc1\x22\x8e\x85\ -\x5a\x62\x6e\x48\x4c\x7b\x8d\xde\x2f\xdf\xf0\x19\xea\x7b\xbb\x11\ -\xb2\x14\x8b\x16\x1a\x3d\x04\x24\x01\xd0\x8b\x0d\x2f\xea\x06\x25\ -\x38\x07\x03\xbe\xd3\x63\x3e\xf7\x25\x09\x93\x16\x71\x2c\xd4\x02\ -\xbf\x5f\xf6\x4b\xd4\xb8\x75\x2d\xbb\x9d\x86\xfb\xcd\xd8\xb2\x6f\ -\xa3\x98\x1e\xdc\xa9\x6b\x48\xa6\x90\xfa\x8e\x17\x7d\xa3\x49\xa7\ -\xfd\x68\x5f\xc8\x5f\x30\x14\xf1\x91\x45\x1c\x0b\x2b\xc5\xff\x60\ -\xe6\x60\x9f\x04\x7a\x6a\xfe\xcd\x77\x13\xe8\x3d\x85\x6f\xf8\x12\ -\x8d\x83\x41\xa4\x79\x17\x29\xd5\x97\x71\xb3\xba\x22\x5a\x7a\x43\ -\xfe\xbd\x49\x87\xfd\x1c\xa5\x99\x17\x2c\xe2\x58\x58\x16\x62\x73\ -\xe4\x4c\xcf\x2a\x9d\xc9\x19\x3b\x4a\xeb\x2d\x5f\x47\x67\xef\x98\ -\xaa\xca\xfe\x97\x78\xcf\xca\x58\x9d\xfb\xec\x50\xc0\x7b\x4f\xc2\ -\x92\xaf\xc3\x1a\x00\xb5\xf0\x54\xc6\x64\x98\x99\x45\x99\x06\x46\ -\xa8\x75\x51\xa6\x5c\xab\xd3\x71\xe9\xcd\x50\x68\x47\x68\x53\x5f\ -\x70\x63\xdd\xe5\xce\x44\xda\x11\xbd\xdb\xdb\xd0\x73\xb3\xa7\x39\ -\xdd\x3b\x1c\xf0\x25\xd2\x8e\x4d\x2c\x25\x6b\x74\x85\xc8\xda\xb4\ -\xdd\xbd\x0d\xfe\x44\xfb\x54\xea\x3d\xbb\x61\xbc\x5e\xed\x71\x56\ -\xc8\x8d\x05\x00\xc2\xe1\xf0\x9f\x51\x9a\x34\xaa\xdc\x41\x70\xb2\ -\x26\xcd\x17\x9a\x1d\x8e\x8b\x6f\x86\x82\x5b\xbd\xaa\xd6\x32\x6d\ -\x46\x0d\xec\x0c\xf6\xcf\xf1\xdd\x49\x89\x1c\x9d\xf4\x3e\xb9\xd9\ -\xd3\x3c\x78\xa7\xb7\xd1\x18\x18\xaf\x0b\xe5\xf3\xea\x16\x5e\x40\ -\x7d\x81\xfa\x4c\xee\x9d\x60\x3a\x77\x80\x2a\x66\x58\xb0\x88\x63\ -\xe1\x29\x71\xfe\x29\xf0\x0b\x73\x9c\x04\x5f\xa0\xd2\x3c\x05\xd5\ -\xa2\xd8\x68\xb7\x5f\x7c\x2b\x14\xda\xe4\xd3\xb4\x39\xc3\xa9\x9b\ -\xfc\x23\x8f\x9d\x6a\x71\xc3\xa2\x36\x89\x21\x0a\x3d\x43\xf5\x0f\ -\x6f\xf5\x34\x47\xef\x3d\x69\x50\x27\x62\x9e\x76\xdd\x10\xeb\x57\ -\xc1\x8d\x81\x4d\x37\x7b\x3b\xa6\x12\x39\x05\xb6\x5b\xaa\x9a\x85\ -\x6a\xf0\x57\x15\x15\xb8\x1e\x60\xd7\x92\xdb\x32\x42\x36\xdb\xfb\ -\x6f\x86\x42\xeb\x03\x36\xdb\xa9\x79\x0d\xab\xbc\xa7\xaf\xc5\x1d\ -\x5b\x94\x38\x9a\x2a\xed\x5b\x3b\x27\x77\x6d\xed\x7c\xee\x45\x4e\ -\xe7\x6c\xb1\xfb\x4f\x1a\xba\x6f\xf4\x34\x27\x7b\x86\xea\x3d\xf1\ -\x94\x73\x83\x34\x59\xb1\x7b\xbb\xa8\x29\x5d\x8f\x1b\x03\x85\xd6\ -\x78\xea\xbc\xbb\xa0\x9f\x9e\x8f\x9c\x96\xc4\xb1\xf0\x54\xe2\x28\ -\xc0\x38\xb3\xa7\x63\x77\x4d\x4b\x9d\xea\xbe\xed\x66\xbd\x4d\x7b\ -\xff\x33\x0d\x0d\xed\x01\xcd\xd6\xb5\x28\x21\x14\xe3\xca\xb6\xc0\ -\xd0\xe1\x5a\xdd\xc3\x78\xcc\x3d\x70\xab\xa7\xa9\xff\xce\xe3\xc6\ -\x42\xdf\xa8\x3f\x98\xcd\xdb\x36\xaf\x44\x5e\x7a\x73\xc5\xab\x4d\ -\xc9\xf4\x3a\x01\x8d\x16\x71\x2c\x2c\x44\x9e\xdf\x05\xbe\x3c\x67\ -\xc3\x29\x16\x8b\x5b\x93\x7e\x4d\xbb\xf8\x56\x43\x43\x73\xc8\x66\ -\x5b\x42\x0d\x29\xb2\x3b\xea\x07\x84\x22\xa4\x73\x35\xee\xc7\x30\ -\x85\xfe\x64\x24\xf0\xe8\x56\x77\xd3\xf8\xdd\xbe\x46\x31\x3a\xe9\ -\x69\xd1\x75\x65\x23\x4b\xf0\x26\x6b\xd2\x1c\x6f\x9f\x4c\xf5\x69\ -\xa6\x79\xc8\x22\x8e\x85\x4a\xa4\xd9\x0d\xfc\x39\x95\x42\xf1\x0f\ -\x02\x5b\x2a\x13\xc6\xa7\xa9\x1f\xbc\x15\x6a\x08\x36\xda\xed\x5b\ -\x96\x73\xde\x0e\x6f\xf4\xaa\xdf\x9e\x39\xf4\xa2\xee\x33\x57\xd0\ -\x52\x0f\xfa\x42\x8f\x6e\xf4\x34\xc7\xba\x07\x82\xae\xc9\xa4\xab\ -\x4b\x9a\x2c\x56\xc4\x43\x36\xa4\xb2\x17\xea\xb2\xb9\x53\x02\xa1\ -\x58\xc4\xb1\xf0\x94\x34\x7b\xa6\x6d\x9c\x39\x2a\x09\xbb\x80\xdd\ -\x73\x8f\xf1\xa8\xea\xe5\x37\x1b\x42\xbe\x16\xbb\x63\x45\xd1\xcd\ -\x5e\x2d\x7f\x7e\x7d\xdd\xd8\x99\x97\x79\xff\x93\x09\xe7\xc8\xdd\ -\xde\xc6\x27\x37\xbb\x9b\x73\x7d\xa3\x7e\x7f\x2a\x67\xdf\x8c\x64\ -\x4e\x0d\x04\x47\x3e\x69\x34\x25\x32\xaa\x1d\x87\x45\x1c\x8b\x34\ -\xe1\xbd\xc0\x5f\x56\x24\xcd\x1e\x60\x67\xf9\x2a\x67\x4e\x19\x7d\ -\x6b\x5d\x68\xa2\xcd\xe1\xdc\x55\x8b\xf3\x0b\x21\x7b\x76\xd6\x0f\ -\x6c\x7c\x95\xfa\xc4\x34\x31\x07\x27\xfc\x3d\x37\xbb\x9b\x46\xee\ -\xf6\x36\xc8\xe1\x68\x5d\x53\xa1\xa8\x6c\x06\x54\x61\xea\x34\xc4\ -\x46\x2c\xe2\xac\x71\xd2\xec\x9f\x26\xcd\xdc\x29\x08\xf6\x53\xaa\ -\xa7\xf6\xf4\x6b\x1b\x17\xbc\xde\x5c\x1f\xdb\xda\xe8\xa9\xf9\xe0\ -\xe4\x16\xff\xf0\xa0\x5d\xd5\xdb\x5f\xe5\xbe\xca\xe5\xd5\xfc\xe5\ -\x5b\x75\x8e\xbb\x8f\x03\x0c\x8c\xfb\x2d\x77\xf4\x1a\xc7\xcf\x57\ -\x24\xcd\x0c\x9b\xc6\x96\x10\x1c\xf1\xfb\xd9\xb3\xdb\x07\xab\x34\ -\xa2\x3f\x95\xf7\xf6\x34\xbb\x63\xaf\x34\x71\x9c\x0e\xc3\x71\x74\ -\xef\x14\x1b\x5b\xa6\xc8\xc6\x84\x45\x9c\x35\x2c\x6d\x8e\x00\x6f\ -\xcc\xd9\x70\x18\xd8\x54\x22\xcc\x21\x5f\x1d\xfb\x76\xd5\xad\xfa\ -\xb5\xc4\x8b\x2e\x7b\x33\xb1\x57\xb1\x9b\xfa\xc9\xd1\x4f\x52\xd1\ -\xe3\x23\x62\x8f\xd7\x54\xea\xdb\x05\x3c\x9a\x52\x2c\x55\x6d\x8d\ -\x92\xa6\x01\xb8\xca\xec\xb9\x34\x8f\x82\xd6\x20\xd8\xef\xaa\xe3\ -\x50\x57\xdd\x0b\xbb\x1e\x21\x64\x6a\x47\xfd\x80\x43\x80\xed\x25\ -\x76\x4b\x06\x9d\x87\x64\x44\x8c\x84\xe2\x24\x21\x36\xa2\x8b\x32\ -\xbb\xcf\x94\x70\x23\xee\xc0\xb5\xb5\xd9\x92\x38\x6b\x14\xdf\x28\ -\x23\x8d\x00\xf7\x21\x95\x6d\x1d\x6e\x5e\xdb\x10\x78\xe1\x17\x23\ -\xa5\xf0\xa6\x0a\xae\xeb\x3e\x7b\x76\xdf\x8b\xf3\x00\xd0\x47\x81\ -\x7e\x92\x8a\x41\x42\x69\x22\x23\x36\x23\x99\xf7\xfc\xe9\xbc\x34\ -\xef\x2b\x01\xc5\xb3\xb5\x54\x7f\xd1\x22\xce\xda\x93\x36\x47\x99\ -\x15\xcc\x19\x3a\xea\x61\xfb\x46\x17\x5e\xa1\x30\x39\x55\xc4\xef\ -\xd3\x50\x35\xf1\x42\xaf\x6b\xaa\xe0\x99\xf2\xd9\xb3\xab\xc4\x4c\ -\xd2\x18\xcf\xa4\x89\x9b\xb8\xd8\x84\x21\xd6\x51\xe5\xec\xd5\x86\ -\x50\xee\xf4\x04\x1a\x77\x7a\x7c\xa5\x19\x1a\x0d\xc3\xb4\x88\xb3\ -\x06\xf1\xe3\x73\x0c\xdf\x23\x6e\x06\x82\xcf\x73\xca\x84\xd4\xb1\ -\x25\x4c\x9c\x09\x13\x77\x1e\x7c\x42\x14\x83\x1e\x2d\xe9\x73\xab\ -\x9a\xa6\x8a\x55\xd1\xe1\xd2\x45\x47\x6b\xcd\x1a\x33\xe9\xa5\xc0\ -\x00\x09\xc5\x24\xa1\xb4\x90\x11\x9b\x28\xf9\x09\x97\x8c\x9c\xcd\ -\xfe\x76\x5f\x7d\xf3\x31\xfb\x8c\x98\xa3\x78\x9a\x61\xcb\xc6\x59\ -\x5b\xd2\xa6\x1e\x18\xa2\x54\x4a\xbd\xa4\x72\xd4\xab\xb4\xff\x64\ -\x63\xd5\x6d\xd8\x24\x89\x3a\x53\xe9\x0f\x98\x62\x2a\x60\xa2\x7b\ -\x4d\xe1\x72\x98\xa2\x51\x81\x4e\x56\x68\xa3\x6c\x0d\x0c\x8d\xda\ -\x14\x63\x69\x53\x71\x48\x92\x18\x3c\x24\x2d\x12\xc4\x15\x0f\x29\ -\xb1\x19\x5d\xd4\xd7\xa0\xbb\x72\x13\x1e\xff\x95\xa8\xc7\x3f\x27\ -\xb1\x62\xcc\xe6\x7b\xcf\x92\x38\x6b\x0b\x5f\x9d\x49\x1a\x00\xd7\ -\xe6\xa5\x4d\x10\x5d\x14\xd4\x45\x55\x73\x57\x74\x56\xd2\xb3\x00\ -\xdd\x6b\x88\x5e\xbf\xa9\x8c\xd5\x9b\x64\xeb\x4c\xa1\xba\x24\x7e\ -\x0d\x3a\x90\xd5\xbd\xc8\x53\x05\xcf\xc3\x26\x67\xa2\x79\x41\x9a\ -\x98\x3c\x26\xc7\x10\x29\x45\xce\x90\x26\x07\x6b\xab\xd9\xd1\xdf\ -\x1f\x6c\x4e\x67\x35\x47\xa5\x6c\xa4\x4c\x4c\xb8\xf6\x59\xc4\x59\ -\x5b\xf8\xfa\xec\x15\x4b\x25\xce\x02\x2f\x9b\x96\x54\x65\x57\x52\ -\x35\xba\x06\x66\x6d\xb3\x4b\xa2\x7e\x53\x0c\xd6\x9b\x4a\xdc\x6f\ -\x60\x7a\xa5\x70\xdb\x4d\xd1\x2c\x4a\x45\xa8\x9e\x05\x5c\x26\x72\ -\x1e\xb5\xc9\x99\x98\x79\x68\x02\x9d\x87\xa4\x44\x92\x84\xe2\x25\ -\x29\xb6\x60\x88\x8d\xc0\xaa\x45\x1a\xe8\x8a\x7a\xe5\x49\xb0\x75\ -\x93\xae\x28\x9d\x95\x3f\x1c\xca\x75\x13\x71\xdc\x22\xce\xda\x51\ -\xd3\x0e\x00\x07\xca\x56\xaa\xe0\xec\x5a\xfd\x89\x9b\x0b\x82\xd0\ -\xb8\x2a\x43\xe3\xaa\x51\xa6\xcc\x29\x90\xf7\x1a\xa2\xbf\xde\x14\ -\x13\x7e\x53\xe4\x9a\x74\x8a\x64\xc4\xdb\xa4\x14\x88\x8b\x36\xb2\ -\x62\x23\xf0\xa2\x02\x40\x65\xca\xe1\x3e\x3f\xe4\x6f\x38\x2d\x17\ -\x88\x9e\x9e\x54\x3d\x0a\x58\x5e\xb5\xb5\x84\xbf\x3b\xc7\x29\xb0\ -\xce\x8e\xb0\x8b\x97\x75\x3d\x52\x91\xf2\x49\x5d\x41\x1f\xd9\x94\ -\xc8\xdb\xb7\xa6\x0a\xbb\x3d\xba\xd9\xf0\x92\x5e\xc9\xf8\x48\x5d\ -\xe8\x41\xdc\xe9\x39\xbb\xc8\x7e\xa9\x98\xe2\xda\x67\x11\x67\x6d\ -\xe1\xf3\xab\xa5\xa6\x55\x09\xc3\x66\xca\x07\xad\x39\x63\x6c\x5b\ -\x22\xe7\xdc\x92\x2a\x6c\x75\x19\x72\x2b\xb0\xf5\x65\x76\x8a\x21\ -\xc4\x83\x27\xc1\x16\x57\x51\xb5\x1d\x59\x5c\x72\x6a\xd7\x25\xe2\ -\x84\x45\x9c\xb5\xa3\xa6\x79\xa8\x30\x57\xe6\x2a\x13\xa7\xe8\x34\ -\xe4\xfd\xd6\xac\x1e\xdd\x9e\xca\x79\x36\x25\xf5\x6d\x0e\xd3\xdc\ -\x01\xec\x78\x55\xfa\x25\xaf\xd9\xde\xed\xab\x6f\x3e\x68\x0a\xa5\ -\xaa\x2c\xd1\xa8\xe6\x7e\xa6\xd7\x5a\xc4\x59\x1b\xd8\xce\xec\xe4\ -\x67\x01\xb2\x58\xd3\xa1\x88\xbc\xcb\x90\xf7\x3a\x32\xc5\xa9\xed\ -\xc9\x7c\xdd\x86\x74\x71\xbb\xcd\x94\xbb\x5f\xd1\xfe\x28\x4e\xba\ -\xeb\xde\x1f\xf7\x06\x4e\x2f\xe1\x98\x58\x42\x38\xf7\x5b\xc4\x59\ -\x5b\xc8\xcf\xb5\x30\x60\xe4\xd7\x27\x69\xf8\x72\x00\xf7\xb6\x65\ -\x49\x9e\x8c\x5b\x97\xf7\xd6\x65\x8b\x89\xed\x89\x5c\x7d\x57\xba\ -\xb8\x5d\x5d\x20\x64\xe5\x55\x81\x84\x91\x01\x7f\xe3\x44\xc6\xe1\ -\x3a\xbd\xa4\x0e\x54\x6c\x37\x25\xe2\x94\x45\x9c\xb5\x85\xdb\x94\ -\x0a\x71\x94\x8d\x74\xca\xa2\x64\xfc\xff\x9d\x22\xf8\xb9\x3a\x7c\ -\xaf\xb9\x17\x6c\x40\x48\x92\x1e\x43\xde\xef\x4a\x17\xd2\xdb\x93\ -\xf9\x50\x47\xba\xb8\x4d\xad\xf1\xf8\xc9\xea\xdb\x33\xea\x47\xbd\ -\xa1\x96\x0e\x5d\x51\x97\x2c\x09\xa3\x8a\xdb\x53\xde\x1f\x56\xe4\ -\xc0\x5a\xb1\x73\x2a\x17\xe2\x98\x46\xdd\x71\x0f\xf5\x6f\xf9\x9e\ -\x29\x74\x66\x56\x62\x1f\x2b\xc8\x5d\x7e\x79\x61\x7b\xbc\xd0\xd4\ -\x96\x2b\x6e\x55\x40\xfd\xb8\xde\x7f\xda\xee\x3c\x3f\x18\x68\x3c\ -\x29\x11\xcb\xb9\x87\xe8\x7d\x7b\x73\x40\xce\xb8\x7f\x4b\xe2\xac\ -\x1d\xfc\x57\xe0\x73\xcc\x53\xa5\x32\xf1\x7e\x1a\x91\xd0\xd9\xb1\ -\x59\x63\x9f\x62\xb0\xc3\x6e\xa0\x08\x04\x39\xce\x7c\x9c\x6f\x5a\ -\x42\x7a\xcc\x17\xb8\x19\x73\xd5\x2d\xfb\x3e\x72\x8a\xed\xb6\x84\ -\x32\xd5\xce\x2a\xba\xbe\x46\x10\x89\x44\xfe\x1c\x38\x0a\x3c\x9c\ -\x6f\x9f\xf8\xed\x3c\x3b\x5d\x69\x62\x23\x79\xfa\xa7\x3e\xfe\x9a\ -\x88\x14\x4a\x4f\x5f\xb0\x65\x34\xe6\xaa\x3b\xb6\x92\x76\x26\x54\ -\x8f\x7f\xf6\x3a\x8b\x38\x6b\x8b\x3c\xb7\x29\x4d\x22\xf5\xcb\x40\ -\xbc\xd2\x3e\xa3\x51\xd8\x78\x44\xd2\x97\xd1\xb9\xd8\xa7\xc7\x53\ -\x05\xf9\x0e\x90\xfb\xb8\xdd\x6b\x41\xd5\x2e\x3e\x6a\x68\x6b\xca\ -\x69\xf6\x95\x86\xe7\x8c\xa6\x84\x7d\xcf\x5c\x9b\xcf\xb2\x71\xd6\ -\xaa\xcd\xe3\x02\x7e\x0d\xf8\xfe\x99\xeb\x5b\x9a\xe0\x9f\xff\x43\ -\x88\x4e\xc2\xa3\x2b\x24\xf4\x02\x75\x36\x95\xc9\x0d\x01\xf5\x46\ -\x83\x5b\xd9\x2e\x44\x8d\xe7\x2f\x58\x05\x1f\x40\xcc\xe9\x79\x67\ -\xb4\x2e\x54\x13\x15\x33\xa3\xd8\xce\xf7\x69\xc1\x33\x96\xc4\xb1\ -\xf0\x54\xfa\x64\x29\x4d\xe4\x51\x86\x91\x31\x18\x1c\x81\x50\x10\ -\xf6\x9c\xc2\xee\xf5\xf3\xb0\x68\x10\x7c\x10\x35\xce\xbe\xdf\x5f\ -\x6c\x78\x1c\x33\xde\xd3\x4d\x79\xeb\x15\xb5\x67\x26\x06\xfd\x0d\ -\x37\x6b\x45\x1a\x80\xa8\xea\x0d\x55\x5a\x6f\x11\x67\x6d\xa3\xe2\ -\x00\xce\xd5\xe9\x49\xfe\xdc\x2e\x9c\xbb\x8f\xd3\x5e\xdf\xc4\xcd\ -\xe9\x17\x53\x1b\x4a\x98\xaf\x5f\x1a\xd0\x77\xdf\x1a\xd5\xef\x64\ -\x0a\xf2\x5d\xa0\xf0\x4a\x88\x19\xa1\xdc\x7a\x1c\x6a\x2b\xa6\x1c\ -\xee\xfd\x35\x6c\x76\x30\x23\xec\xbb\x2c\xe2\x58\x98\x8d\x8a\xa1\ -\xd1\x57\x6f\xc0\x53\x0d\x5e\xd5\x70\xef\x38\xc2\x96\xe6\x4e\x2e\ -\x97\x39\x12\xf2\x72\xe7\x87\x23\xfa\x89\x2b\x03\xc5\x58\x34\x2b\ -\xcf\xc9\xd2\x38\xd1\x4b\x41\xd6\x6e\xbf\xd0\xdd\xd8\xbe\xb5\xa8\ -\x6a\xad\xb5\x6c\x37\x2d\xec\x8f\xe4\x3c\xe5\xe6\x2d\xe2\xac\x6d\ -\xfc\x06\x15\xe6\xc0\x9c\x8a\xc1\xe3\xbe\x19\x86\xb0\xc0\xb9\x79\ -\x1f\x07\x3a\x37\xf3\xee\xec\x7d\xf3\x26\x4d\xf7\xc6\xf5\xb3\xef\ -\xf7\x17\xfd\x4f\x62\xc6\xbb\x86\x29\xef\xbe\x48\xce\x4c\x78\xfc\ -\xef\xf6\x05\x5a\x4e\x4b\x44\xcd\xf3\x23\x26\x34\xef\xbc\x49\x75\ -\x96\x73\xc0\x72\x12\xfc\x24\xf0\x8b\xb3\xd7\x7f\xe1\xb3\xf0\xd6\ -\x5c\x4b\x41\x8e\xf6\x71\xe1\xd1\x8d\x85\xc7\x76\xea\x5d\xe2\xe6\ -\x86\x80\x9a\x72\xd9\xc4\x11\x56\x69\xac\xd0\x94\xf4\x0f\x04\x5b\ -\x32\x59\x9b\x7d\xdb\xaa\xd8\x4b\x82\x27\xf7\x6d\xcd\xeb\xe7\xdb\ -\x6e\x49\x1c\xcb\x49\xf0\x1f\x81\xde\xd9\xeb\xf7\x54\x8e\x61\x16\ -\xcd\xeb\x38\xb3\xe3\x35\x2e\x2c\xd4\xe6\x54\x56\xee\xb9\x36\xac\ -\x1f\xbf\x32\x54\x1c\x9f\xcc\xca\x73\xc0\x64\x2d\xaf\x59\x57\xd4\ -\xcb\x3d\x8d\x1d\xbe\xd5\x22\xcd\xb4\x9a\xf6\x78\xa1\xed\x16\x71\ -\x2c\x89\xb3\x11\xe8\x9a\xb9\x6e\x7d\x47\xc9\x2d\x3d\x1f\x82\x4d\ -\x9c\xde\x77\x8a\x77\x85\xc0\x58\xa8\xed\xbc\x4e\xeb\xdd\x71\xfd\ -\xec\xc5\xfe\xa2\xab\x3f\x6e\xbc\x6d\x48\xf9\x70\xa5\x82\x20\xe1\ -\x74\x9f\xeb\x6e\x68\x3f\x6c\x28\xca\xaa\x16\x80\x9b\x50\xbd\x1d\ -\x16\x71\x2c\x2c\x84\xef\x9b\xbd\xe2\x58\x15\xc9\xca\x5e\x3f\x27\ -\x0e\xbe\xc1\x55\x45\x59\x7c\x70\xd4\x90\xb8\xfa\xe2\xe6\xa9\x8b\ -\xfd\xfa\x96\x7b\xe3\xfa\x47\x39\x5d\x5e\x02\xcc\x25\x5e\x67\x6c\ -\xb8\x2e\x74\x65\xb8\xae\xe1\x2c\xab\x30\xf7\x67\xb9\x9a\x26\xba\ -\x73\xc2\xb6\x79\xa1\x7d\x2c\x1b\x67\x6d\x4b\x1b\x1b\xd0\x4d\xa9\ -\xb4\x13\x00\x9a\x06\x3f\xf7\xcf\xc1\x55\xe5\x1c\x69\x7a\x81\xeb\ -\x57\xbf\xc3\x46\xbd\x88\x6f\x29\xe7\x76\x69\xf4\x6f\x0c\x69\xdd\ -\x01\xbb\x38\x80\xc0\xbf\xa0\x3d\x23\xc4\xfd\xbe\x60\x8b\x3b\xaf\ -\xda\x3a\x5f\x44\xbf\x24\x55\xe7\xb9\x41\xd5\x7f\xd6\x92\x38\x16\ -\xe6\xc3\x0f\xcd\x24\x0d\xc0\xbe\x5d\xd5\x93\x06\x40\xb3\xb3\xef\ -\xf0\xa7\x19\xb0\xd9\x97\xe6\x8e\xce\xea\x74\xde\x1e\xd5\xcf\x5e\ -\x1c\x2c\x6a\x03\x71\xf3\x82\x29\xe9\xa9\xa8\xee\x69\xf6\x77\xba\ -\x1b\xda\xd7\xbd\x28\xd2\x00\x8c\x2b\x9e\xae\xc5\xf6\xb1\x24\xce\ -\xda\x95\x36\x01\xe0\x3e\x50\x66\xcd\xfc\xf8\xd7\x61\xfb\xe6\x2a\ -\x1b\x29\x72\x9b\x2c\x13\x18\xec\xcc\xe5\xb8\xf7\xd1\x47\x74\x19\ -\x06\xcb\x7b\xc1\x05\xb2\xc1\x2d\xae\x6e\x08\xa8\xd2\xae\x8a\xc3\ -\x94\xb2\x34\x2f\x2e\x31\x4b\x73\xe5\x6a\x1a\xe2\xde\x7d\x7b\xd3\ -\xa2\xb3\xcc\x59\x69\x05\x6b\x17\x5f\x99\x4d\x9a\x80\x1f\xb6\x2e\ -\x16\x12\x69\xd0\x4b\x96\x5e\x8a\x74\x21\x9f\x4f\xe4\xee\x74\xd0\ -\xd0\xd6\xc1\x07\xc3\x43\x64\xf5\xe2\x32\x0a\x70\x48\xc4\x44\x5a\ -\x1e\x9e\x48\xeb\xb8\x6c\xf4\x06\x5a\x03\x77\x8a\x2f\x98\x34\x00\ -\x09\xc5\x31\x4a\x29\xd5\xdc\x22\x8e\x85\x8a\x98\x33\xd9\xed\x6b\ -\x07\x40\xa9\xa4\xbc\x9b\x8c\x91\xe3\x2e\x05\x1a\x31\xd9\xc9\x2c\ -\x2f\xdc\x53\x99\xd1\xde\x8a\x2b\x93\xa1\x25\x19\xe7\x66\xa1\xc0\ -\x9e\xe5\x5e\x58\xb6\x48\x57\xb6\x2f\xd6\x25\x06\xe3\x49\x4f\x7b\ -\xe8\xbc\xb3\xa9\x6e\x03\x88\x75\x2f\xa2\x53\xa2\xaa\x77\x53\x55\ -\x2a\xaa\xf5\xfe\xac\x59\xcc\x19\xa9\x39\x7a\xa8\xcc\xe8\x2f\x6a\ -\x06\x1f\x50\xc0\x89\xc1\x7e\x58\x3c\xa1\x4d\x55\xd8\x1b\xf0\x73\ -\x11\xd8\x9f\x4a\x72\x39\x9f\xe3\xc8\x4a\x2e\x50\x1a\xd2\x97\xea\ -\x9b\x38\x93\xea\x9f\x30\x9d\x21\xdf\x07\x9e\x8e\x90\x26\x34\x75\ -\xd5\xd2\xb5\x0d\xc4\xed\x82\x50\xab\x98\xdb\x54\x18\x16\x71\xd6\ -\x2e\xca\xe6\xd4\xd8\xd4\x05\xc1\x00\x3c\xe9\x06\x33\x0f\xeb\x9a\ -\x01\xc1\x89\xa5\x36\xda\xd4\x48\x7b\x3c\x81\xe2\xf5\x71\x50\x51\ -\x78\x37\x9b\x59\x7a\x1b\x15\xd4\x38\x25\x37\x91\x7c\x2d\x37\x91\ -\x44\x73\x3b\x1e\x79\xd7\x37\x0c\x6b\x1e\xe7\x21\xc0\x5d\xcb\x0e\ -\x49\xaa\xce\x89\xc5\xf6\xd1\xa5\xab\x67\x2c\xdf\x95\xb5\xbc\x6a\ -\x6b\x17\x65\x5e\xac\xa6\x90\x93\xec\x08\xac\xaf\x87\x0d\x2d\xa0\ -\x8a\xe5\xcd\x3c\xa0\x08\x3a\x9b\x9b\x78\x1f\x50\xdd\x1e\x4e\x78\ -\xbc\x0b\x47\x19\x2c\x15\x7a\x26\xbf\x39\x76\x77\xf0\xd4\xe4\x47\ -\x8f\x0b\xb9\x68\xe2\x1c\x52\x0e\xd6\xca\x2f\x10\x55\x3c\x0b\x45\ -\x22\x98\xb1\x62\xfb\xf9\xb1\xfc\xa6\x36\x50\x77\x59\xc4\xb1\x88\ -\x53\x32\x8a\xf5\x16\x3e\x18\xd8\xc8\x64\x72\xe5\x63\x8b\x81\x3a\ -\xf6\x2b\x4a\x29\xcc\xc6\xe9\xe2\xb4\xcf\x5f\x5b\xf2\x00\x98\xba\ -\x19\x48\x3d\x1e\x3f\x3b\x71\xad\xa7\x25\xd5\x37\x71\x51\xea\xc6\ -\xf5\x15\xa9\x69\x42\xdc\x2c\x0a\xb5\xa5\xb2\x94\x71\x3c\x1e\xc9\ -\xed\xb8\x93\x31\xea\xcf\x30\x3d\xdb\x83\x45\x1c\x8b\x38\xa5\x97\ -\xc3\x30\x90\xce\x16\xae\x45\x0f\x71\xbb\x6f\xc5\x15\x3e\xfd\x1d\ -\x6d\x3c\x4b\x76\xb3\xdb\x39\xed\xaf\xe7\x5d\x16\x09\xd1\x59\xa6\ -\x1a\xa7\xe6\xc6\xe2\xc7\xa2\x1f\xf5\xee\x8b\xdf\x1d\xb8\xaf\x67\ -\xf3\xef\x50\xa9\x8e\xdc\x22\x88\x0b\x57\xac\xb2\x94\x69\x3b\x3f\ -\x96\xdf\xd2\x6a\x52\x5e\x52\xca\x22\xce\xda\x45\x59\x10\xa3\xa1\ -\x97\x22\x60\x84\x6a\x67\x44\x1c\xe2\xed\x87\xad\x86\x84\xc4\x72\ -\x1b\x77\xbb\x78\xdd\x61\x7f\x4e\x4e\x4d\xe3\x44\xa0\x9e\xab\x42\ -\xac\x5e\xfd\x82\x62\x3a\xbf\x2d\x76\x7b\xe0\x64\xf4\x7a\x6f\x2a\ -\x1f\x4d\x9e\x43\xca\xd1\x6a\x05\xce\xa4\xe6\xd9\x39\x4b\xca\xf4\ -\x8e\xe4\x76\xdc\xce\x18\xc1\x67\x52\xc6\x22\x8e\x05\x28\x45\x44\ -\x3f\x1b\xfd\xd6\xf5\x72\x61\x50\x70\x6e\x50\xdf\x1f\x3e\x90\x2a\ -\x9a\xda\xcd\x65\xb6\xaf\x75\xb4\x13\x9d\xb9\x42\x55\x79\x2d\x10\ -\xe4\xbe\x22\x96\x4f\xc8\xaa\x84\x50\xd1\x08\x25\x1f\x8f\x9d\x8d\ -\x5e\xeb\x09\xa6\xfb\x27\xde\x93\xa6\xb9\x60\xaa\xb7\x81\xb8\xa1\ -\xa3\x34\x3c\x95\x32\xf1\x62\xeb\xf9\xb1\xfc\x96\x66\x13\x75\x5e\ -\x97\xba\x45\x9c\x35\x8a\x48\x24\x92\x07\x06\x9f\x4b\x9c\xb9\x5a\ -\x54\x56\x77\xb5\x5d\x18\x3c\xb2\x73\x34\xdb\x70\x8e\x0a\x09\x6f\ -\x8b\xc1\xa6\x71\xc4\xe7\xe5\x5a\xd9\x0b\xa7\xb0\xcf\x1f\x62\x44\ -\x51\x56\x3f\x63\x54\x4a\x6c\xd9\xd1\xf8\xeb\xd1\x6b\x8f\x77\xc7\ -\xef\x0f\xdd\x36\x72\x85\x77\x81\xe2\xec\xfd\x62\xaa\x3b\x35\x2d\ -\x65\x9e\x8c\xe4\x76\xdc\x4a\x1b\xa1\x33\xc0\x82\x85\xd8\x2d\xe2\ -\xac\x6d\xdc\x7d\x2e\x71\xe6\x0b\x56\x16\xea\xad\x89\xad\x67\xaf\ -\x8d\xef\xba\x67\x22\xfa\x97\x7a\x82\xd6\x16\xbc\xcc\x8a\x84\x56\ -\x04\x5b\x03\x21\x72\xaa\x42\xff\x8b\xba\xd1\x62\x32\xbb\x6b\xea\ -\x56\xff\x89\xc9\x1b\x4f\x26\x8b\xb1\xd4\x39\xe0\xa9\xeb\xb9\x38\ -\xa9\xba\x77\xc6\xf5\xd6\xf3\x63\xf9\x2d\x8d\x26\xea\xde\xaa\xc4\ -\xa9\xf5\xee\xac\x69\xdc\x01\xde\x9a\x4f\xe2\xcc\xc4\x54\xce\xbf\ -\xfb\xc2\xc0\x6b\xa9\xc3\xcd\x37\xdf\xf5\xda\x32\x55\x8f\xcd\x28\ -\x82\xad\x0d\x21\xde\x9e\x88\x72\xaa\x8c\x8e\xd0\x19\x08\x31\x16\ -\x8f\xf1\x60\x59\x21\x3a\xcb\x84\x59\xd0\x9b\xe3\x8f\x46\x9b\x85\ -\x18\xcb\xbb\x5a\x02\xef\xc8\x86\x60\x6a\x20\xbe\x5e\xd5\x0d\xb5\ -\x41\xe8\xf1\x9b\xa6\x6e\xe8\xe8\xa6\x21\x0d\xc3\xc4\x30\x91\xba\ -\xa9\x60\x18\x2a\x86\xb4\x49\x69\xda\x31\xa5\x43\x4a\xe9\xb2\x88\ -\x63\x49\x9c\x8a\x36\x4e\x45\x5b\x40\xaa\xde\x4b\x23\xfb\x4f\x74\ -\xfa\x86\xde\xdf\x1a\xe8\xdd\x09\x0b\xa7\x03\x3c\x45\x43\x90\xed\ -\xd1\x29\xd2\xd2\x9c\x53\x7e\xb7\xc9\x1f\xc0\x99\x88\x73\xa3\x58\ -\x60\xef\x8b\xba\x69\x29\x19\x1a\x35\xe4\xc3\xdb\x3d\xb1\x86\x58\ -\x77\x71\x43\x87\x67\xbc\x8d\x25\xe6\xf8\x58\xaa\x9a\x45\x9c\x69\ -\x1b\xa7\xfa\xbc\xb2\xfe\x64\xdb\xf1\xf7\x86\x0f\xa6\x0b\xa6\x56\ -\xed\xd8\x49\x63\x7b\x4b\x79\x95\x9c\x19\xa8\xab\xf3\xb3\xd5\xe1\ -\x98\x77\x7b\x6d\xc8\x02\xa3\xe3\x06\xe7\xcf\x67\xc5\xcd\x6f\xa6\ -\x94\xd6\x73\x19\xe5\xcc\xb8\x2e\x76\x15\x8d\x4c\xbb\x61\xe6\x6f\ -\x2c\xb5\x3d\x8b\x38\x96\xaa\x56\x22\x8e\xb1\xb4\x21\x96\xac\xee\ -\x6c\x7b\x7b\xe8\xc8\x9e\x91\x4c\x75\x8e\x03\xaf\x87\x63\x36\x1b\ -\x43\xf3\x6c\x76\x7a\xeb\x38\xe8\x72\xf3\x4e\x8d\xc9\x32\x3e\x61\ -\x70\xe1\x42\x56\x5c\xff\x66\x52\x69\xfc\x5f\x19\xe5\xcc\x88\x2e\ -\xf6\xcc\x96\x2e\x93\x85\xee\x25\x87\xee\x58\xf9\x38\x6b\x1c\xe1\ -\x70\xf8\x21\xb0\xd9\xe9\xb2\xf3\xd9\x2f\x1e\x5e\x56\x1b\xf5\xce\ -\xf8\xed\xfd\x8d\x77\xbc\x0a\x72\xfd\x42\xfb\xe5\x0b\xbc\xf7\xf8\ -\x09\xaf\x2f\xb8\x4f\x8e\xf3\xa9\xe4\x0a\x66\x48\x90\x4c\x46\x4d\ -\x6e\xdf\x2d\x08\xdf\xa0\x2e\xf6\x56\x27\x1c\x04\x5d\xbe\x53\x63\ -\x42\x28\x4d\x96\xc4\xb1\x50\x2d\xfe\xa0\x5a\x1b\x67\x01\xc7\xc1\ -\xae\x0b\x83\xaf\x35\x24\x8b\x9e\x05\x25\x86\xc3\xce\x71\xb7\x8b\ -\xdb\x0b\xee\xe3\xe4\x8c\xcf\xcf\xf9\xa5\x5e\x42\xcc\xe0\xed\xf7\ -\xb2\xe2\xda\x37\xd3\x4a\xdd\x5f\x66\x94\x53\x83\xba\xd8\x5f\xfd\ -\xfb\x2d\x89\x25\x9f\x34\x58\xaa\x9a\x85\xa5\xe0\x2f\x97\x6a\xe3\ -\x54\x74\x1c\x98\xaa\xe7\x83\x91\x7d\x27\xef\x4f\x6d\xb8\x08\xc4\ -\xe6\xfb\xb4\xb7\xb7\x2d\x5e\xa4\xc3\x6e\xe7\x4c\x15\x21\x3a\xf1\ -\xb8\xc9\x3b\x17\x73\xe2\xca\x37\x93\x8a\xf7\xdb\x19\xe5\x54\xbf\ -\x2e\x0e\x4a\xb9\x3c\x4f\x71\x52\x0c\x2b\x98\xa6\x45\x1c\x0b\x55\ -\xa3\x19\x40\x4a\x89\x69\xae\x5c\x6d\x1f\x48\xb5\x1e\x7b\x77\xf8\ -\x50\xb6\x20\x6d\x1f\x55\xda\xae\x2a\xec\xa9\x0f\xf0\xfe\x62\xed\ -\xcc\x13\xa2\x93\x4a\x98\xbc\xfb\x41\x5e\x7c\xf0\x3b\x49\xc5\xf5\ -\x67\x69\xe5\xe4\x93\xa2\x38\x2c\x59\x5e\x24\x77\x19\xf1\x65\x81\ -\x74\x66\xa2\xea\xfd\x2d\x77\xb4\x85\x67\xc1\x8b\xba\x6e\x60\xb7\ -\xaf\xfc\x95\xc8\xe9\x8e\xd6\xb7\x07\x0f\x37\xef\x0c\x76\x9f\x6b\ -\x75\x8f\x9d\x60\xd6\x8b\xdd\xd4\x48\x47\x2c\x4e\x5e\x4a\x16\x8c\ -\x26\x9d\x0e\xd1\xf9\xe8\xd1\x14\xb9\xc7\x39\xa1\xf5\x16\xc4\x6e\ -\x43\xd6\x20\xbf\x67\x1e\x24\xc4\x20\x1e\x2a\x9b\x39\xc5\x6c\x86\ -\x42\x3a\x49\x3e\x55\x5a\x2c\xe2\x58\xd8\x53\x6b\xe2\x94\xcc\x06\ -\xa1\xdc\x89\x6e\x3e\x3b\x94\x6e\xbe\x7b\xa0\xe1\x96\x4b\x11\xb2\ -\xeb\xb9\x29\x4e\x67\x73\x13\xe7\x47\x46\x17\x77\x02\x5c\x2d\x12\ -\x9f\x74\x71\x06\x97\x64\x9d\x94\x19\xdd\x20\x55\xd4\xf1\x14\x4d\ -\x21\x74\x1d\x8a\x06\x14\x4d\xd0\x0d\x81\x34\x57\x48\x78\x23\x4e\ -\x21\x9f\x42\x18\x0a\xf9\x74\x92\x42\x2a\x41\x7e\x9a\x2c\x72\x96\ -\xd7\xd1\x22\x8e\x85\x67\x12\x67\xa5\x76\x4e\x25\xc4\x72\xbe\x1d\ -\xe7\x87\x8e\xa6\x0f\x35\xdd\x7a\xbb\xce\x96\x7a\x16\x3d\x10\xa8\ -\xe3\xc0\x78\x94\xa8\xa1\x13\x9a\xef\xd8\x0f\x0b\x9c\x9b\x34\x38\ -\xfb\xcc\xae\x10\xb8\xed\x1a\x94\xb8\x2d\xe7\x18\xf8\x86\x09\xba\ -\x51\x5a\x8a\xa6\xa0\x02\xb1\x0a\x14\xa5\x46\x11\x85\x02\xa5\xa8\ -\xb5\x22\x50\x94\xcf\xfe\x1f\x34\x3e\x98\xdb\x74\x39\x74\xa0\xcf\ -\x72\x47\xaf\x61\x84\xc3\x61\x1f\x33\x52\x07\xce\xbc\xb5\x97\x40\ -\xd0\xbb\x6a\xe7\x6b\xf7\x8e\x5e\xda\x1e\xec\xde\x8a\xa4\x1e\x20\ -\x93\xe3\x42\x5f\x3f\x15\x2b\xd9\xdc\x2c\x70\x6e\x48\x7f\x4e\x9a\ -\x5a\xc0\xd4\xc9\x17\x33\x38\xf4\x1c\x14\x33\x90\x9d\x2a\x2d\xb2\ -\xb2\x0b\xc2\x04\xce\x03\xef\x51\xca\x5d\x7a\x3c\xbd\xf4\x47\x22\ -\x11\xab\xe6\xc0\x1a\x47\x79\x0e\xca\x2a\x48\x9c\x99\x18\x4c\x35\ -\x1f\x9d\xc8\x05\x46\x8e\x34\xdf\xf8\xd0\xa1\x14\x0f\xb8\x9d\x9c\ -\x70\x38\xe8\xce\xe7\x29\xab\x2c\x73\xb7\xc0\xf9\x1a\x91\xc6\x04\ -\xfa\x80\x47\x85\x14\x46\x7a\x8c\xcf\x9a\x05\x90\x26\x08\xb3\xe4\ -\x19\xab\x40\x9a\xdb\xc0\x6f\x02\xbf\x15\x89\x44\x06\x3e\xb1\xce\ -\x81\xe9\x32\xae\x9d\xc0\x46\xa0\x03\xf8\xab\x48\x24\xd2\x6f\x71\ -\xa2\x2a\x94\xc5\x87\x2d\x35\x7a\x60\x39\xc8\xeb\x8e\x96\x77\x06\ -\x8f\x34\xef\x08\x75\x9f\x6f\x73\x8f\x1e\xef\x68\x63\xaa\x7b\x46\ -\x4a\xdd\xc3\x02\x6f\xf7\xe9\x9c\x5e\x06\x39\xba\xa5\x64\xd4\x2c\ -\x92\x90\x45\x0c\x0a\x68\x46\x9e\x00\x92\xf5\x12\xf6\x08\x68\x76\ -\xbb\x78\x96\x2c\x20\x81\xb1\x47\x73\xda\xfa\xd5\x48\x24\x12\xae\ -\xe6\xa4\xda\xc7\x90\x28\x02\x38\x0e\xfc\x4d\xe0\xbb\x28\xd5\xf8\ -\x52\x67\x2a\xbb\xe1\x70\xf8\x02\xf0\x5b\xc0\x37\xa6\xe7\xba\xb4\ -\x50\x05\x71\x56\x5b\xe2\xcc\x80\xb8\x1b\xdd\x74\x66\x28\xd5\x78\ -\xef\x60\xd3\xed\xa0\xcf\x27\xaf\x26\x93\x1c\x7a\xac\xf3\x6e\x8f\ -\xce\x09\xe6\x06\x5c\x96\xc8\x21\x19\x30\x4d\xa2\x14\xc9\x9a\x45\ -\x30\x0b\xb8\xcd\x22\x41\x21\xe9\x02\xde\x60\x9e\xe1\x95\x4a\xd1\ -\x9b\xa9\x09\x28\x96\xe7\xa2\x8e\x00\x3f\x55\xf5\x0d\x7c\x5c\x6c\ -\x9c\x70\x38\xbc\x17\xf8\x3a\xf0\xe5\x69\xc9\x52\x0d\xee\x02\x5f\ -\x89\x44\x22\xd7\x2d\x8e\x54\xec\xd3\xf3\xf0\xfc\xeb\x7e\xe0\xb5\ -\xcd\xac\xdb\xd0\xf4\x42\xaf\x41\x15\x66\x66\x5b\xe0\xe1\xf9\x5b\ -\xfd\x51\xff\x9d\x02\xad\x48\x26\x4c\x9d\xb8\xd4\xd1\xcd\x22\xaa\ -\x2c\x50\x27\x75\x9a\x91\x74\xd4\xea\x43\x6f\xe8\x30\xf2\x80\xd9\ -\x5e\xb8\xef\x8b\x44\x22\xbf\x57\x6d\x1b\xda\xc7\xe0\xe1\x9e\x02\ -\x7e\x06\xf8\x6b\xcb\x38\x7c\x07\xf0\x41\x38\x1c\xfe\xdb\x91\x48\ -\xe4\x77\x2c\xaa\xcc\x41\x59\x01\x8a\xa9\x44\x9c\x3d\x4d\x9d\x34\ -\xb6\x94\xb2\x05\x9c\x6e\x5b\x4c\x51\x14\x7d\x81\x8f\x77\xd9\x6f\ -\x21\x66\x6f\x96\xa2\x9a\x63\x7b\x63\x75\xf6\x6b\x97\xff\xaa\x4d\ -\xe4\x8d\x2e\x60\xc3\x6a\xdf\x74\x6c\x78\x0e\x69\xfe\xe7\x52\x48\ -\xf3\xca\x4a\x9c\x69\x75\xec\xbb\xa6\x09\xb3\x60\x50\x60\x43\xc3\ -\x0e\xf2\xf9\x24\xa9\xd4\x20\x0b\xdc\x4b\x1c\xd8\x17\x89\x44\x9e\ -\x58\x5c\x79\xd6\xc7\x75\xd3\xfd\xf2\x0c\x5b\xf6\xb5\x60\x77\xa8\ -\x6c\xd9\xde\xc1\xde\xc3\x5d\x2f\xe2\x32\xf4\xf7\x06\xfb\xde\xfb\ -\xcb\xde\x07\xa7\xdb\xee\x4d\xc6\x15\x43\xfa\x57\xfb\x84\xb9\x14\ -\x4c\xf4\x96\xad\x9a\x02\x76\x46\x22\x91\x91\xa5\xb4\xa3\xbd\x62\ -\x0f\x53\x05\xfe\xd6\x34\x61\x76\x2f\xb4\xaf\xcb\x15\xc4\xe7\x6b\ -\xa3\xb9\x79\x0f\x3e\x5f\x3b\x86\x51\x20\x1e\xef\x23\x16\x7b\xcc\ -\xd4\x54\x2f\xf9\x7c\xd9\x3b\xe1\x07\x7e\x2b\x1c\x0e\x9f\x8a\x44\ -\x22\x96\xff\xbd\x84\x39\xcc\x70\xb8\x34\x14\x45\xd0\xfd\x70\x90\ -\xb1\xd1\x78\xe1\xcd\xbf\xbe\xcf\xbe\x5a\x27\x37\x25\x93\xdf\xbc\ -\x7f\xbd\xef\x41\x74\xfc\x34\x60\x2a\xa6\xac\x5b\xed\x1b\x96\x12\ -\x62\x73\x13\x1b\xfe\xc9\x52\x49\xf3\xca\x10\x27\x1c\x0e\x3b\x80\ -\x1f\x04\xfe\x19\x25\xef\x58\x65\xf1\x28\x14\x3c\x9e\x26\x7c\xbe\ -\x56\x34\xad\xe4\x1e\x31\xcd\x92\x27\x48\x55\xed\x04\x83\x9b\x09\ -\x06\x4b\x73\x54\x74\x77\xff\x05\xa3\xa3\x65\xa6\xcd\x09\xe0\x14\ -\xd4\xbe\x38\xde\xc7\x14\x65\x2a\x91\xcd\xa1\xa2\x28\xe2\x99\xca\ -\x95\x4a\xa6\xed\x7f\xf1\x47\xd7\x2e\x9e\xfd\xdc\xbe\xdd\x36\x9b\ -\x5a\xd3\xc1\x9d\xa2\x61\x3c\xf8\x95\x8f\x2e\xb9\xa7\x72\x99\xfd\ -\xd3\xab\x92\x48\x56\x5d\xda\x24\xc6\x41\x2f\x94\xad\xfa\xcb\x48\ -\x24\xf2\x6b\xcb\x69\x4b\x7b\x49\x24\xa9\x9f\x36\xf0\xf7\x03\xfb\ -\x80\xef\x05\xda\xe6\x3b\x46\x51\x6c\xf8\x7c\x2d\x78\xbd\x2d\x28\ -\x4a\x79\x3c\xdf\x53\xe2\xcc\x46\x47\xc7\x31\xc6\xc6\x6e\x21\xcb\ -\x1d\xf5\x7f\xdb\x22\x4e\x65\x89\xe3\x74\xcd\x8d\x93\x4c\xa7\x73\ -\xc7\xbe\xf5\xfb\x97\x7b\xce\x7c\x66\xef\x98\x3f\xe0\xde\x58\x8b\ -\x93\x4e\xe6\xb2\x17\xff\xcb\x47\x97\xf6\x14\x0d\xfd\x79\x1a\xb5\ -\x24\x01\xab\x4b\x1c\xbd\x00\xc9\xf2\xba\x3a\x79\xe0\x47\x97\xdb\ -\x9e\xb6\x02\x02\x6c\xa5\x34\x7e\xe2\x9d\x5e\x7c\xb3\xfe\xaf\x07\ -\x82\x15\xfe\xba\xaa\xbe\x38\xcd\x85\xcf\xd7\x86\xc7\xd3\x88\x10\ -\xca\x3c\xe2\xb7\x32\x71\x1c\x0e\x1f\xcd\xcd\xbb\x19\x19\x29\x93\ -\x3a\xdf\x17\x0e\x87\xff\x7e\x24\x12\x29\x58\xbc\x29\x27\x8e\x63\ -\x9e\xf2\x13\xa6\x69\x6e\x3c\xf7\xed\x0f\x53\x7b\x0f\x6d\xba\xb4\ -\x61\x73\xcb\xd1\x95\x68\x4a\xb7\x27\x46\xcf\xff\xde\xfd\x5b\x67\ -\x66\x39\x0d\x10\xc8\xf4\xaa\x3b\x04\x86\x98\x1d\x4a\xf3\x1f\x22\ -\x91\xc8\xe3\x55\x23\x4e\x38\x1c\x6e\x9f\x16\xeb\x5b\xa6\xd5\xa8\ -\x2d\x94\xfc\xff\x3b\x56\xeb\x26\x1d\x8e\x3a\x7c\xbe\x36\x5c\xae\ -\xe0\xe2\xba\xb2\x39\x7f\xd6\x6e\x7b\xfb\x31\x46\x47\xcb\xa4\x4e\ -\x3d\xf0\xd7\x81\xdf\xb7\x78\x53\x3e\x73\x9a\xc3\x65\x5b\xc0\x36\ -\x10\xde\xeb\x57\x7a\x8e\x8e\x0e\x4d\x9d\x3b\x7a\x6a\xc7\x69\x21\ -\x96\x96\x8e\x22\x25\xe9\x3f\xed\xb9\x77\xeb\xea\xc8\xc0\xd9\x8a\ -\x2a\xb8\x21\x57\x75\xac\x2d\x1b\x2f\x39\x05\x66\x60\x0c\xf8\x77\ -\x2b\x69\x53\x5b\x80\x30\x4e\xe0\x3f\x02\x3f\xf2\x42\x1e\xa3\xcd\ -\x8d\xcb\xee\xa1\xce\xdb\x8a\xdd\x5e\xbd\x4a\x6d\x9a\xc5\x05\x08\ -\x58\x51\xea\x7c\xd5\x22\x4e\xe9\xbb\x52\xae\xaa\x2d\xae\x7c\x8c\ -\x0c\x4d\x9d\xfd\xb3\x3f\xb8\x7c\xed\xd3\x9f\x3f\xd0\x65\x77\x68\ -\xc1\xaa\x9e\x8f\x94\xfd\xbf\x7a\xe3\x83\xdc\x70\x2a\x39\xaf\xb4\ -\x12\xa6\xcc\xaf\xd6\x4d\x4a\xb3\xe4\x7e\x9e\x85\x7f\x15\x89\x44\ -\x12\x35\x27\xce\xb4\x1a\xf6\xcd\x69\xfb\xa3\x26\xa4\xc0\xee\x03\ -\x87\x6f\xee\x5f\x47\x1d\xd8\xbd\x20\x14\x72\xd9\x49\x3c\x13\x0f\ -\x58\xca\x4c\xde\x8b\x85\x89\xb4\x85\x3a\x19\x1d\xb9\x3e\x53\x4a\ -\x7f\x57\x38\x1c\x0e\x44\x22\x91\x98\x45\x9c\xe7\xb0\xbb\xaa\xcb\ -\x05\xcb\xe7\x8a\x07\xbf\xf5\x07\x97\x07\x4f\xbe\xb1\xeb\x5e\xa8\ -\xb1\x6e\xc1\x29\xff\xd2\x85\xc2\x87\xbf\xfc\xd1\xfb\xeb\xb3\xc5\ -\xe2\x82\xf3\x82\x2a\x26\xc5\xd5\xba\xc9\xf8\x58\x69\xc0\x73\x06\ -\x6e\x01\x91\x95\xb6\xab\x55\x20\xcd\x31\xe0\xcf\xa7\xed\x94\x72\ -\xa8\x1a\x6c\x39\x53\xba\x92\xf1\x47\x25\xc5\xd1\xe6\x9a\x9f\x14\ -\x76\x5f\x89\x14\x8a\x5a\xdd\xd7\xc1\x15\x64\xa2\xfd\x30\x9e\xd1\ -\x9b\x04\xf5\xea\xa4\xb7\x94\xf3\xf7\x79\xb1\x90\xe2\xbb\x1b\x9e\ -\x90\x6d\xf0\x72\x77\xe2\x99\xac\x76\x50\x0a\xd7\xf9\xaf\x6b\x95\ -\x31\xe1\x70\x58\x01\x5a\x9f\x3d\x56\x55\x60\xb3\xab\x55\x1f\x2f\ -\x4d\xd9\xfe\xf6\x5f\xdd\xca\x6d\xdb\xdd\xf9\xce\x8e\xdd\x9d\x27\ -\x2b\xed\xd3\x97\x88\x9d\xff\xf5\x5b\x57\x4f\x48\x29\x17\x15\x65\ -\x8a\x6e\xae\x4a\xac\x4f\x31\x57\x0a\xad\x99\x85\x7f\x1c\x89\x44\ -\x8c\x9a\x12\x67\x5a\x3d\xfb\x1f\x15\x49\xd3\xba\x0b\x0e\x7e\x19\ -\xbc\x33\x6a\x1a\xe8\x39\x48\xc5\xa0\xa0\x83\xa9\x42\xb1\x06\x1f\ -\x0e\x45\x23\xdd\x7a\x80\x7c\x72\x64\xa4\x39\xde\x5b\xa7\x48\xd3\ -\xbd\x1c\x89\x23\xa5\x64\x97\xb8\x4a\xc0\x6e\x72\xa2\xbd\x7e\x26\ -\x71\xa0\x34\x4d\xf9\x9a\x25\x0e\xd0\x32\xf3\xd9\x57\x2b\x6d\x66\ -\xc1\x79\xff\x56\xff\xc9\xf1\xe1\xd8\x85\x93\x9f\xda\x75\x4c\x51\ -\x95\xa7\x63\x3e\x85\x0b\xfd\xbd\x97\xce\xf5\x3d\xaa\xba\x52\x8d\ -\x62\x98\xab\x32\xb6\x36\x35\x77\xcc\xe6\x4f\x23\x91\xc8\x5f\xd4\ -\xa2\xed\xd9\x46\xde\xff\x0e\x94\xcf\x4a\xe5\x09\xc1\xc9\x1f\x81\ -\xd3\x7f\xaf\x9c\x34\x00\x9a\x13\x02\x2d\xd0\xd4\x01\x2d\xad\xd0\ -\xda\x0c\x5e\x1b\xd8\x25\xd8\x34\x10\xcb\x9f\xa4\x48\xf7\xb5\xb4\ -\x0c\xb6\x1f\x9d\xc8\x3b\xfc\x77\x17\xd1\xa2\x01\x39\x67\xea\x08\ -\x7b\xfa\x16\x07\x03\x19\x00\x76\x35\xfa\xf0\x3b\xca\xbe\x11\xc7\ -\xa7\xd5\xd1\xb5\x8a\x2f\x95\xdb\x37\xcb\x4f\xd9\x9f\x8c\x26\x4f\ -\x7f\xeb\xff\xbb\xf2\x20\x93\xce\x8f\x9a\x52\x8e\xff\xd6\x9d\x0f\ -\xef\x9d\xeb\x7b\x74\x6a\x29\x6d\xa8\xba\x59\xf3\xda\x17\xe9\x29\ -\x28\x64\xca\x5f\x29\xe0\x9f\xd4\xaa\x7d\x6d\x86\xb4\x39\xcc\xec\ -\xe8\xd0\xb6\x5d\xf0\xfa\x0f\x83\x5a\xe5\x00\xb2\xe6\x80\xfa\xd6\ -\x19\x97\x5a\x80\xe4\x04\xe4\xf3\x80\xad\x94\x69\xc7\x12\x3e\x2e\ -\x42\xac\x1b\x6b\xda\x55\xf0\xa6\x46\xce\xd7\x4f\xf5\x9c\x59\xc0\ -\x6b\x93\x14\xe2\xf9\x1c\x26\x1a\xc5\xfb\x5f\x6c\x1a\x7c\xf6\x01\ -\x50\x85\xe0\x58\x5b\x80\x6f\x3f\x2e\x93\xdb\x3f\x08\xfc\x8b\x35\ -\x4a\x9c\xb2\xf1\x0b\xc7\xb6\x1c\xb9\x2d\xd3\x9f\x67\x09\x8a\x46\ -\xd2\xd5\x24\x6e\x3d\x7d\x58\x52\x82\x00\x39\xed\x45\x96\xd3\xbf\ -\x91\x08\x29\x00\x53\xc2\x5f\x0c\x4f\x3e\x7e\x12\xf7\x1d\x8c\xe5\ -\xb2\x4b\x2e\x65\xab\x16\x65\x4d\xc7\x13\x4d\x03\xe2\x73\x63\x01\ -\x7e\x25\x12\x89\xdc\xab\x29\x71\xc2\xe1\xb0\x1d\xf8\x35\xca\xc2\ -\xf3\x05\xec\xfb\x52\xf5\xa4\xa9\xd8\xba\x1d\xea\x67\x8e\x6b\xca\ -\x1c\xc5\xe2\x00\xf9\x7c\x81\x4c\xb6\x9d\x42\xde\xcf\xe2\xb1\x72\ -\xf6\x94\xb7\xe5\x4c\xd6\x15\xbc\xdc\x3c\x72\x7d\x93\x6a\x16\x83\ -\x73\x89\x63\xa4\x85\xd0\x1a\xa7\x1f\x7c\xfa\x2d\xf7\x45\xa7\x4d\ -\x94\xb7\x7b\xbc\xbd\x9e\x3f\x7f\x3c\x31\x93\xb6\x5f\x0b\x87\xc3\ -\x3f\x1b\x89\x44\xcc\xb5\xc4\x98\x70\x38\x7c\x84\xd2\xc0\xf3\x33\ -\x04\x8f\x18\x38\x1a\xcb\x76\xf3\x51\x4a\xdd\x78\xfa\x26\x94\x7f\ -\xcf\x66\xfd\xcd\xe7\xd4\xf7\xee\xf6\x6b\x9f\x96\x66\x76\x59\x93\ -\xd9\x2a\x86\x59\xd3\xd0\x9e\xf8\x48\x89\x3c\x33\x10\x9b\xd6\xa6\ -\x6a\x86\xa7\x22\xf2\x67\x99\x1d\x1b\xb6\xee\x00\xd4\xb5\xd4\xf8\ -\xb1\x09\x27\x36\xfb\x66\xbc\xbe\x9d\x34\x35\xf9\xe9\xec\xcc\xd1\ -\xd6\x76\x8f\xfa\xe0\x75\x1c\xce\xd1\x85\x54\x3b\x43\xb5\x1f\x19\ -\x6a\x3f\x5c\xc8\x3a\xeb\xaf\xcf\x25\x8e\xf9\xcc\x93\xb0\xdb\xfe\ -\xf0\x43\xbf\x92\x9a\x53\x51\x32\xe8\xb2\xb3\x3d\x54\xe6\xe6\xee\ -\x04\x7e\x75\x3a\x7d\x78\xed\x4a\x9b\x7a\x66\x93\x66\x49\x1f\xf7\ -\xc9\x49\xc7\xb9\x3b\xf7\x03\xaf\x4b\x73\xf9\x33\x40\xab\xba\xe9\ -\xac\xd5\xcd\xe5\xb3\x25\x35\x6d\x16\xfe\x4d\x24\x12\x89\xae\x06\ -\x71\xe6\x4e\x2f\xd7\xb4\x79\xf5\x1f\xa1\xc4\x89\xaa\x6d\xc7\xeb\ -\xdd\x47\x53\x53\x33\x1d\x9d\x79\xda\xda\xef\x12\x0c\x5d\xc5\xe9\ -\x7a\x82\x50\x66\x89\x23\xd1\x32\xd1\xb8\x63\xf7\x44\x68\xfb\xb9\ -\x52\xf2\xeb\xf4\xd3\x33\x8d\x1c\x80\x4f\xa4\xdf\xdf\x6d\x7f\x74\ -\x72\xbe\xd3\xbd\xde\x51\x3f\x7b\xd5\x0f\x01\x37\xc2\xe1\xf0\x99\ -\xb5\xc0\x98\xe9\x8f\xc4\x57\x66\xae\x5b\xd8\xa1\xbc\xe0\xb3\x4b\ -\xf6\xf5\x7b\xaf\x3c\xe9\xf7\x9e\x5d\xe9\x75\xa9\xba\xe9\xae\xcd\ -\xeb\x04\xb1\xb9\x73\x50\x3f\x02\xfe\x53\xad\xfb\xf2\x29\x71\x7e\ -\x1e\x66\x95\x1d\xbd\xfa\xbb\xd0\xfb\xc1\x8b\x7e\xb6\x0e\x54\x75\ -\x07\x1e\xcf\x21\x1a\x1b\xd7\xd3\xd1\x51\xa4\xbd\xfd\x2e\xa1\xd0\ -\x45\x5c\xee\xfb\x08\x45\x07\xd4\xac\x3b\x78\x76\xb0\xfd\xc8\x4d\ -\x5d\x75\x8c\x94\x24\x8e\x5e\x50\x90\x43\x6f\xba\xde\xdf\xb9\x50\ -\xe3\xbb\x1b\x7d\xd4\x39\xe6\xa8\xd3\x5d\xc0\x77\xc2\xe1\xf0\x37\ -\xc3\xe1\xf0\xf1\x4f\x38\x77\xbe\x07\xca\xa7\xda\xa8\xdb\xb6\x8c\ -\x17\xd4\xe4\xc9\xbd\x87\xfe\xb1\xe8\xa4\xe3\xb5\x9a\xbc\x84\xba\ -\x59\x93\x20\xd2\x74\x74\x4e\x56\x27\xc0\xcf\xac\x46\x88\xd5\xb3\ -\x7c\x9c\x70\x38\xdc\x01\x7c\x04\xb3\xca\xf5\xec\xff\x1e\xd8\xf6\ -\xc6\xab\xf2\xe0\x8b\x98\xc6\x43\xf2\xf9\x49\x32\x59\x1f\xd9\x6c\ -\x43\x70\xe2\xc1\x50\x97\x3b\x98\xfb\x4c\x7d\x8f\xbf\x4d\x1d\x5f\ -\xd4\x30\xbd\x32\x1c\xe7\x0f\x1f\x8e\x10\xcb\xcf\x1b\xaa\x73\x11\ -\xf8\xbf\x29\x25\x37\x19\x9f\x24\xd6\x84\xc3\xe1\xdf\x9e\x29\x71\ -\x84\x0d\xf6\xfd\x2c\x88\x25\x98\xe6\xba\x2e\xae\xde\xb9\x5f\xbf\ -\xc9\xd0\x45\xa0\x56\xd7\xd5\x7e\x27\x9a\x17\x8b\x14\x27\x5c\x0c\ -\xf3\x64\x75\x5e\x8a\x44\x22\xc7\x56\xa3\x2f\xcb\x12\xd9\xc2\xe1\ -\xf0\x17\x80\x3f\x9c\xb3\xd7\x8e\x37\x61\xd3\x89\xd2\x55\x49\x09\ -\xd2\x44\x55\x35\x6c\x76\x07\xaa\xaa\x82\x94\x25\xf3\x44\x96\xbc\ -\x66\x62\xda\x04\x17\x20\x85\xaa\x66\x15\xcd\x91\x12\xaa\x96\x07\ -\x4c\x51\x92\xa8\x72\xfa\xaf\x29\x40\x0a\x81\x14\x60\x0a\x81\x89\ -\x2c\xfd\x66\xda\xcf\xac\x3c\x5f\x67\x0a\x30\x11\x48\x21\x4b\xfb\ -\x2a\x26\xaa\x2f\xaf\xc7\xba\x06\xde\x8b\x7f\xca\x7e\x6b\xa7\xa2\ -\xa8\xbb\xa9\x62\x82\x20\x43\x4a\x6e\x8c\x25\xb8\xd0\x37\x49\x77\ -\x2c\x33\xdf\x6e\x4f\x28\x85\x1c\x45\x56\x1a\x9e\xf1\x8a\x90\x46\ -\x01\x46\x81\x67\x63\x0a\xfe\xed\xb0\xf1\xef\x54\xdf\x46\x32\x65\ -\x3b\xff\xa8\xa7\xee\x24\x12\xb5\x86\x97\x96\xeb\xb8\x1d\x5d\xb1\ -\x8d\x13\xed\x2f\xc5\xa4\xcd\xc2\x1b\x91\x48\xe4\xdc\xaa\x13\x67\ -\xba\x83\x7f\x11\xf8\xc9\x6a\x1b\x68\xec\xd8\xc4\xfa\x1d\x87\xe8\ -\xdc\x76\x00\xbb\xd3\xb3\x5a\xb6\x50\xc9\x0b\x9f\xc7\xa0\xc0\x18\ -\x79\x74\x74\x1a\x00\x17\x48\x06\xfa\xde\xe9\x75\x75\xff\xfe\x93\ -\xdd\xa6\xc8\x74\xad\x0b\xba\x14\x7f\xc0\x87\xa6\xed\xa5\x8a\x9a\ -\xc2\x83\xc9\x1c\x17\xfa\xa3\x5c\x19\x8e\x53\xac\x3c\x0e\x97\xa2\ -\x14\x7e\xf4\xdf\x22\x91\xc8\xc5\x8f\xb9\x37\xad\x4c\xf7\xee\xfc\ -\x12\x34\x54\x17\xef\x9c\x1f\x1e\x71\x5d\x1e\x19\x75\x9f\x5c\x85\ -\x4b\x1b\xed\xb8\x1d\x6d\x5e\x11\xf3\xe6\x66\x75\x02\x7c\x2b\x12\ -\x89\xfc\xb5\xd5\xea\xcf\x4a\xc4\x71\x00\x6f\x03\x47\x96\xd4\x90\ -\xa2\xd2\xba\x61\x07\x9b\xf6\xbe\x4e\xeb\xc6\x9d\xf3\xa6\x01\x54\ -\x45\x92\x42\x69\x11\x45\xa4\xcc\x93\xc3\xc0\x81\xac\x1c\x91\x9b\ -\x4e\x8f\xdd\x9f\x9c\x7c\xb8\x4d\x1d\xbf\x76\x41\x8d\x3d\x5c\xdf\ -\x18\x63\x64\xa3\x1b\xa3\xbd\x5e\xdd\x89\xbf\xfe\x36\x81\x7a\x55\ -\xda\xed\x7b\x05\x0b\x7b\x7d\xd2\x45\x83\x8b\x83\x53\xbc\xdd\x3f\ -\xc9\x64\x6e\xde\x08\x88\xdb\x94\xe2\x9c\x7e\xb3\xd6\x5e\x9a\x17\ -\x40\x9c\x7f\x09\xfc\x9b\x32\x9b\xef\xa7\xc1\x16\x58\xf4\x79\x8c\ -\x3e\xea\xf1\x8d\x27\x53\xf6\xdd\xab\xf3\x51\x94\xdd\x1d\x0e\x6f\ -\x31\x90\x00\x00\x18\x98\x49\x44\x41\x54\x77\x26\x37\x2d\xff\x70\ -\x18\x7d\x04\x7a\x7e\xce\x5b\x74\x60\x35\x8b\xb4\x54\xac\x39\x30\ -\x1d\x7a\xf3\x4b\x40\x78\x39\x8d\xba\x7c\x01\x36\xed\x7d\x9d\x4d\ -\x7b\x8f\xe3\xf4\x2c\x90\x9f\x64\x52\x4a\x27\x2a\x4e\x93\xa5\xc8\ -\x92\x27\x05\x1f\x1a\xba\x7a\xd7\x30\x72\x3b\x90\x66\xde\xd6\xf3\ -\xbb\x51\x21\xa5\xcf\x97\xe0\x9e\x2f\x8f\x77\x4b\x90\x7c\xc8\xcd\ -\x7e\x84\xc8\x52\xe7\xbf\x11\xf3\xf8\x83\x76\x97\x6b\xb3\xdb\xa6\ -\xce\xab\xce\x99\x52\x72\x6b\x22\xc9\x85\xbe\x49\x1e\x4c\xce\x9b\ -\x26\x92\xa7\x14\x61\xfd\xdf\x80\xef\x7c\x1c\xd2\xb1\xc3\xe1\xf0\ -\x3b\xf0\xbc\x60\xb9\xb3\x19\x76\xfc\x83\x85\x8f\x31\x0d\xee\xdc\ -\xb9\x5f\x1f\x2c\x16\x95\x96\xd5\xba\x2e\xc5\x90\x37\xdb\xee\x4d\ -\xee\x59\xee\xf1\x89\x71\x48\x8c\xce\x59\xfd\x8d\x48\x24\xf2\xb5\ -\xd5\xec\xcf\x05\x8b\x75\x84\xc3\xe1\xaf\x01\xff\x79\xb6\x27\xa6\ -\xea\xc6\x85\x42\xfb\xe6\x3d\x6c\xde\x7f\x82\xe6\xf5\xdb\x20\x2b\ -\x9e\x13\xa5\x08\xac\xd0\xf4\xd6\xf5\x4c\x7e\x78\xf8\xc3\x67\x46\ -\xa5\x12\xbd\xfe\xb6\x36\x75\xef\x14\x60\x3a\x73\x5c\xf0\x27\x38\ -\xeb\x50\xb9\xbc\xbd\x91\xa0\xd7\xf6\xac\x5a\xa4\x3e\x6a\xf7\xe4\ -\x92\x6e\x9f\xb7\xb1\xbe\x0e\xbf\x63\x7e\x6d\x6e\x24\x95\xe7\x42\ -\x7f\x94\xcb\xc3\x71\xf2\xc6\xbc\xe3\xa4\x3d\xc0\xaf\x02\xbf\x16\ -\x89\x44\x86\x5f\x51\xd2\xf8\x29\x4d\x4f\xfe\xcc\x0d\xd0\x7c\x0a\ -\xda\x3e\xbf\x80\xfa\x93\x53\xdf\xbd\xf7\x20\x70\x48\x4a\x9c\xab\ -\x79\x6d\xaa\x6e\x5e\x6e\xbd\x3f\x75\x64\x59\xcf\xbf\x08\xa3\x0f\ -\x98\x3d\x86\x5e\x00\xb6\x45\x22\x91\xde\x97\x46\x9c\xe9\x4e\xdf\ -\x0e\x7c\x6d\xfa\x55\x7f\xee\xdd\x2a\x51\x60\x1f\xf0\x05\xaa\x48\ -\x7b\xf5\x06\x1a\xd8\xba\xff\x0c\x9d\x1d\xfb\x51\x72\x36\xec\xea\ -\xca\x5d\xf7\xd1\xe8\xfd\x07\x99\xcc\xc4\xf3\x98\x33\x69\x16\xed\ -\x3d\xbf\x3b\x82\x94\x9d\x00\xaa\xc1\xfb\x0d\x51\xf6\x03\x76\xaf\ -\x9d\xf7\xb6\x87\xd8\xea\xd0\x68\x9e\x29\xcf\x47\x55\x17\x49\x8f\ -\x8f\xfa\x40\x1d\x0d\xee\xca\x8e\x9d\xac\x6e\x70\x71\x28\xc6\xdb\ -\x7d\x93\x4c\x64\xe7\xf5\x6c\x1a\xc0\x9f\x4c\xab\x72\x7f\xfa\x2a\ -\x79\xe4\xc2\xe1\xf0\xf7\x02\x65\xe5\x8f\xb6\xfc\x08\x78\x2b\x17\ -\x62\x32\xa3\x51\xc7\x85\xbe\x81\x95\x8f\xcf\xcc\xff\xd6\x91\x46\ -\x15\x3d\x38\xd4\x29\x47\x34\x35\xd5\xd8\x9d\xfe\xd2\x72\x9a\x99\ -\x78\x02\xb9\xe4\x9c\xd5\xbf\x18\x89\x44\xfe\xe1\x6a\xf7\xe9\x8a\ -\xcb\x43\x4d\xdb\x44\x9f\x9b\x76\x73\x7e\x37\x54\xe7\x56\x0c\x06\ -\xd7\xb1\x71\xe3\x31\xd6\xad\x3b\x84\xcd\xe6\x5a\xf2\x79\x4d\xd3\ -\x60\x68\xe8\x52\x5a\x4a\x59\x26\x0d\xd5\xa9\xdb\xef\xa8\xd1\x5b\ -\x27\x9f\xdf\x20\xf7\x1a\xa2\xd4\x29\x26\x6d\x40\x3a\xe4\xe2\xf2\ -\x96\x10\x47\x54\x31\x57\x8a\x4e\x28\x0e\xa6\x5c\x3e\x7c\x81\x3a\ -\x5a\x7c\xae\x8a\xe6\xd7\xdd\x89\x14\xe7\xfb\xa3\xb3\xa3\xad\xe7\ -\x68\x90\x94\xa2\xcc\x7f\x3d\x12\x89\x3c\x78\x05\x88\xf3\x5f\x99\ -\x91\x90\xa8\x3a\x61\xef\xbf\x80\x0a\xbe\xb1\x44\x6f\x9f\xf7\xc1\ -\xd4\x94\xe3\x70\x0d\x4f\x6f\xa2\x88\x01\x1c\xca\x24\x6e\x4d\xc1\ -\xad\xb5\x61\x57\x1a\x90\x32\x45\xdf\xc0\x3d\x47\xc2\xc8\x34\x3e\ -\x5e\x52\xc9\xdb\xd2\xc7\x2c\x01\xd1\xbe\xb9\x8e\x3f\x60\x53\x24\ -\x12\x19\x7f\xe5\x89\x33\xeb\x01\x05\x81\xbf\x33\xfd\x90\x76\x56\ -\x25\xaa\x55\x1b\x1d\x1d\xfb\xd8\xb0\xe1\x18\xcd\xcd\x5b\xa8\x76\ -\xba\xf9\x54\x6a\x28\x3e\x35\xf5\xd8\x5f\xc1\x5a\x34\x6c\x3d\xbf\ -\xd3\x2f\xe4\xf3\xf9\x58\x80\x89\x40\x8c\x21\x47\xa1\x54\xf2\x55\ -\xc0\x78\x9b\x8f\xff\xbf\xbd\x33\x0d\x6e\xeb\xba\xee\xf8\xef\x61\ -\x07\x01\x82\x20\x41\x4a\x14\x05\x49\xa1\x16\xcb\xb2\x44\xc5\x96\ -\x2c\x5b\x96\x62\xcb\x69\xc6\xd9\x3a\x53\x27\x9e\x2c\x8d\x9b\xb4\ -\x9e\x84\x6d\x6c\xd7\x99\x36\x4d\x9b\x66\xd2\xe9\x24\xd3\x49\xa7\ -\x4d\x26\x49\xd3\x69\xb3\x75\x6e\xdb\x24\x1f\xdc\x38\x8e\xd3\x64\ -\x3a\xd3\xc9\x34\x4d\xa3\xc5\xda\x25\xd3\xd6\x2e\x8a\x92\x28\x12\ -\xe0\x02\x12\x00\x01\x62\xdf\x5e\x3f\x3c\x48\x24\x80\x07\x10\x00\ -\x77\xf2\xfd\x67\xf8\x41\x78\x18\x08\xb8\xf7\xfe\xef\x39\xf7\xdc\ -\x73\xfe\xe7\xea\xc6\x26\x0e\xe8\x24\xf5\x62\xbe\x90\xce\xc8\x98\ -\xa5\x11\x8b\xc3\x41\x47\x53\x03\xba\xa2\x74\x20\x5f\x2c\xc9\xb1\ -\xc1\x20\xa7\x87\x82\x24\x2a\x4b\xc7\x1e\x07\xfe\x0d\xf8\x89\x10\ -\x22\xb2\x48\xc4\xb9\x0e\xdc\xb3\xcc\xce\x2e\xe8\xfc\x58\xd1\xb0\ -\xe5\xb8\x7d\xad\xcf\x49\x22\xae\x9f\x9d\x20\xa0\x24\x85\x30\xe9\ -\x7c\x58\xf5\x60\x35\xb4\x61\xd1\x3b\x29\x3e\x52\xa6\xd3\x43\x0c\ -\x7a\xa3\xe4\xe4\x6d\xd6\x49\x0e\xbb\x06\x6a\x13\x58\x97\x65\xe5\ -\xce\x26\x5b\x1a\xc3\xf9\x92\x10\xe2\x6f\x16\x62\x4c\xe7\x4d\x90\ -\xb0\xbb\xbb\xfb\x60\x9e\x40\x1f\xa1\x4a\x81\x0e\x9b\xcd\x45\x67\ -\xe7\xa3\x74\x76\x3e\x42\x43\x43\xcb\x0c\x41\x81\xb3\x63\xd9\x6c\ -\x4a\x35\xcb\x4a\x3f\x71\xed\x84\x7e\xfc\xad\x62\x21\xc3\x94\x2d\ -\xca\x69\x7b\x94\x7b\x29\xef\x3a\xb8\xd5\xd9\xcc\x58\xbb\x9d\x8a\ -\x41\xd9\x28\x7a\x46\x2c\x8d\x18\x1c\x8d\x74\x38\xed\x18\x75\x53\ -\x01\xbe\x64\x26\xcb\x99\xe1\x10\x47\x07\x03\x8c\x46\x93\x95\x3f\ -\x06\x5e\x05\xfe\x45\x08\x71\x72\x01\x49\xe3\xca\x9f\x6f\xee\x61\ -\xd3\x87\xa0\x65\xcf\xb4\x48\x47\x54\x77\xe5\xfa\x6d\xe7\xfa\x6c\ -\x56\x6a\xaa\x91\x24\x69\xf4\xd2\x18\x56\x7d\x86\x06\x43\x0b\x16\ -\xbd\x1d\xe3\x0c\xd1\xd4\x78\xe2\x2a\x43\xc3\x2e\x64\xa5\xf5\x99\ -\x2d\xc0\x91\xe6\xe1\xda\xba\x4c\x4f\x8c\xa8\x16\xa8\x8d\xe6\xad\ -\x4d\x74\x59\x13\xa7\x68\xe2\x3e\x03\xbc\x04\xe5\x9b\x08\x15\x3b\ -\xc1\xed\xed\xdb\xe9\xec\xdc\x8f\xdb\xbd\x1b\x9d\xae\xd0\x28\x24\ -\x93\x61\x7c\xbe\x8b\x95\x42\xa8\x39\xd3\xad\x9f\xde\x42\xce\x96\ -\x24\xdc\x19\xd3\x1c\x6d\x09\x72\x60\xfa\x41\xd9\xa0\xe3\xc2\xfd\ -\x2e\xf4\x4d\x16\x76\xce\xf4\xcd\x92\x48\x0c\x9b\xec\xe4\x1a\x1d\ -\x74\x34\x37\x62\x31\x4c\xf9\x3b\xd7\x03\x11\x8e\x0c\x04\xb8\x3c\ -\x36\x39\x53\xf1\xc4\x45\xe0\xfb\xf9\xe8\x4f\x68\x9e\xc6\xbd\x01\ -\xa5\xdb\xda\x07\x51\xf4\xea\xee\xa1\xeb\x8b\x60\xc8\x27\xb9\xf8\ -\xae\x1a\x32\xde\x74\x93\xae\x5c\xb8\xbf\x70\x47\x92\x26\x30\xeb\ -\x93\x34\x18\x1c\x58\xf4\x56\xcc\xfa\x6a\x1d\x84\xbc\x19\x0f\x9f\ -\x62\xcc\xbf\x9b\x69\x57\x03\x8d\x63\xbc\xde\xe4\xa3\xea\xfb\xa1\ -\x74\x52\x09\x3f\xab\x0c\xf0\x0b\x42\x88\xef\x2d\xd4\x86\xb4\x60\ -\x12\xb8\xdd\xdd\xdd\x36\x94\xf0\xf6\xe7\x28\x52\x58\xa9\x04\x93\ -\xa9\x81\x4d\x9b\xf6\xb2\x79\xf3\x63\x38\x9d\x8a\xd6\xfa\xf0\x70\ -\x0f\x99\x4c\xac\x72\x98\x33\x7c\xe3\x94\xc1\xf7\x86\x6a\xba\x85\ -\x94\xe3\xcd\x56\x3f\x1b\x75\x32\x05\x66\xcd\x62\xe0\xe4\x8e\x56\ -\xd6\x37\x18\xd9\x58\xcd\x77\xcb\x02\x5e\xa3\x9d\x94\xbd\x91\xb5\ -\xcd\x0e\x1a\xf3\x6d\x00\xfd\xf1\x14\xaf\x7b\x02\x9c\xf0\x4c\x10\ -\xaf\xdc\x06\x3d\x06\xfc\x18\xf8\xbe\x10\xe2\xcc\x2c\xc6\x76\x63\ -\x9e\x24\x5d\x4c\x69\xd5\xdd\x87\x8a\x7a\x7f\x83\x1b\xb6\xbf\x08\ -\x72\x06\xee\x5c\xb0\x10\xd4\xdb\xca\x59\x93\x24\x66\x7d\x0c\xab\ -\xce\x86\xc5\x60\xc2\xa2\x07\x7d\xfd\x85\x89\xf8\xc6\x8f\x10\x9e\ -\x7c\xa2\xd8\x17\x77\x0e\x71\xda\x1e\xa4\x6a\xd9\xa9\xb1\xdb\x90\ -\x2c\xb5\x29\x67\x81\xfd\x0b\x59\x22\xb2\xe0\xda\xd1\xf9\x7e\x36\ -\xcf\xe6\x77\xc1\x9a\x24\xa6\x9c\x4e\x37\x5b\xb6\xec\xc7\x64\xd2\ -\x57\x53\x5c\x2a\x9b\x6e\xfd\xb4\x97\x5c\x76\xbb\xfa\x0f\x67\xb0\ -\x25\x48\xc2\x90\x61\x5b\xb1\x4b\xd7\x64\xe6\xe4\x7d\x2e\xba\x4c\ -\x7a\x5a\xaa\xfd\x6e\x32\x30\x6c\xb0\x12\x6b\x70\xd0\xd2\xec\xa0\ -\xc5\x6a\x22\x95\xcb\x71\x6e\x38\xc4\xd1\x81\x00\x43\x91\xc4\x4c\ -\x1f\xf1\x26\xf0\x1d\xe0\x47\x42\x88\x64\x99\xb1\x6b\x42\x29\xff\ -\xd8\x3d\x8d\x28\x5d\xd4\x20\xe6\xb7\xee\x5d\xe0\x7a\x04\x6e\xf5\ -\xda\x89\x19\xcc\x53\x5f\xdf\xa8\x8b\xd1\x60\x30\x63\xd1\x1b\x30\ -\xeb\xc1\x34\x47\x45\x99\xb2\x9c\xc1\x3b\x7c\x92\x44\x52\xb5\x2a\ -\xd4\x35\xc0\x9b\xd6\xc9\xc2\xfa\xa0\xb2\xbe\xee\x04\x04\x3d\xaa\ -\xfb\xd7\x3e\x21\x44\xcf\x42\xae\xe3\x45\x13\x5d\xcf\x0b\xab\x3f\ -\x9d\x27\x50\xd5\x89\x78\x6e\xf7\x4e\x36\x6e\xac\xee\x12\x5b\x3f\ -\x79\xfb\x8c\x7e\xf4\x4c\xa5\x0c\xde\x68\x63\x98\x4b\x0d\x09\xd5\ -\x1d\x2f\xbc\xc6\x46\xcf\x96\x66\x1e\xd5\x49\xb5\xdf\x65\xf8\xf4\ -\x66\x42\x56\x07\x0e\xa7\x83\xb5\x76\x0b\x7d\xc1\x28\x47\x07\x03\ -\x5c\xf0\x85\x99\xa1\xc2\x7e\x14\x25\x0d\xfe\x2c\xb0\x15\x45\xc7\ -\x6e\x6b\x3e\xd8\x52\xdf\xc1\x5d\x0f\xb4\x99\xa0\xdd\x8c\xfb\xf1\ -\x34\xa3\xa1\x06\xd2\x06\x23\x58\x0c\x60\xd1\x81\x45\x3f\xab\x32\ -\xf7\xf2\x26\x39\x17\x66\xc0\xd3\x47\x36\xbb\xa7\xdc\x5b\xda\x6e\ -\x71\xdd\x1c\x67\xc6\x1c\xed\x5c\x16\x46\x6e\x80\x8a\x8c\xde\xb7\ -\x84\x10\x9f\x5d\xe8\xf5\xbb\x24\xba\x15\x74\x77\x77\x3f\x09\xbc\ -\x98\x27\x52\xc5\x6a\xc0\x8e\x8e\xed\x6c\xd8\xb0\x0b\xbd\xbe\xba\ -\x94\x5e\xd3\xad\xd7\x2e\x93\xcb\x54\x3a\xbb\xc8\x96\x04\x47\x9a\ -\xc2\x1c\x52\x0b\xe9\x49\x30\xb4\xb1\x89\xdb\x6e\x07\x07\xa8\xcd\ -\xa3\x9f\x3a\xcc\xea\x8c\x8c\x5b\x1d\x58\x1d\x8d\x58\x4d\x46\x8e\ -\x7b\x83\x9c\xf4\x04\x89\xa4\xe7\xe1\xaa\xc7\x20\x29\x24\x59\xa7\ -\x10\x85\x75\x66\x68\x33\xde\x73\xb3\xa4\x6c\x0e\x59\xaf\x9b\xff\ -\x49\x4d\x67\x3c\x0c\x78\x92\xc8\x72\xc5\x74\x9a\xf6\x3e\xbc\x86\ -\x64\xa1\x54\x95\x1a\x82\x43\x10\x0d\x94\xbc\xec\x01\x76\x2c\x46\ -\xb4\x72\x49\xb5\xf9\xc8\x07\x12\x3e\x0e\x7c\x8a\x69\x6d\xc4\x4b\ -\xd6\x86\xc1\x8c\xdb\xbd\x83\xf6\xf6\xad\xe8\x66\x90\x9e\x4a\x07\ -\x6f\x78\x6d\xfe\x37\x66\x9c\x18\x7d\x96\x53\xad\x01\xba\x90\xd5\ -\xb3\x24\xf4\x12\xd7\xb7\xb6\x10\x6d\x6d\x60\xcf\x6c\x7e\x63\x44\ -\xd2\x33\x6a\x6e\x44\xd7\xd8\xc8\x70\x3c\xc3\x71\x4f\x90\xc1\xc9\ -\x44\xfd\x24\x59\x6b\x52\xc8\xd1\x9e\x27\x4a\x9b\x11\x74\xd2\xe2\ -\x4e\x64\x3c\x7e\x89\xa1\x91\x76\x64\x5a\x67\x74\x1d\xaf\x11\xd6\ -\x67\xa9\xd8\xa9\x20\x15\x07\xdf\x4d\xd5\x47\xcf\x08\x21\x16\x45\ -\x5c\x72\xc9\x76\x64\xcb\x8b\x87\x7c\x0a\xe5\x62\x55\xd5\x87\x37\ -\x1a\x2d\xb8\xdd\x0f\xb0\x76\xed\x16\x74\xba\xf2\xbb\x68\xf6\xc6\ -\x6b\x31\xab\x94\x69\x98\x79\x30\xe8\x75\x05\x68\xd0\x67\xcb\x77\ -\x7c\x33\xe9\x39\xbf\xa3\x95\x46\xbb\x89\x59\xab\xe4\x24\xd1\xe1\ -\x35\x37\x32\x86\x81\xcb\xa1\x24\x17\xc7\x23\x64\xcb\x4d\x87\x51\ -\x52\x88\xd1\x3e\x8d\x28\xae\x25\x40\x92\x12\xf3\x1a\x3a\xc9\x78\ -\xe0\x21\xa8\xca\xbd\xcd\xb9\xaf\x20\x21\x57\xb6\xe4\xa3\x7d\xaa\ -\x05\x6a\xff\x25\x84\xf8\x9d\xc5\xfa\x99\x4b\xbe\x95\x61\x77\x77\ -\xb7\x15\xa5\x9b\xc1\xef\x02\xef\x56\x73\xe5\xcc\x66\x2b\x6e\xf7\ -\x4e\xd6\xac\xe9\x54\xcd\xca\x8e\x8d\xf7\xe2\x9c\xa8\xfa\xec\x18\ -\x70\x86\x18\x30\x27\x2b\x1e\x58\x73\x76\x23\x27\xee\x6f\x65\xab\ -\xd9\xc0\x9c\x24\x40\x66\x90\xb8\x23\x99\xb9\x38\x99\xe1\x4c\x3c\ -\x47\x64\xad\xa9\x90\x28\x2d\xc6\x3a\x1d\xc5\x05\xc4\xe8\xd8\x61\ -\x26\x23\x87\x6a\x70\x69\x27\xdc\x97\xa9\x98\x9f\x1d\xf1\xab\x4a\ -\xd8\x46\x51\x9a\x41\x0d\x68\xc4\xa9\x8e\x44\x4d\x28\x69\x3d\x1f\ -\x06\x9e\x2a\x26\x91\xc5\x62\xc3\xed\xde\x45\x5b\xdb\xa6\x92\xb6\ -\x7a\xc9\xde\x9f\xd1\xa8\xab\x5a\x30\x31\x63\x8b\x71\xc2\x1e\x99\ -\x31\x15\x24\xde\x62\xe1\xf4\x36\x17\x7b\x0d\x3a\xe6\x4c\xf4\xe3\ -\xb8\xd9\xc8\x2b\x1f\x5a\x3f\xbb\xf0\xef\x42\x42\x96\xd3\x78\xbc\ -\xa7\x49\xa6\x6b\xab\xd7\x91\x19\x74\x5f\x29\x7f\x35\x91\xcd\x28\ -\x01\x01\x95\x86\x14\x7f\x21\x84\xf8\xfa\x62\xfe\xe4\x65\x45\x9c\ -\x22\x12\xd9\xf3\x16\xe8\x45\xe0\x5d\xd3\x9f\x59\xad\x8d\x6c\xd8\ -\xb0\x8b\xd6\xd6\xa9\xeb\x98\x78\xe0\x26\x4d\x81\x73\xb5\x1d\x21\ -\xd2\x1c\x73\x05\xd9\xcf\xcc\x05\x71\xfe\x0e\x3b\x97\x37\x39\x79\ -\x4c\x27\x61\x9c\xed\x6f\x0b\x64\x40\xec\x68\xc6\xf3\x98\x73\xe9\ -\x4f\x44\x36\x3b\xc1\x80\xb7\x9f\x6c\xf6\xc1\x9a\x17\x5f\x8e\x6b\ -\xeb\xaf\x52\x56\x2e\xc4\xef\x81\x78\xa9\xc2\xf7\x05\x60\xaf\x10\ -\x22\xa3\x11\x67\xf6\x24\xfa\x43\xe0\x5b\x14\x15\xab\x35\x34\x34\ -\xb1\x71\xe3\x2e\x5a\x5a\x94\x23\x4b\xa2\xf7\xe7\x38\x74\xc9\x1a\ -\x07\x88\x0b\xad\xe3\x74\xe8\xaa\x38\xe8\xea\xa0\xbf\xd3\xc9\x48\ -\x7b\x23\xb3\xae\x73\x3f\x13\x91\x78\xf9\x59\x37\x39\xe7\x12\xee\ -\x6f\x9c\x4a\x0f\x30\xe8\xc9\x22\xd7\x17\x26\xd7\x65\xe8\xe9\xb8\ -\xce\x43\xaa\xe7\xbf\xa8\x72\xd9\x59\x62\xa3\xe0\xc0\x52\xa8\xc4\ -\x5d\x11\xc4\xc9\x93\xe7\x7e\xe0\x65\x28\x9d\x08\x9b\xad\x99\x8d\ -\x1b\xbb\xb0\x90\xa4\xc9\x7f\xba\x0e\x57\x84\x21\x57\x90\xb0\x21\ -\x43\x55\x62\x4a\x06\x89\x4b\xdb\x5d\xc8\x4e\x2b\x75\x17\x68\x5d\ -\xca\x90\xea\x77\xda\xa2\xff\xf3\xcc\x9a\xe6\x25\x39\xe0\xd1\xf8\ -\x45\x86\x47\xd6\x43\xf5\x97\xc4\xc5\xd0\xa7\x38\xb5\xee\x46\xe9\ -\x26\x53\xa6\xaa\x13\x94\x0c\x8b\xe7\x97\xc2\xcf\xd7\xb1\x42\x90\ -\x97\x37\xdd\x0f\x7c\x83\xa2\x3e\x21\xd1\x68\x90\xab\x57\x8f\xd2\ -\xe7\xe9\x63\x2c\x55\x87\xce\x84\x44\x87\xbf\x85\x8d\x31\x2b\x55\ -\x25\x67\x66\x64\x76\x5d\x1e\xa7\xeb\xfc\x10\xa7\x62\x69\xfa\xeb\ -\xf9\x3d\x9b\xcd\x9c\x7c\xaa\x3f\x7a\xc1\x19\xce\x9c\x5d\x72\x83\ -\x1d\x0c\x9d\x60\x78\xe4\xbe\xd9\x90\x06\xca\xb7\xf7\x88\x8c\xab\ -\x92\x66\x14\xa5\xa9\xf2\x92\xc0\x8a\xb1\x38\x45\xd6\x67\x2f\x4a\ -\x12\xe5\x5e\xb5\xe7\x1b\x1a\x60\xb3\xad\xbe\xcb\x72\x73\x92\xc3\ -\xce\x10\xb5\x44\x8e\x32\x0e\x33\x27\xb6\xbb\xd8\x69\xd2\x57\x9b\ -\xe4\x0a\x59\x38\x37\x06\x2e\x5d\xd4\x68\xf8\xca\x0b\xee\xbc\x30\ -\xc9\x12\xc0\xa8\xef\x30\x93\xd1\x27\xe7\xe2\xa3\xcc\x51\x8e\xb4\ -\xf5\x17\x66\x46\x97\xa9\xea\x04\xf8\x3d\x21\xc4\xcb\x4b\x65\x8d\ -\xe9\x58\x81\x10\x42\x9c\x07\x1e\x05\xfe\x04\xa5\xb8\xa9\x00\x83\ -\x31\x38\x1f\x84\x58\x1d\x17\xf7\x49\x33\x4f\x8e\xbb\x38\x2b\x4b\ -\x54\x7b\x5b\x6d\x08\x27\x79\xe2\xec\x10\xe6\xde\x71\x0e\x67\x65\ -\xaa\x6a\xfc\xa3\x87\xcd\x29\x33\x9d\xae\x50\x7a\x7c\xef\xa5\xc8\ -\x99\x45\x1f\x54\x59\x4e\x31\xe8\x39\x3e\x57\xa4\x01\xd0\xa7\x4b\ -\xd7\xdf\xc4\x90\x2a\x69\xfe\x77\x29\x91\x66\xc5\x5a\x9c\x22\xeb\ -\xd3\x01\xfc\x23\xf0\xa1\x92\x89\x93\x60\xab\x1d\xd6\x59\xeb\x19\ -\x38\x6e\xb6\x04\x30\x1a\xb2\xd5\x65\x52\x4f\x79\x7d\x8c\xb8\x9b\ -\xe8\xdb\xe0\xe0\x80\x34\xc3\xc6\x35\x6c\xc2\x63\x0e\xe3\x75\x04\ -\xa4\x87\x3e\xff\xe7\x9b\x86\x33\x06\x69\xd3\xa2\x0c\x62\x36\x17\ -\xe0\xce\xa0\x87\x5c\x6e\xf7\x5c\x7e\xac\xed\x0e\xa3\xcd\x91\xa9\ -\x52\xf6\xf8\x24\xf8\xef\x94\xbc\x2d\x01\x74\x09\x21\xfa\x34\xe2\ -\x2c\x0e\x81\xde\x0f\x7c\x9b\xa2\x6e\xcb\x00\xad\x66\xd8\xde\xc8\ -\x8c\x35\x58\x2a\x41\x83\x89\xa6\x30\xb7\x2c\xc9\xda\xd3\x70\xf4\ -\x12\x37\xb6\xb4\x10\x6a\x6b\xa0\x6c\x99\xf2\x84\x81\x93\x93\x3a\ -\x1e\x71\xdf\xc4\xd7\xb3\xc3\x36\xf2\x83\x67\xd6\x3c\xb4\xe0\x03\ -\x97\x4a\xf5\x33\xe8\x95\x90\x99\x73\xd2\xda\x7b\xc1\x99\x9e\x0a\ -\x08\x2c\x76\x55\xe7\xaa\x77\xd5\xca\xb8\x6f\xff\x0d\xec\xcc\x9f\ -\x7d\x0a\x30\x9e\x84\x73\x01\x08\xd6\xaa\x30\x2c\xe1\x0c\x35\xf1\ -\xf6\x70\x63\x91\xee\x76\x35\x9b\xb8\xcc\xb6\x5e\x3f\x0f\x9f\xf1\ -\xd2\x13\x4e\xa2\xda\xb7\xc5\x92\x23\x2d\x4b\xe8\xe3\x76\xae\xef\ -\xb9\x1a\x7d\xa8\xcd\x9f\x5e\xd8\x30\x6c\x34\xf6\x16\x03\xde\xa6\ -\xf9\x20\x4d\x3e\x38\x70\x0f\x61\x9f\x2a\x69\xce\xa2\xe8\x9a\x2f\ -\x39\xac\x1a\x8b\x53\x64\x7d\x9e\x46\x51\xa3\x69\x55\x0b\x1c\x74\ -\xda\x6a\x4f\x01\x33\xa4\x79\xdd\x15\x64\x1f\xd4\xa5\x81\x2c\x37\ -\x18\x39\xb1\xa3\x95\x4e\x8b\x81\x7b\x0d\x85\x72\x70\xc9\x63\x66\ -\x97\x3e\xc3\xd8\xfa\x7e\x9a\x02\x0e\x43\xf0\xcb\x2f\xb9\xed\x48\ -\x92\x6d\xde\x07\x29\x38\x71\x1c\x7f\x70\x1f\x33\x64\xab\xcf\x06\ -\xcd\xd7\xc0\x96\x2d\x5b\xd5\x39\x09\xec\x59\x6a\x2e\xda\xaa\xb3\ -\x38\x45\xd6\xe7\x17\x28\xc5\x60\xbf\x52\x0b\x1c\xbc\x11\x84\x68\ -\x8d\x81\x83\x8c\x91\x77\xf8\x5a\xb9\x91\xd3\xe1\xab\x67\x03\x8b\ -\xa5\x39\x78\x7e\x98\x96\x2b\x63\x1c\xc9\xe4\x08\xe5\x27\x67\xab\ -\x04\x99\xac\x81\xb6\xb4\x91\x73\x2d\xe1\xcc\xda\x03\x3d\x91\x73\ -\xf3\x3c\x3c\x32\x23\xbe\xc3\xf8\x83\x07\xe7\x93\x34\x00\xfa\xdc\ -\x54\x40\x40\xa5\x14\xfa\xa5\xa5\x4a\x9a\x55\x4b\x9c\x3c\x79\x86\ -\x81\xf7\xa0\xb4\x6f\x2c\x70\xd2\x22\x19\x38\x1f\x80\xa1\x78\x8d\ -\x2b\x4e\xc7\xae\xb1\x56\x72\x29\x23\x57\xea\xfc\x5a\x96\x60\x82\ -\x43\x67\xbc\x64\x6f\x06\x39\x92\x93\xd1\x99\x72\xdc\x04\x08\xb6\ -\x62\x07\xf8\xf0\x2f\xc7\x0f\x1a\xd3\xf2\xfc\x2c\x28\x59\x4e\x30\ -\xe0\x39\x49\x64\xee\x22\x67\x15\x89\x03\xc4\x26\x54\x4b\xa1\x5f\ -\x16\x42\xfc\x68\x29\xaf\x9f\x55\x4b\x9c\x3c\x79\x64\x21\xc4\x37\ -\x50\x2e\x4e\xfb\xa7\x3f\xcb\xc9\xd0\x3b\x09\x97\x42\x90\xae\xad\ -\x92\xbd\x3d\xd0\xcc\xe6\x68\x03\xc7\xeb\xdf\xf2\x69\x19\x89\x70\ -\xe8\xb4\x87\xd1\x68\x8c\x21\x80\x84\x8d\xdd\xb2\x44\xaf\x5e\xc6\ -\xf0\xc9\xd7\x46\x63\x73\x3e\x18\xd9\xac\x9f\xfe\x81\x3e\x52\xe9\ -\x03\x0b\xb6\xf8\x32\x8a\x62\x4d\x11\x6e\x01\x2f\x2c\xf5\xb5\xb3\ -\xaa\x89\x33\x8d\x40\x3d\x28\xf7\x3e\xa7\xd4\x02\x07\x67\x6b\x0c\ -\x1c\x48\x60\x89\xd8\x39\x38\xe1\xe4\x08\x45\x59\x0c\xb5\x20\x07\ -\x1b\xc6\x83\x53\xee\x52\xd8\xc9\x28\xc0\xce\x9b\xf1\xdd\x1d\xbe\ -\xd4\xf1\x39\x1b\x80\x64\xea\x16\xfd\x03\x31\xb2\xb9\x5d\x0b\x36\ -\xe8\x59\x98\xf4\x95\x94\x42\x67\x80\x67\x97\x43\x5b\x15\x8d\x38\ -\x53\xe4\xf1\x01\xef\x04\x7e\x58\xfc\x2c\x95\x83\xb7\x26\xa0\x6f\ -\x92\x99\xf4\x02\x0a\xd7\xa3\x89\x43\xe3\xad\xbc\x21\x4b\xd4\xbd\ -\x10\x32\xa9\xa9\x7a\x9f\xc9\x66\xf6\x80\xf2\x59\x2f\xfe\xc7\xc8\ -\xfd\x20\xcf\x5e\x5a\x2a\x12\xeb\x61\xd0\xeb\x42\xae\x5e\x79\x68\ -\x56\x48\x01\x3e\xa0\x4f\xa9\xb5\x29\xc2\x97\x84\x10\xa7\x97\xc3\ -\x7a\xd1\x88\x53\x48\x9e\x84\x10\xe2\x39\x94\x52\x85\x92\xe0\xa8\ -\x27\x5e\x7b\xe0\x20\xab\xe3\xe1\xb1\x56\xfc\x19\x03\xb7\xeb\x3b\ -\x76\xd0\x29\xe7\x88\x02\xe4\x74\xd8\x92\x56\x7a\x00\x1c\x91\xac\ -\xeb\x9d\xa7\x42\x17\x67\xf5\x83\x03\xc1\x63\x8c\x8c\xee\xa2\x06\ -\x95\x9c\x3a\xcc\xa6\x1f\x1f\x39\xee\xe4\x9d\x61\x1f\x4a\xbc\xec\ -\x72\xc9\x3b\x7f\x03\xfc\xfd\x72\x59\x2b\x1a\x71\xd4\x09\xf4\x5d\ -\xe0\xb7\x50\x12\x0b\x29\x09\x1c\xf8\xc1\x5b\x43\xe0\x40\x96\xe8\ -\xf4\xb7\xe0\x4a\x58\xa8\x27\x22\xa6\x4b\xc6\xb8\x17\x0c\x08\xb6\ -\x4e\x65\x2a\x3c\xfd\x7f\xc1\x03\xe6\x64\xee\x5a\x5d\xc7\xa8\xe1\ -\x91\x23\x04\x26\x1e\x87\xd9\xd7\x0f\x15\x7d\xb2\x97\x14\xc7\x09\ -\x73\x8c\x61\xee\xe0\xc5\x45\x12\x1d\xba\x7c\x34\x20\x07\x5c\x2f\ -\xd9\x96\xfc\xc0\x27\x16\x52\x17\x4d\x23\xce\xfc\x91\xe7\x75\x94\ -\x24\xd1\x33\x2a\x67\x0f\x6e\x4c\xc2\xc5\xda\x02\x07\x8e\x90\x83\ -\x3d\xf5\x5c\x96\xc6\xa2\xdc\x73\xc9\x52\x66\x3a\xb3\x7a\xc5\xea\ -\xe8\x64\x74\x7f\xf4\xea\xa8\x5c\xd3\x39\x4a\x96\xe3\xdc\x19\x3c\ -\x4d\x34\x7e\x68\x8e\x88\xd2\x4f\x8a\x63\x84\x38\xce\x10\x43\x78\ -\x58\xcf\x28\x07\x09\xf1\x38\x19\x95\x8b\xd3\x7e\x54\xb2\x07\xf9\ -\x94\x10\xc2\xbb\x9c\xd6\x87\x46\x9c\xca\xe4\xf1\x02\x4f\x00\xff\ -\xae\xf6\xdc\x9f\x0f\x1c\x04\xaa\x0f\x1c\xe8\xe2\x56\x0e\xf9\x5d\ -\x1c\x47\xc9\xc1\xaa\xee\xac\x94\x28\xbc\x54\x0d\xb5\x4c\x85\xcf\ -\xb7\xdd\x49\xec\xd8\xe4\x4d\x56\x17\x28\xc8\x64\xc6\xe8\x1f\xb8\ -\x45\x3a\xb3\xbf\x6e\x9a\xc8\xf4\x91\xe4\x28\x13\x9c\xc4\x8b\x0f\ -\x0f\x6f\x63\x94\xc7\x09\x73\x90\xec\xd4\xe5\xad\x2a\xc6\x80\x52\ -\xfd\x80\xef\xe6\xef\xd5\x96\x15\x56\x65\xe6\x40\x3d\xe8\xee\xee\ -\xfe\x34\x4a\x95\xa9\xaa\x7a\x8b\xdb\x0a\x9b\xed\x35\x64\x1c\xc8\ -\x5c\x6d\xf5\xd3\xac\xcf\x55\x25\xf6\x31\xb2\x61\xeb\xd4\xfb\x24\ -\x99\xac\xfb\x26\x3e\x09\xd6\x01\x44\xad\xba\xd0\x17\x3f\xbb\x31\ -\x2b\x4b\x52\xf9\xfa\x98\x44\xaa\x0f\x8f\xd7\x0a\x33\x6b\x98\x4d\ -\x3f\xa2\x91\xa3\x97\x14\x3e\x62\x58\x88\xb3\x8d\x5c\x9d\x35\x38\ -\x31\x94\xa2\xe7\x42\xdb\x78\x19\x45\x85\x33\xbe\xdc\xd6\x83\x66\ -\x71\xaa\xb7\x3e\xdf\x07\x1e\x03\x6e\xa8\x3d\xf7\xc4\x95\x52\x85\ -\x68\xb5\x95\xf0\x12\x3b\xc6\x5d\xe8\x92\x26\x2e\x55\xf1\xee\xf6\ -\x5c\x66\x2a\x23\xe1\x6e\xfe\xda\xdd\x7f\xdb\xe2\xb9\xa6\xf7\x1e\ -\x9b\x28\x7f\xd6\x89\x44\xce\xe3\xf5\xae\xad\x82\x34\x69\x72\x5c\ -\x24\xc1\x61\x02\x9c\xc3\x43\x0c\x2f\x3b\x18\xe3\x10\x51\x1e\xad\ -\x9b\x34\x59\xe0\x5a\x09\x69\x12\xc0\xc7\x96\x23\x69\x34\x8b\x53\ -\x9f\xe5\x69\x44\xe9\xfd\xf9\xd1\x72\x3b\xd1\x16\x3b\xac\xaf\xbe\ -\xe1\x5c\xd2\x1e\xe5\xac\x2d\x5a\x59\xb1\xbf\xa5\x8d\x33\xb6\x26\ -\xee\xc9\xf9\xe6\xf3\xd7\x9c\x77\x0f\xf7\x32\xf0\x85\xcf\x6d\xba\ -\x14\xb7\xe8\x0a\xef\x62\xc6\x03\x47\x99\x08\x15\x74\x67\x98\x86\ -\x38\x39\xae\x93\x60\x82\x38\x4d\xc4\xd9\x8e\x4c\xc3\x9c\x0f\xda\ -\x55\x20\x58\xf2\xea\x4b\x42\x88\x6f\x2f\xd7\x75\xa0\x11\xa7\x7e\ -\x02\x3d\x9f\x77\xdd\x54\x93\x3a\x5d\x26\xd8\xee\xa8\x5e\xbb\xdc\ -\x98\xe2\x48\xcb\x04\xef\x40\xad\x4f\x1a\x60\xb5\x71\xa4\x75\x5d\ -\x61\xb5\xe4\xba\x3b\x9c\x30\xa6\xb9\x77\xd3\xdf\xbf\xde\xdc\xf7\ -\xcd\xe7\x3a\x3a\x01\x3d\x32\x39\x86\x47\x8e\x11\x2b\x08\x02\x44\ -\xc8\x72\x9d\x24\x93\x44\x70\x91\x62\x3b\xf2\xfc\xe6\xa3\x31\x98\ -\xff\x2b\xc4\xa2\x8a\x09\x6a\xae\xda\xe2\xba\x6e\xdf\x43\x49\xd5\ -\x51\xcd\x1b\xf3\xa7\x94\xc0\x81\xbf\xca\xc0\x41\xda\xc4\xa1\xb1\ -\x56\xde\xca\x49\x2a\x7b\xb3\x12\x20\x28\xb9\x6b\xb9\x9b\xbf\x76\ -\x17\x6f\xf3\x26\xb7\x6e\xeb\x8f\x9f\x40\x96\x63\x0c\x0c\x9e\x25\ -\x16\x7f\x3b\x19\xce\x10\xe5\x08\x3e\xae\xe0\xc1\xca\x10\x7b\xf1\ -\xf3\x24\x49\xba\xe6\x9d\x34\x41\x55\xd2\x0c\x01\x9f\x5c\xee\xf3\ -\xaf\x59\x9c\x79\x76\xdd\x00\xd6\xe7\x03\x07\x55\xea\x0b\x0e\xb8\ -\x02\xa4\x0d\x19\xb6\x14\x1e\x89\x98\x74\x6f\xc5\x4e\x91\xd6\xc1\ -\x86\x9b\xf4\x4a\xf2\x94\x1c\x6f\xdc\x2c\x45\xbf\xf2\x94\xe9\xf0\ -\x64\x34\xb9\x8d\x14\xdb\x66\x92\x97\x9d\x37\x24\x81\xb7\x50\x92\ -\x68\xa6\x90\x03\xde\x2d\x84\xf8\xb5\x46\x1c\x0d\x77\x09\xf4\x02\ -\xf0\x0f\xe5\x5c\x37\x9b\x01\x76\x38\xc0\x5e\x85\x4c\x9a\x0c\x91\ -\xa6\x30\x57\xac\x09\x0a\x5a\x94\xb4\x6f\xe0\xb6\xd1\x5c\xa8\x61\ -\xe6\xf4\x73\xcc\x11\xa4\xa0\xf7\x8c\xcf\xc2\xe9\xaf\xec\xa9\xbe\ -\x59\xd3\x9c\x23\x87\xd2\x73\xae\x34\xeb\xf9\xab\x42\x88\x2f\xac\ -\x84\xf9\xd6\x5c\xb5\xb9\x73\xdd\xbe\x8b\x12\x75\x53\x75\xdd\xa2\ -\xf9\x52\x05\x4f\x15\x79\xcd\x12\xd8\xc3\x0e\xf6\x85\x1c\x1c\x9e\ -\xfe\x7a\x22\x5a\x7a\x0b\x12\x9e\x96\xbf\x76\x17\x6b\x12\x3c\xfa\ -\xa0\x9f\x37\x17\x6d\x30\x6e\xaa\x92\xe6\x28\xf0\xd7\x2b\x65\xbe\ -\x35\xe2\xcc\x2d\x79\x7a\x50\xb2\x0d\x7e\x52\xc6\x92\xd0\x17\x81\ -\x0b\x13\x4a\xe2\xe8\x4c\xfc\x49\x58\x78\x72\xdc\xc5\x49\x59\x22\ -\x06\x10\x8f\x51\x92\x25\x37\x3d\x7f\x6d\x3a\x7e\xbf\x97\x66\x43\ -\x8e\xd4\x82\x0f\xc2\x08\xca\x45\x67\x21\x3c\xc0\x47\x84\x10\xe9\ -\x95\x32\xd7\x9a\xab\x36\x7f\xae\xdb\x8b\x28\xe2\x88\xaa\x17\xa6\ -\x46\x09\xee\x77\x80\xab\x9a\x42\x6b\x99\xeb\xad\x01\x1a\x0d\x32\ -\x61\xf7\xe6\x52\x35\x51\x53\x92\x5b\xed\x83\x6c\x2e\x7e\xfd\x5c\ -\x1b\x47\x7f\xb4\x6d\x46\xe1\xf8\xb9\xc3\x24\x70\x89\xe2\x6a\xce\ -\x24\xf0\xc4\x6c\x7a\x9c\x6a\x16\x67\x75\x59\x9f\xef\xa0\xf4\x38\ -\xfd\x99\xda\xf3\xb4\xac\xe4\xba\xdd\x98\xa4\x7c\x4f\x9c\x29\xdf\ -\x6d\xfb\xb8\x0b\x73\xc2\x40\x1c\xb9\xd4\x8a\xa4\xcc\x6c\xbe\x9b\ -\xbf\x36\x1d\x0f\x8f\xb1\xaf\x2d\xce\xc2\xe4\x80\xa5\x51\x92\x37\ -\x4b\x7f\xcb\x1f\xaf\x34\xd2\x68\x16\x67\xe1\xac\xcf\x13\x28\x21\ -\xd8\x0f\x42\x69\xf7\xb1\x06\x3d\x3c\xd0\x54\x55\xe0\x20\xbd\xdd\ -\xca\x8d\x46\x23\x0f\x14\x3f\xb0\x87\x38\xdd\x32\x56\x1a\x10\x08\ -\x98\x39\xf7\xe5\xbd\xe5\x25\xa8\xe6\x04\x32\x4a\xf2\x4c\x69\xd5\ -\xd1\xf7\x84\x10\x2f\xac\xc4\x39\xd5\x2c\xce\xc2\x58\x9f\xa3\xf9\ -\x3a\x9f\xb5\x79\x02\x15\xa8\x80\xc6\xb2\x4a\xe0\x60\x70\xe6\xc0\ -\x81\x31\x90\x55\x2f\x8a\x8b\x3a\x78\x58\x56\x49\xa1\x6c\x49\xf2\ -\xf0\x7e\x1f\xf3\x2b\xf0\x71\x47\x95\x34\x27\x50\x94\x54\x57\x24\ -\x34\x8b\xb3\x38\x16\x68\x17\xf0\x0b\x28\x3d\x97\x34\x9b\x94\xb3\ -\x8f\xb9\xcc\x96\x66\xd2\x71\x79\xb7\x1d\xd5\x66\xc0\xad\x23\x1c\ -\x6e\x88\xf0\x64\xf1\xeb\x59\x09\xef\xe7\x1f\xa1\x25\xad\x9f\x07\ -\xfd\x69\x7f\xde\x45\x2b\xc4\x6d\xe0\x31\x21\xc4\xe8\x4a\x9d\x43\ -\xcd\xe2\x2c\x8e\x05\xba\x04\xec\x43\x45\x9e\x2a\x98\x82\x73\x7e\ -\x45\xeb\x40\x0d\xc9\x2c\xf7\x95\xdb\xea\x82\xad\xec\x44\xa5\x72\ -\x55\x2f\xb3\xfe\xb9\x1b\xcc\x7d\xd7\x83\x18\x6a\xc1\xf7\x20\xf0\ -\xfe\x95\x4c\x1a\x8d\x38\x8b\x4b\x9e\x00\xf0\x5e\x94\x32\xed\x70\ -\x71\xe0\xe0\x52\x48\x51\xd9\x29\x0e\x1c\x48\x12\xc6\x70\x06\x55\ -\x5a\xe5\xf5\xd7\x54\x09\xd2\x15\x60\xff\xba\x58\x7d\x2d\x47\x54\ -\x71\x37\xe3\xb9\x30\x40\x9e\x04\x9e\xce\xb7\x5c\x59\xd1\xd0\x5c\ -\xb5\xa5\xe1\xba\x75\x00\xff\x84\xd2\x24\xb8\x24\x70\xb0\xa3\x09\ -\x1a\xa7\x05\x0e\x6c\x3a\xd8\x61\x57\xff\x2c\x4b\x94\x0b\x6b\x86\ -\x51\x15\x47\x9f\x34\xd2\xf3\x57\xfb\x98\x1b\xfd\xe9\x6b\x40\xa0\ -\x24\x44\xf0\xac\x10\xe2\xc7\xab\x61\xce\x34\xe2\x2c\x2d\x02\x7d\ -\x00\xf8\x67\x8a\xea\x66\x24\x94\x5c\xb7\x0d\xf9\x84\x7f\x59\x86\ -\x7d\x15\xe4\x35\x8a\xf3\xd7\xa6\xe3\x67\x9d\x9c\x3a\xbc\x6e\x96\ -\xad\x16\xbd\xf9\x80\x40\x21\xfe\x52\x08\xf1\xb5\xd5\x32\x57\x9a\ -\xab\xb6\xb4\xdc\xb7\x9f\x03\x0f\x00\xbf\x2c\xde\xca\x6f\x46\xe0\ -\xcd\x20\x24\x73\x0a\x93\x2a\xed\x77\x93\x4e\xca\x9e\x2f\x3e\x70\ -\x9b\xcd\x96\x6c\xd5\xbd\x7d\x4a\x11\x52\x25\xcd\xbf\xae\x26\xd2\ -\x68\xc4\x59\x9a\xe4\x09\xa3\xf4\xf2\x29\xd1\x17\x9b\x48\xc3\x59\ -\x3f\x4c\xa4\x2a\x4b\x54\xa9\xe5\xaf\x4d\x9b\xf0\x35\xdd\xd7\x78\ -\xa3\xae\x2f\x97\x44\x2d\x82\x76\x32\x7f\x4e\x43\x23\x8e\x86\xc5\ -\x26\x4f\x14\xf8\xed\xfc\x49\xa2\x00\x19\x59\x11\x47\xcc\x54\xb0\ -\x38\xe5\xf2\xd7\xee\xe2\xbe\x10\x07\x37\x45\xd4\x4b\xc0\xcb\x7f\ -\x68\x9e\x34\x99\x12\xa7\xed\x19\x21\x44\x4a\x23\x8e\x86\xa5\x42\ -\x1e\x3f\x8a\x28\xbc\x6a\xca\x8c\x6f\x86\xae\xf3\xc1\xd6\x8a\xca\ -\x9c\xfa\x17\x2e\x93\x40\x2d\x41\xa6\x1c\x6e\x53\x74\x6d\x4b\x32\ -\x4f\x9a\x91\xd5\x38\x3f\x1a\x71\x96\x36\x79\x06\xf2\xe4\x99\x28\ -\x7e\x36\x3c\x83\xb8\x54\xb9\xfc\xb5\xbb\x68\xc8\xd2\xf5\xbe\xc1\ -\x2a\x85\xe1\x47\x51\x91\x66\xe4\xd3\x2b\x31\x07\x4d\x23\xce\xca\ -\x21\xcf\x65\xe0\x03\xf9\x1d\xfe\x1e\xae\x4c\xc2\x9d\x19\x52\x74\ -\xa6\xeb\xaf\xa9\xe1\x3d\x83\x3c\x60\x4b\x97\x92\xb2\x00\x11\x94\ -\xfe\x01\x85\xf8\x8e\x10\xe2\x87\xab\x79\x5e\x34\xe2\x2c\x0f\xf2\ -\x1c\x01\xfe\x60\xba\x6b\x15\xcd\xc2\xab\x43\xf0\xab\xb1\xf2\x6a\ -\xa2\xe5\xf2\xd7\xa6\x4d\x7e\xcb\xf3\x57\x29\xaf\x3f\xad\x9e\xf1\ -\x7c\x15\xa5\xa7\x10\x1a\x71\x34\x2c\x07\xf2\xbc\x02\x7c\xbe\xf8\ -\xf5\xb7\x42\xf0\x83\x01\x18\x54\x51\x27\x93\x25\xf4\x61\x7b\xe5\ -\x6c\x81\x4d\x11\x0e\x6e\x0b\xa9\x34\xc2\x92\x81\xde\x62\x3b\x47\ -\x1a\xf8\xf8\x72\xd5\x42\xd3\x88\xb3\x7a\xc9\xf3\x75\x94\x0c\x83\ -\x42\x97\x2c\x03\xaf\x78\xe1\xd7\x63\xa5\xd1\xb6\xb1\x66\xf6\xe7\ -\xa0\x52\x7f\x05\xdd\x47\xaf\xb2\x5e\x2a\x0e\x13\x0c\x00\xa5\x4d\ -\x44\xbe\x24\x84\x78\x43\x9b\x09\x8d\x38\xcb\x11\x7f\x8a\x4a\x0f\ -\x1f\x80\x9e\xbc\xf5\xf1\x4c\xb3\x07\x26\x33\xd2\x4d\x83\xba\x56\ -\xdb\x5d\xac\xc9\xd1\xf4\x8e\xde\x69\x2f\xf8\x51\x8b\xe5\x1d\x06\ -\xbe\xaa\x0d\xbf\x02\x2d\xe5\x66\x99\xa2\xbb\xbb\xfb\xcf\x80\xaf\ -\xa1\x22\x60\x28\x01\x7b\x9c\xf0\xb8\x0b\x0c\x12\x84\x43\xb0\x6b\ -\xac\xf2\xe7\xc5\x80\xbf\x7d\x10\x26\x25\x14\x8d\xe7\x42\x1b\x15\ -\x00\x76\x2f\xb7\x8e\x02\x1a\x71\x34\x94\x23\xcf\x53\xc0\x2b\x40\ -\xb3\xda\xf3\x66\x23\xbc\x6f\x2d\x74\x58\xc0\x7c\x13\xd6\xce\x30\ -\xd5\xbf\xb1\xc0\x7f\x4a\x40\xe9\x09\xe6\x83\xf9\x74\x20\x0d\x1a\ -\x71\x56\x0c\x79\xb6\x00\x3f\x07\x54\xfb\x77\x4a\xc0\xc3\x4e\xe8\ -\xca\xc0\x83\xf9\x0b\xcc\x2c\xca\xb5\xcc\x50\xde\x23\xbb\xfb\x37\ -\xa9\xfe\x5f\xfc\x9d\x10\xe2\x8b\xda\x48\x6b\xc4\x59\x89\xe4\xb1\ -\xe4\xcf\x1f\x9f\x01\x75\xe5\x4e\x97\x01\xb6\x66\x14\x82\x8c\x50\ -\x9c\x39\x53\x16\xaf\x02\x1f\x15\x42\x68\x8b\x44\x23\xce\x8a\x77\ -\xdd\x7e\x00\x33\x34\x78\xaa\x0e\xa7\x81\x77\x6a\xa1\x67\x75\x68\ -\x51\xb5\x15\x04\x21\xc4\xaf\x80\x2e\xe0\xc7\x54\x0e\x41\x57\x82\ -\x8c\xa2\x85\xfd\x3e\x8d\x34\x9a\xc5\x59\x8d\xd6\xa7\x1d\xf8\x04\ -\xf0\x1c\x94\xca\x49\x95\xc1\x45\xe0\x79\x21\xc4\x09\x6d\x04\x35\ -\xe2\x68\x24\xea\xee\x7e\x14\xa5\x8b\xf6\x96\xfc\xdf\x66\x94\x2a\ -\xd3\x01\x14\x45\xb4\xcb\x40\x0f\xf0\x9a\x10\x22\xa3\x8d\x98\x46\ -\x1c\x0d\xe5\xc9\x24\x69\x87\x7e\x8d\x38\x1a\x34\x68\xc1\x01\x0d\ -\x1a\x34\xe2\x68\xd0\xa0\x11\x47\x83\x06\x0d\x00\xff\x0f\x78\x5e\ -\xe6\x58\xdb\x50\x81\xdf\x00\x00\x00\x00\x49\x45\x4e\x44\xae\x42\ -\x60\x82\ -\x00\x00\x02\xc8\ -\x89\ -\x50\x4e\x47\x0d\x0a\x1a\x0a\x00\x00\x00\x0d\x49\x48\x44\x52\x00\ -\x00\x00\x40\x00\x00\x00\x40\x08\x03\x00\x00\x00\x9d\xb7\x81\xec\ -\x00\x00\x00\x03\x73\x42\x49\x54\x08\x08\x08\xdb\xe1\x4f\xe0\x00\ -\x00\x00\x09\x70\x48\x59\x73\x00\x00\x37\x5d\x00\x00\x37\x5d\x01\ -\x19\x80\x46\x5d\x00\x00\x00\x19\x74\x45\x58\x74\x53\x6f\x66\x74\ -\x77\x61\x72\x65\x00\x77\x77\x77\x2e\x69\x6e\x6b\x73\x63\x61\x70\ -\x65\x2e\x6f\x72\x67\x9b\xee\x3c\x1a\x00\x00\x00\x1f\x74\x45\x58\ -\x74\x54\x69\x74\x6c\x65\x00\x47\x6e\x6f\x6d\x65\x20\x53\x79\x6d\ -\x62\x6f\x6c\x69\x63\x20\x49\x63\x6f\x6e\x20\x54\x68\x65\x6d\x65\ -\x8e\xa4\x29\xab\x00\x00\x00\xb4\x50\x4c\x54\x45\xff\xff\xff\xff\ -\xff\xff\x80\x80\x80\xbf\xbf\xbf\xcc\xcc\xcc\xbf\xbf\xbf\xc6\xc6\ -\xc6\xb3\xb3\xb3\xc8\xc8\xc8\xc3\xc3\xc3\xba\xba\xba\xc4\xc4\xc4\ -\xbd\xbd\xbd\xb9\xb9\xb9\xb9\xb9\xb9\xbf\xbf\xbf\xbc\xbc\xbc\xbd\ -\xbd\xbd\xbe\xbe\xbe\xbd\xbd\xbd\xbc\xbc\xbc\xbe\xbe\xbe\xbe\xbe\ -\xbe\xbe\xbe\xbe\xbe\xbe\xbe\xbf\xbf\xbf\xbd\xbd\xbd\xbe\xbe\xbe\ -\xbf\xbf\xbf\xbd\xbd\xbd\xbf\xbf\xbf\xbe\xbe\xbe\xbe\xbe\xbe\xbe\ -\xbe\xbe\xbe\xbe\xbe\xbd\xbd\xbd\xbe\xbe\xbe\xbe\xbe\xbe\xbe\xbe\ -\xbe\xbe\xbe\xbe\xbd\xbd\xbd\xbf\xbf\xbf\xbe\xbe\xbe\xbe\xbe\xbe\ -\xbe\xbe\xbe\xbf\xbf\xbf\xbe\xbe\xbe\xbe\xbe\xbe\xbe\xbe\xbe\xbe\ -\xbe\xbe\xbe\xbe\xbe\xbd\xbd\xbd\xbe\xbe\xbe\xbe\xbe\xbe\xbe\xbe\ -\xbe\xbe\xbe\xbe\xbe\xbe\xbe\xbe\xbe\xbe\xbe\xbe\xbe\xbe\xbe\xbe\ -\xe4\x72\x0e\xe3\x00\x00\x00\x3b\x74\x52\x4e\x53\x00\x01\x02\x04\ -\x05\x08\x09\x0a\x0e\x11\x1a\x1a\x1f\x21\x2c\x2c\x35\x36\x3b\x3e\ -\x41\x43\x47\x4b\x4e\x50\x55\x56\x57\x59\x63\x66\x71\x86\x89\x90\ -\x95\x96\x9d\x9e\xa7\xaa\xad\xb5\xb8\xbe\xc0\xc3\xc5\xc9\xcd\xd6\ -\xe0\xe6\xef\xf5\xf7\xfc\xfd\xec\xba\xa4\x27\x00\x00\x01\x14\x49\ -\x44\x41\x54\x58\xc3\xed\x95\x5b\x57\x82\x40\x14\x85\x9d\x44\xb4\ -\x40\x50\x29\x92\x64\xb2\xd4\xee\xf7\xbc\x54\xf2\xff\xff\x97\xb2\ -\x98\x91\xe2\x20\xed\xe3\x4b\x2b\xe4\x7b\xfb\xd6\x39\x7b\x73\x99\ -\x87\xa9\xd5\x2a\x8a\x68\x58\xae\x17\x04\x9e\x6b\x35\x76\x8a\x0b\ -\x27\x94\x8a\xd0\x11\xfc\x7c\xcb\x97\xdf\xf0\x5b\xdc\x7c\x7b\x20\ -\x7f\x30\x68\x33\x9f\x9f\xc9\xaf\x1b\x58\xef\x20\x7c\x49\xf0\x39\ -\xff\xc1\x91\x39\x38\x8c\xf3\x0b\xf3\x0a\x42\xfc\x34\x2d\x9d\xe9\ -\xdb\xa6\x69\xf7\xb5\x59\x70\x81\xab\xf3\x46\x6c\x86\x6e\x70\xe1\ -\x02\x4f\x25\xec\x44\x6d\xa5\x1e\x5c\x10\xa8\x84\x99\xa8\xa9\x34\ -\x80\x0b\xf4\x47\x6f\xf3\xb2\x17\xc8\x5f\xa8\x0a\xfe\x45\xc1\xc9\ -\x9a\x6d\xe1\x78\x56\xdd\x76\xc5\x74\xc7\x6f\xef\x93\x63\xdc\x33\ -\x18\x97\x5f\x51\xcc\x55\x13\x73\xc2\x28\x52\xdc\x60\x9e\xa5\xb7\ -\xd4\x0b\xd1\x29\xe2\x84\xeb\xcd\x3c\xba\x47\x9c\x30\x4d\x17\xe6\ -\x88\x13\x66\xe9\xc2\x42\x00\x4e\xb8\x4d\x17\x1e\x11\x27\x9c\xa5\ -\x0b\x43\xc4\x29\x77\x7a\xfe\x24\x20\x27\x1c\x3e\x24\xf3\x97\x23\ -\xcc\x73\x38\x7f\xfe\xf8\x7c\xbd\x38\x80\x3d\x87\xba\xc1\xf3\x3d\ -\xa0\xa3\xd8\xb9\x80\x7d\xad\xff\x6d\x81\x64\x52\x15\x94\xb3\x60\ -\x8f\x59\x01\x25\xba\xb5\x2a\xd7\xa3\x29\x75\x00\x00\x00\x00\x49\ -\x45\x4e\x44\xae\x42\x60\x82\ -\x00\x00\x27\x74\ -\x89\ -\x50\x4e\x47\x0d\x0a\x1a\x0a\x00\x00\x00\x0d\x49\x48\x44\x52\x00\ -\x00\x00\x80\x00\x00\x00\x66\x08\x06\x00\x00\x00\x03\x23\x99\x54\ -\x00\x00\x00\x04\x73\x42\x49\x54\x08\x08\x08\x08\x7c\x08\x64\x88\ -\x00\x00\x00\x09\x70\x48\x59\x73\x00\x00\x02\x3a\x00\x00\x02\x3a\ -\x01\xfe\x36\x29\x51\x00\x00\x00\x19\x74\x45\x58\x74\x53\x6f\x66\ -\x74\x77\x61\x72\x65\x00\x77\x77\x77\x2e\x69\x6e\x6b\x73\x63\x61\ -\x70\x65\x2e\x6f\x72\x67\x9b\xee\x3c\x1a\x00\x00\x26\xf1\x49\x44\ -\x41\x54\x78\xda\xed\x9d\x05\x58\x54\x59\xff\xc7\x7f\x77\x86\x14\ -\x90\x50\x14\x41\x94\x10\x51\x09\x45\xb0\x50\xb0\x10\x10\x13\x6b\ -\x2d\x6c\xb0\xdd\xb5\xdb\x35\xd7\x5a\x5b\x09\xdb\xb5\xdb\xb5\x0b\ -\x19\x42\xba\x15\x24\x0c\x14\x29\x15\x29\x25\x06\x66\x7e\xff\x73\ -\x86\xb9\x38\xb0\x60\xbc\xaf\xfe\x5f\x70\x67\x9e\xe7\xf3\xec\xaa\ -\xc0\x1d\xe6\xfb\xb9\xe7\x9e\x3e\x80\x88\x20\xe5\xdf\x8b\xf4\x43\ -\xf8\x9a\x0f\x09\x40\x51\x2a\xc0\xbf\x27\x6c\x5d\x42\x77\xc2\x28\ -\x42\x34\x21\x9f\xc0\x27\xcc\x21\x34\x94\xf8\x3a\x19\xa9\x00\x3f\ -\x4f\xe8\xfa\x84\x49\x84\xab\x84\x62\x02\xd6\x40\x1e\xe1\x00\x21\ -\x96\xb0\x59\x2a\x40\xdd\x0f\xbe\x1d\xe1\x2d\x1b\x70\x23\x79\x79\ -\xec\xa7\xa5\x85\xab\x5b\xb7\x46\x2f\x73\x6b\xf4\x6c\xb0\x12\x97\ -\xa8\x4e\xc6\xd1\x4a\x4e\x68\x2d\xdf\x0e\x75\xb8\x8d\x90\x03\x1c\ -\x56\x86\x9b\x52\x01\xea\x5e\xe0\xc3\x08\xbb\x08\xd3\x09\xf3\x08\ -\x6f\x54\x64\x64\x70\x93\xa9\x29\xbe\x74\x74\x44\x1c\x32\xa4\x82\ -\xe2\xc1\x83\x05\x99\xba\xde\xc2\x77\xba\xfe\x28\x49\x82\xf6\x55\ -\x6c\x29\xdb\x9c\xfe\xb0\xd4\x9f\xe1\x31\xf0\x6f\x13\x60\x11\x7b\ -\xb7\x73\x18\x06\x27\xe9\xe9\x61\x66\xbf\x7e\x95\x82\x97\x24\xdb\ -\xe4\x68\x5c\x55\x01\x28\x8f\xb5\x2f\xa3\x9e\x8c\x0e\xfd\x39\x01\ -\x04\x6d\xa9\x00\x75\x23\x7c\x2f\x1a\xbc\xa5\x66\x7d\xf4\xb0\xb0\ -\xc0\x94\x2a\x77\x7c\x75\x14\x77\x5f\xe9\x53\x9d\x00\x94\xa8\x26\ -\xe7\x45\x8f\x04\xf2\x33\x93\x08\x06\x52\x01\x6a\xbf\x00\x9a\x84\ -\xe7\x2b\x26\x70\x30\xca\xa5\xfd\x17\xc3\xa7\x94\x0d\x18\x17\x56\ -\x93\x00\x94\xb0\x26\xa7\xb1\x31\xb7\x01\xfd\xe1\x45\x84\x38\x82\ -\x8e\x54\x80\xda\x2b\x00\x43\xc8\x98\x3b\x06\x30\xf5\x06\x60\xc9\ -\x1c\x9b\xf8\x2f\x4a\xe0\x3c\x24\xff\x5d\x33\xbf\xb2\xcf\x49\xf0\ -\x50\xeb\x38\x36\xe0\xa8\xb2\x15\xc3\x35\x3f\xf8\xfd\xdb\x12\x8e\ -\x88\x1f\x3d\x43\xe9\xdf\x49\x05\xf8\xb6\x0f\xd1\x63\xe2\x40\xc0\ -\x1c\x1e\xe0\xfb\x07\x90\x57\x3a\xab\xfb\x17\x25\xc8\x6b\x75\xe6\ -\xc9\xe7\x04\xa0\xb8\x6b\xac\x60\x05\x08\xfb\x01\xef\xd9\x98\x70\ -\x81\xca\x4b\xaf\xa1\xa4\xda\x00\xad\xec\x7f\x41\x0e\x87\x4b\xff\ -\xf1\x11\x15\x41\x2a\xc0\xd7\x7f\x98\x9e\x43\x7a\x95\x0b\x20\xc2\ -\x07\xde\x97\xce\xe8\x91\xf0\x39\x01\x8a\xba\xad\xe1\x7d\x49\x80\ -\xe9\x03\xf7\xa3\x4d\xa7\xc9\xac\x04\x7f\x7e\xc7\xf7\x3b\x88\xf6\ -\x3d\x34\x92\xd7\xc2\xfa\xb6\xe3\xb1\xdb\xbe\x68\xec\xeb\x1e\x8e\ -\x93\x4e\x25\x09\xe7\x1c\x8b\xc2\x96\x96\x3d\xd8\x6b\x3e\x24\x58\ -\x48\x05\xf8\xfc\x87\x29\x4f\xc8\xe9\x69\x25\x21\x00\xe5\x01\x64\ -\x97\x4e\xef\x95\x54\x63\x3d\xa0\xdf\xc4\xe0\xcf\x85\xef\x6d\x1b\ -\xf0\x68\xd3\xf2\xe7\xb8\xfc\xd7\x60\x36\x8c\xb4\xef\x54\xdc\xaf\ -\xe6\x32\x5c\xe1\x9e\xd6\x1e\xd8\x65\xf8\x45\x64\xd6\x3d\xc1\x4e\ -\x07\x9e\xa6\x39\xdd\x42\x64\x71\xbc\xf2\x11\x3b\xad\xb9\x86\x5c\ -\x05\x25\x51\x8b\x44\x2a\xc0\xe7\x3f\x54\x2b\x1a\x90\x85\x71\x15\ -\x01\x44\x25\x01\xf3\xb6\x6c\x6a\xaf\xa7\xd5\x09\x20\x1c\x32\x34\ -\xbb\xa6\xf0\xdf\x36\x0b\x28\xfb\x73\xc9\xf3\x64\x2a\xc0\xba\xc5\ -\xf1\x58\xaf\xe5\x50\x7a\xa1\xa7\xff\xed\xb8\x03\xe1\x9c\x22\x47\ -\x11\xcf\xb7\xbb\x82\xa3\x06\xdd\x10\x02\x09\x9f\xc2\xac\x4f\x10\ -\xd8\x9c\xc9\x8e\x1b\x72\xb2\x18\x6d\x3c\x62\xb1\xdd\xa2\x13\xa8\ -\xd0\xb0\x29\xfd\xa6\x77\x84\x66\x75\x52\x00\x71\x30\x46\xdf\xa3\ -\x42\xf3\x85\xeb\xb4\xa1\x02\xe8\x6b\x57\x23\x00\x21\x97\xc7\x64\ -\x09\xa6\xf4\x7e\x5e\x9d\x04\x39\x2d\x2f\x3d\xab\x4e\x80\xdb\xfd\ -\xa3\xfd\x69\xf8\x94\x51\x2e\x97\xb1\xe9\xcc\xb7\xf4\x42\x31\xff\ -\xc5\x7b\xec\x4a\x08\x57\x97\x55\x47\x9f\x8e\x01\xb8\xbc\x9f\x3f\ -\x1f\xd6\xc6\x0b\x68\xf8\xf2\x6b\x13\x0b\x7a\xce\x7b\x19\x36\x7b\ -\xd2\x8b\x0f\x33\xc6\xc4\xb0\xa5\x0d\x5f\xdc\x2d\xdd\xb5\x4e\xd6\ -\x01\xc8\x6b\x3e\x41\x20\xd1\xcf\xbe\x91\x50\xef\x07\x5d\xab\x19\ -\xbd\x8e\x7a\xfd\xea\x05\x10\x49\xf0\x80\xc9\x14\x4c\xb6\x4b\xa9\ -\x2a\x40\x61\x97\x3f\xfc\xaa\x86\x9f\xa5\x17\x50\xb4\x79\xe9\xf3\ -\x74\x1a\xfe\x8a\x25\x2f\x22\xf5\xe6\x95\x60\xb3\x05\x02\x64\x38\ -\x72\xb1\xdf\xf8\xbe\x5a\xd3\xe2\x9e\xf0\x44\x51\x46\x19\xed\x0d\ -\xc7\xe0\x8d\x8e\xf7\xf1\xa8\x53\x5c\x21\x09\xbe\x50\x6f\xd5\xcb\ -\xc7\xe3\xa6\xa7\x3e\x5a\x31\xb3\x50\xb0\xe6\x57\xc4\xd9\xe3\x12\ -\xb0\x6d\x2b\x17\xfa\x8d\xf7\xea\x6c\x33\x90\xbc\x38\x84\xbd\xa2\ -\xe0\x3b\x8f\xc3\xb6\xee\xbe\xa8\xda\x67\x12\x82\xbc\xe8\x59\x96\ -\x46\x58\x49\x68\xfc\x9d\xaf\x59\x4f\xd4\x03\xc8\x21\x2d\x00\x9f\ -\x9a\x25\x20\x8f\x83\x74\xc1\x64\xfb\x57\x92\x02\x94\x3a\x4d\x79\ -\x58\x55\x80\x8b\x23\x1e\xf1\x68\xf8\x6b\x97\xa7\x3c\x36\x58\x50\ -\x56\xd8\x6c\x81\x10\x29\x5c\x65\x6d\x7a\x31\xcb\x2f\xbc\x17\x5a\ -\xe2\xad\xa0\xb5\x78\x86\xe1\xa0\xa5\x76\x2f\x5c\x6a\x73\x08\x6f\ -\x8c\x79\x83\xde\xe3\x3f\xe2\x61\xc7\xa0\xd7\xc3\x17\xbd\x09\x5a\ -\x31\xb7\x38\x83\x86\xbe\x62\x56\x2e\x4e\x1e\xf5\x37\xea\x36\xe9\ -\xc8\xde\xf9\x2f\x69\x93\xb0\x4e\x0a\x40\x5e\xb2\x84\xd3\x20\xab\ -\x88\x30\xee\x10\xca\xac\x7d\x54\x36\x80\x14\x9a\xfd\x22\x05\xa8\ -\xb5\xe8\x14\x32\xdd\x5d\x59\x11\x4a\x08\xe7\x09\xd3\xe8\x5d\xf2\ -\x9d\xae\x5d\x4a\x3f\xc0\xf4\x3b\x50\x52\xa3\x00\x14\x6f\x26\x4d\ -\x30\xc1\xfe\xf5\xa7\xfe\x80\xa1\xe9\x92\xe1\xa7\xb5\x78\xf8\x7e\ -\xd3\xb2\xe7\xb9\x1b\x96\xbd\x78\x66\xbc\xb0\xec\x3d\x1b\x3e\x45\ -\xae\x91\x05\xbd\xd0\xe2\x1a\x46\x1c\x97\x10\xa2\xe8\x7b\xd0\x53\ -\x6b\x8d\x6e\x96\xeb\xf1\xd0\xc0\x20\x3c\xe4\x74\x1d\x8f\xd9\x6d\ -\x29\xe2\x39\x4c\x49\xf5\x1b\xec\x70\x6f\xd1\x8c\x5d\x89\xdb\xb6\ -\x79\xe7\x78\x79\x46\xe0\x86\xf5\x37\xb1\xad\xb9\x2d\x8a\x47\x29\ -\xb7\x10\xfa\x10\xb8\x75\xb2\x23\x48\x3c\x18\x13\x00\x8d\x8d\x11\ -\x56\xc5\x22\x78\x21\xb6\xba\xfc\x21\x82\x0a\xc0\x62\x71\x2c\x86\ -\x2f\x33\xfd\x28\xc2\x5c\x62\xbb\xbd\x0c\x82\x2e\x31\x9e\x11\x59\ -\x9f\x25\x6e\x0f\x53\x21\x9a\xfe\x87\xe3\xfc\x54\x2a\x4c\xbc\x04\ -\x85\x9f\x15\x40\xd4\x3a\x60\x5e\x09\x26\x3a\xa6\xb1\x12\xbc\x37\ -\xba\xf6\x8a\x15\xe0\xf8\xc4\x78\xde\x1f\xcb\x5e\xa4\x9b\x2c\x2c\ -\x49\x93\x0c\x9f\xa2\xa0\xe7\x40\x2f\x36\x5d\x7c\x4d\x6d\xc2\x6f\ -\x84\x60\xd1\x68\xa3\x0a\xe0\xf8\xe6\x4d\x71\x6f\x47\x07\xbc\xd5\ -\xdd\x09\x53\xed\x74\x05\xe8\x20\x87\x94\x8f\x4e\xb2\x61\x27\xc6\ -\x37\xbb\xe3\xe6\xba\x9b\xef\xe6\xe6\x85\xe3\xc7\xff\x89\xfd\xfa\ -\xb9\xa2\xac\xac\x3c\xfd\x41\x7e\xb4\x0e\x53\xa7\x7b\x02\xc5\x95\ -\x30\x3e\x74\x18\x85\xb0\xbb\x40\x14\x3e\x78\x0a\x72\xfb\x45\x61\ -\xb1\xa4\x00\x94\xbe\x61\xfc\x22\xcd\x75\xa7\xb2\x80\x37\x49\x08\ -\x3b\xda\x22\x6c\xe1\x22\x4c\x21\x12\x58\x13\xd4\x2a\xc6\xe6\xe9\ -\x64\x8d\xf5\xb4\xb8\xa5\x77\x04\xc1\x84\x30\x9e\xb0\x9b\x70\x99\ -\xb0\x96\xe0\x2c\xee\x48\xd1\x20\xf8\xb3\x03\x41\xbc\xfd\x5f\x08\ -\xbf\x42\x02\xce\x4b\xc1\x38\xc7\x0c\x51\x3d\xa0\xd3\x36\x7f\x1a\ -\xfe\x8b\xd6\x81\x69\xa4\xe8\xcf\x6c\xbf\x20\xef\x65\xd5\xf0\xb5\ -\xa7\x24\xa3\x7c\x93\xce\xf4\x1a\x0b\x09\xf7\x69\xfd\xa6\x21\xa9\ -\x73\xb8\x3a\x01\xde\xdb\x4c\xc4\x3b\x08\xc8\x06\xce\x22\x70\x90\ -\x7b\xee\x33\x9a\x1b\xba\x6a\x7c\xdb\xc8\xa9\x6e\x1e\x48\xc3\xb7\ -\xb3\x73\x43\x15\x15\x51\x17\x33\xed\xfc\x99\xf0\x23\x2b\xc8\xff\ -\x9f\xdd\xb0\x7e\xa2\xf0\x49\xf0\xdc\xbd\x25\x02\xcd\x3d\xa5\xf1\ -\x1d\x0e\x09\xaf\xad\x7f\x9f\xeb\xb3\x29\x37\xc7\xe7\x4f\xc2\x8e\ -\xdc\xf7\xbc\x5d\xf9\xd9\xbe\xfb\x3e\x64\xfb\xed\xfd\xf0\xd6\xd7\ -\x32\xfa\xde\x35\x48\x9c\x2d\x80\x08\xd7\x7c\xf0\x34\x7f\x0f\x1e\ -\x1c\xf2\xfd\x24\xc4\xd5\x84\x11\x04\x53\x82\xbc\x28\xd4\xec\xea\ -\x26\x70\x70\xb9\x5c\x54\x56\x56\xc3\x46\x8d\x9a\xa2\x9e\x5e\x6b\ -\x6c\xdd\xba\x03\x5a\x5a\xf5\xc1\x3f\x16\xb7\xfd\x3a\x01\x44\x8f\ -\x03\xce\x0b\xc1\x78\xa7\xcc\x32\x87\xe9\xa2\x8a\xe0\x81\xe9\x09\ -\xbc\x8e\xb3\x52\xd2\xd9\xd0\x75\xa6\xa5\xa2\x7a\xcf\x6d\x28\xa7\ -\xd5\xa1\xe2\xba\xea\xca\x80\x13\x1c\x00\x6f\x6e\x00\x2c\xba\x01\ -\x58\x7a\xbb\x9c\x9c\xd3\xf0\x4c\x22\xfc\xdc\xb8\x61\x32\xbc\xfd\ -\xae\x50\x30\x63\x84\xc3\x1b\x1a\xbc\xb3\xf3\x32\xd4\xd2\x6a\xc1\ -\x36\xeb\xdc\x68\x5d\xe9\xa7\x18\x0b\x20\x2f\x17\xfa\xc1\x18\x8d\ -\x3a\x8a\xbd\x97\x3d\x2f\x1a\xbc\x15\x4b\x09\x48\x19\xb9\x4f\x18\ -\x71\xa4\xe0\x4d\xe6\x19\x61\x06\xb2\x1c\xe3\xbf\x2e\xe8\x16\x1e\ -\x1c\x6b\x19\x1e\x8a\xc6\x31\xd7\x78\x90\x38\x0b\x45\x3c\x99\x91\ -\x0a\x67\xdb\xc5\x81\x17\x23\x14\x89\x40\xd9\x07\x28\xb7\x82\x8b\ -\x4d\x5c\x95\xb1\xfd\xb4\x26\xd8\x6b\xbd\xbe\x70\xd8\x49\xb3\xd2\ -\x95\x07\x37\xe1\xc9\x93\x8f\xfe\xc1\xdc\xdf\xef\x65\x8d\x5b\x1e\ -\x86\x2b\x96\x8e\xc5\xb7\xf7\x81\xff\x35\x12\xe4\xde\xe7\x3c\x13\ -\x8c\x1d\x18\x93\xd0\x36\x24\xa9\xcf\xbc\x77\x91\xda\x0b\x32\x51\ -\x65\xfa\x29\x94\xd7\xed\x4e\x1e\x4f\xe5\x13\x44\x54\x95\x00\x5d\ -\xec\x00\xaf\xae\x03\x2c\xbc\xfe\x29\xf4\x4a\x9c\x67\x82\x49\xf0\ -\x65\x59\x03\x65\x7d\x8f\x4d\x81\xec\x3d\x93\x98\x82\x09\x23\x26\ -\x08\xc6\x8c\xd9\x8c\x2d\x5b\xd2\x92\x83\xa1\x2d\x22\x77\x5a\x62\ -\xfd\x54\x83\x41\xf4\x99\x4d\x6b\xae\x8a\x6a\xba\x68\xbf\xf4\x39\ -\xb2\xe1\xb3\x0c\xdc\x54\xf4\x61\xd1\x9d\xd8\x34\x1a\xfe\xb6\x94\ -\x48\x61\xdb\x2b\x17\x91\x86\xcf\xa2\x7b\x6f\x47\xbc\x6c\xc2\xf4\ -\x97\xca\x4f\x5c\x1f\x37\x79\xe2\x12\x6d\x1e\xda\x27\xca\xfa\xa6\ -\xee\x8b\x7e\xde\x46\x85\xa3\x03\xcd\xd0\x35\xcc\x12\xdd\xc2\x2b\ -\xe3\x1a\x6a\xc5\xdf\x72\xce\x2b\x53\x32\xfc\xcd\x7b\xc2\x22\x68\ -\xf8\x2c\x8b\xd7\x79\x66\xbd\x7b\x20\x93\xfe\x45\x01\xfc\x98\x92\ -\xfc\x20\xe5\x80\x81\xee\x81\x17\x65\x02\x62\xa3\x21\x2a\x0a\x99\ -\x07\x0f\xb0\x37\xf9\xf8\xfa\xc8\x00\x2e\xe9\x08\x78\x71\x26\xe0\ -\xf5\x79\x80\xb7\x17\x41\x49\xc4\x06\x78\x99\xe1\x0e\x21\xef\x0f\ -\xc1\x43\x42\x60\xee\x61\xc2\x51\x08\xcc\xda\xc8\x5c\xb9\x34\x81\ -\x49\xf2\x72\x03\x5c\x37\x4a\xb6\x64\xdc\xc8\x05\x68\x65\x35\x00\ -\x65\x64\x2a\x9e\xf3\xed\x7e\xda\xd1\x40\xf1\xb3\xf8\x8d\xa2\x5a\ -\x33\x34\xe8\x3a\x0b\x5b\x74\x5f\x80\xc6\x76\x2b\xb1\x8d\xe3\x06\ -\x34\x1d\xb0\x0d\xcd\x9d\xf7\xa2\xdd\xcc\x95\xa8\x37\xd5\x15\x35\ -\x47\x0c\x47\x55\x5b\x1b\xd4\xed\x6d\x8c\x63\x3d\xb4\x71\xe6\x05\ -\x4d\x74\xbb\xa8\xfd\xe1\xb7\xc0\x16\xb1\xf3\x1e\x99\x06\xcd\x8c\ -\x6a\x17\x33\x2d\xd2\xe2\xc5\xd4\x70\xcb\xdc\xaa\xc1\x57\xa6\x7d\ -\xf1\xae\xbf\x8f\x24\xd0\xf0\xbd\x0e\xc5\x04\x8f\x5f\xf1\x29\x7c\ -\x96\x99\x6b\xee\xe4\xbf\xba\xab\x11\x47\x42\x2e\xcc\x8b\x90\x4b\ -\xfe\x98\xa4\x14\x5c\x98\xde\x80\x57\x9c\xaf\xe5\xc7\x2f\xd1\x89\ -\x2c\x15\xea\xbe\x2e\xc5\x66\x82\x37\x45\xda\x41\xbd\xa2\xa6\x05\ -\x40\x4c\x0c\x52\x34\x3d\x3c\x8a\x4e\x93\x8f\xef\x73\x5c\x56\x81\ -\x17\x7e\x66\xc0\x8b\x71\x84\xb0\x27\x83\xa1\xd0\xcf\x19\x42\x68\ -\xf8\xf3\x07\xab\x62\x4f\xdb\x91\xa8\xa4\xa4\xce\xce\x2c\x1a\xf9\ -\xaf\x18\x0e\xa6\x03\x16\x6c\x53\x8c\xe0\x4d\x7b\xbd\x24\xfe\xcc\ -\x7e\x18\x67\xc5\x1d\x23\xb4\x9d\xfc\x17\xc3\x40\x5e\x37\x67\x40\ -\xaf\x28\xc0\xfb\xf8\x4f\xee\x0a\x99\x92\xbf\x8b\xe5\xd3\x4f\x17\ -\x28\x3f\x39\xf4\xae\x41\xd8\xee\xf4\x26\xfe\x1b\x53\x9a\xf3\x56\ -\x26\x19\xf1\x16\xc6\xb5\x09\x98\x1b\x63\x11\xb4\xfb\xe2\x5f\xb7\ -\x7f\x59\x12\x14\x3a\x70\x61\x40\x80\xdd\x5c\x3f\x5e\x97\xd9\xde\ -\x3c\xd3\xe9\xb7\x02\xf4\xa7\x5c\x0f\x6f\x38\xe1\x52\x62\x83\x91\ -\x57\xef\xbe\x2b\x68\xf5\x88\x04\x8d\x35\x90\xbb\x3b\x86\x9b\xb5\ -\x3e\x8c\xc1\x7a\x31\xbe\x31\x54\x80\x11\xae\xae\xe1\x55\x03\x3f\ -\xcb\x85\x8f\x77\x74\x21\x24\xcc\x06\x78\xf1\x83\x20\x85\x84\x8e\ -\x92\x78\xf6\x02\x81\x4b\x2f\x0d\x6c\xa4\xa9\xc7\x36\xeb\x68\x25\ -\x56\xe9\x5f\x35\x1f\x40\xdc\x2c\x72\xa8\xd2\xf7\xdd\x91\x36\xd3\ -\x6a\xf8\xfa\x06\x74\x84\x8d\x36\xe1\xac\x07\x01\x7a\x44\x54\x2f\ -\xc2\x03\x84\xe2\x50\x52\x53\x48\x44\x78\xf8\x06\xc1\xa7\x10\x21\ -\xb8\x90\x2f\x9f\xb0\xe0\xfc\x6a\x1f\x9d\x8d\xf7\x6f\xc2\xc8\xd3\ -\x58\x2d\xc3\xcf\x47\x42\xb7\x50\x81\xae\xf3\xcd\xcc\x62\xa1\x5e\ -\x56\x75\x02\xf8\xa4\xa9\xf9\x6f\x08\x03\xa4\xcc\x0a\x33\x7e\x4e\ -\x04\x28\x76\xd7\xd4\xcc\xa5\xa1\x5f\x52\x81\x67\xfe\xe6\xf0\x20\ -\xd6\x11\x42\xe9\x5d\x4e\xe0\xc7\x3b\x43\x46\xf4\x00\x48\xf2\xb5\ -\x87\xe4\xd3\x5d\xe1\xfd\x36\x0b\xf2\x7d\x2d\x01\xad\x1a\x71\x59\ -\xd1\xaf\xd4\x96\x59\x44\x75\x69\x30\xa7\x05\xe1\x22\xfd\x00\x3b\ -\xf7\x07\xdc\x43\x2a\x5a\x97\x7d\x00\x03\x23\xa0\xa4\xb0\x98\x8e\ -\xc0\x41\x99\xe4\xb7\xf0\x12\xad\xa3\x7a\x6c\xbd\x9a\x62\xbd\xf1\ -\x56\x1e\x73\x3e\x39\xa5\x7a\x01\xce\x64\x82\x6d\xd0\x1b\xe8\x1a\ -\x86\x14\xfb\x79\xfb\x63\x49\xe0\x7c\xc9\xf0\xf3\x4a\x75\x22\xd9\ -\xf0\x59\xfa\xde\x72\xbb\x7a\x51\x1b\x6e\xdd\xb4\x82\xbb\xb7\xac\ -\x21\xf0\x82\x15\x3c\x3a\x6a\x06\x19\x07\xdb\x40\xd1\x01\x63\xc0\ -\xfd\x84\xe5\xcd\x01\xfb\x37\x00\xd4\x95\xaf\xd4\x32\xa1\x4d\xd1\ -\x3e\xd2\x19\x41\xff\x9d\x08\xd6\x84\x4b\xea\xea\xc0\x0f\x0a\xfa\ -\xe7\x97\xe4\x16\xd6\xcf\x99\x74\x64\x4f\x40\xd7\x4d\x37\x91\x62\ -\xbe\xd7\x2f\x1c\xee\x65\xd0\xb0\x73\xab\x08\x50\x06\xbd\x7d\xa2\ -\xd9\xf0\x59\x36\x9d\x9a\xe5\x2b\x21\x40\xa1\xc7\x23\xd9\x97\x6c\ -\xf0\x0b\xbc\x8c\xe2\x06\x19\xac\x0c\x18\x2c\xbf\xde\x9f\x06\x2d\ -\x89\x3b\xb9\xc3\x67\xe9\x00\xda\xa8\x92\x16\x81\x4c\xa5\xd0\xe9\ -\x80\xcd\x49\x3a\xe8\x25\x9d\x12\xf6\x7d\x45\x68\xa4\xac\x0c\xaf\ -\xee\xdd\xfb\xf4\xd7\x67\x43\x07\x05\xd9\x6c\xbe\xfe\x96\x0d\x9f\ -\xd2\xe0\xdc\x93\xd7\x22\x01\x26\x9c\x8f\xaa\x24\x40\xff\x9b\x3e\ -\x55\xc3\x67\x09\x4b\xec\xee\x4f\x05\x08\x7b\xdb\x80\xb7\x3e\x98\ -\x53\x3a\x7d\x6e\xaf\x87\x7d\x95\xff\x7c\xd4\x07\xf6\x21\xc5\x41\ -\x66\x51\x1a\x0d\x7d\xab\x21\x69\xfa\x35\x06\x34\x27\xed\x7e\x59\ -\xa6\x22\xf0\x5c\x82\x0f\x61\x1b\x61\x6c\x6d\x9f\x35\x5c\xe7\x67\ -\xf8\xc8\x93\x22\x76\xa7\x97\xa6\x70\xf0\x9e\xc3\x51\x92\xc1\x53\ -\xac\x37\xdf\xca\x65\xee\xa6\xa3\x48\x80\x05\x77\x78\x9f\x9e\xfb\ -\x17\x42\x49\xd0\xc2\x9a\x04\x90\xef\x11\x58\x1c\xff\xdc\xe2\xbe\ -\x4b\xdf\xf1\x3e\xf6\x9c\x3d\x19\x6c\xf0\x2c\xa6\xdc\x5e\xa8\xa7\ -\x00\xc8\x94\x07\xfe\x4c\xdc\xfb\x48\xbb\xb9\x0d\x7e\xf4\xb0\xb6\ -\x54\x80\xca\x02\x4c\x94\x51\x50\xc4\xf6\x73\xfe\xc4\xaa\xe1\x53\ -\x4c\x3c\x02\x9e\x88\xc2\xa7\x6c\x0f\x7d\x28\x16\x20\x0d\x6c\x42\ -\xde\x57\x13\xfc\x47\x85\x2e\x01\x61\x7a\xed\x2f\x3d\xe8\xd9\x6a\ -\x5b\xdc\xd0\xa6\xab\x5f\xf6\x01\xf7\x5c\xc9\xe0\x7b\xc3\x4e\xd4\ -\x02\x4b\xf6\x4e\x4f\xa1\xd7\xff\x9e\x03\x33\x52\x01\xbe\x5d\x80\ -\x4d\x1a\x46\x6d\x70\x52\x50\x2a\x0e\x38\x19\x14\x42\x42\xff\x20\ -\x29\x80\xfa\xc5\xa4\xdc\x0a\x01\xce\x3e\x7b\x41\xc2\xe7\x43\x2f\ -\xbf\xc7\xe2\xc0\xf9\xb2\xd6\x41\xd1\x3a\xed\xaf\xde\xef\xda\x7a\ -\x6f\xf8\x30\xfd\x95\x45\x23\xf4\x97\xa3\x24\x83\x1a\x6c\x08\x92\ -\x14\xa0\x09\x54\x0c\xc7\x7a\xd0\x29\x66\xd2\xa5\x61\xff\x7b\x01\ -\x22\xf4\x7b\xf5\x17\x09\x40\x19\x73\x3f\xf9\x79\xb7\xcd\xb7\x12\ -\xc5\xc5\x7f\x36\x73\x4f\x5c\xfc\x53\xee\x66\x94\xc9\x0d\xb8\x7a\ -\xb9\x91\xd5\xad\x7b\x1d\x4c\x3c\x03\x9c\x0d\x57\xbf\xaf\x1a\x78\ -\x75\x38\xca\xef\xf0\xa3\xe1\x77\x83\x35\xa4\xc8\x17\x75\xfb\xae\ -\x94\x2e\x0f\xaf\x25\x6b\xf6\x09\x65\x6d\x27\xcc\xae\x10\x80\x32\ -\xf1\xe1\xab\xa2\xde\x1e\xbe\xbe\x66\xfb\x7c\x83\xc8\xf3\x3f\x53\ -\xf5\x68\x9c\xaf\xd9\xf4\x4b\xbc\x41\x6d\xff\x48\xfd\x9a\xc0\xab\ -\x32\x5c\x6f\x45\xa1\x0d\xb3\xb6\xb4\x29\xd8\xb0\x13\x31\xe4\xa4\ -\x02\xd4\x0e\x01\x3a\xd0\xe2\xd8\x76\xd5\x8e\x4a\x02\x50\x5c\x1e\ -\xa6\xc4\x1b\xfd\x7a\xe1\x82\x8b\xe9\x2a\xff\xb1\x6d\x56\xf8\x8d\ -\x36\x5e\xc6\x1b\x65\x44\x59\xee\x3f\xd2\x60\x45\xe8\x2f\x06\xcb\ -\x1f\x8f\xd0\x5f\xf6\x92\x04\x9c\xf7\x35\x12\x74\x6b\xe0\x82\x1c\ -\x90\xa5\x17\x5d\x22\xdd\x20\xa2\xf6\x08\xe0\x4a\x05\xe8\x7f\xe0\ -\x8a\x64\xf8\x02\xbb\x7b\xb1\x3e\x9c\xc3\xe7\xf8\x30\xe7\x52\x54\ -\xc3\xf1\x27\x92\x27\x59\xae\x4c\x99\xd2\x7e\x05\x7e\x06\xfe\xa4\ -\x76\x2b\x32\x27\xb6\x5d\x91\x34\xc1\x74\x79\xd4\x78\x93\x15\x81\ -\x63\x5b\x2f\xf7\x1d\x63\xbc\xc2\x67\xa4\xd1\x72\x1f\x6b\xad\xd1\ -\x69\xb2\x1c\x79\xb6\xeb\xb6\xa1\x54\x80\xda\x23\x00\x9d\x40\x8a\ -\x63\x6e\xc7\x8a\xc2\x9f\x10\xf8\xea\x75\xd3\x73\x77\x62\xe0\xd0\ -\x59\x14\x31\xfb\x72\x02\xcc\xb8\x8c\x72\x6e\x17\x72\x47\x76\x59\ -\x13\xfa\x05\x09\x24\x29\x1d\xd5\x6e\x75\x58\x3b\x83\x9d\x01\xb2\ -\x8d\x8f\x15\x80\xa2\x93\x50\x5c\xf1\x3b\x26\xdd\x22\xa6\x76\x09\ -\xb0\x55\xbe\xbe\x9a\x28\x7c\xe7\x07\x4f\x82\xe4\x8e\x5e\xc8\xab\ -\x08\x9f\x32\xe3\xca\x6b\x2a\x40\x39\x97\x84\xbd\xfb\x6c\xf7\x21\ -\xe1\x0a\x6b\x08\x5d\x30\xb6\xed\xef\x51\x1d\x8c\xb6\xfb\x29\x68\ -\x1d\xcd\x06\xcd\xe3\x58\x81\x7c\x45\xb3\xcf\x46\x2a\x40\xed\x12\ -\x60\x87\x9a\xb1\x29\x1a\x6e\xf2\xc0\x4a\xc1\xb3\x4c\xbf\x94\xff\ -\x49\x80\x72\x8c\x46\x1c\xa2\x25\x41\x2e\x1b\xfc\xb8\x76\xab\x1e\ -\x5b\x1b\x6f\xe5\x29\x69\x1d\xce\xac\x14\xba\x24\x32\xba\xec\x28\ -\x25\x23\x15\xa0\xf6\x84\xdf\x5d\xb4\x79\x53\x27\x13\x04\xa7\x65\ -\x08\xbb\x8f\xa5\x57\x0a\xff\xe0\xd9\xb2\xaa\xe1\xb3\x68\x8c\x39\ -\xf1\xd0\xc6\x78\xab\x8f\x6a\x93\xc3\xaf\x6a\x0c\x5d\x12\x46\x81\ -\x5e\x70\xa7\x74\x97\xb0\xda\x13\x3e\x9d\xdf\xff\x1e\xe4\x49\xad\ -\x7c\x8e\x1d\x42\xa7\xf9\xaf\xc1\xca\x4b\x00\x53\x8f\xf9\xc3\x81\ -\x33\xaf\x45\x02\x78\x9d\xcb\xae\x14\xfc\xb4\xcb\x2f\x60\xe0\x79\ -\x1e\x18\x9d\x7c\xf6\x55\xa1\xb3\x34\x70\x67\x8b\xff\x61\x52\x01\ -\x6a\x8f\x00\x83\x45\xa1\x74\x32\x40\x58\xe0\x88\x30\x75\x54\x12\ -\x58\x7a\xa1\x88\x8e\x5e\x25\xf0\xdb\x5f\x3c\xd8\x75\x2e\x86\x3c\ -\x02\xd2\x60\x18\x09\xbd\xcd\xc9\x27\xdf\x14\xba\x24\xf5\x67\xb0\ -\xa3\x79\x9a\x52\x01\x6a\x8f\x00\xbb\x80\xcb\x21\xcf\xf8\x9e\xe5\ -\x02\x50\x3a\xed\x8e\xae\x90\x80\xd2\xc1\x33\x48\xad\xe1\xb6\x6b\ -\x8a\x1a\xfb\x83\x48\x90\x1f\xfe\x63\x01\x64\x8d\xe9\x05\x4f\x4a\ -\x77\x0a\xad\x5d\x02\x3c\x06\xb3\xa6\x9f\xc2\xa7\x8c\x9e\x11\x54\ -\x49\x00\xf3\x6d\xbe\xd0\x72\x0d\xea\x68\x2e\x78\x68\xcd\x4c\xcb\ -\x32\x52\x5c\x19\x5c\x4f\xdd\x33\x80\x84\x9a\xfb\xd5\xe1\xab\x6f\ -\x62\x8b\xff\x8e\x52\x01\x6a\x59\xef\x1f\x8c\x53\x25\xcf\xff\x9e\ -\xf9\x9f\x24\xe8\x5b\x46\x82\x4f\xab\x10\xc0\x78\xc3\x0b\x2a\x00\ -\x45\x51\x7f\x55\x6a\x17\x8e\xdb\x23\x1b\x98\x82\xdd\xc0\x95\xdf\ -\x4a\x61\x69\xb8\x8a\xba\xbb\x1f\x09\xf9\xed\x67\x05\x50\xb4\xa3\ -\x17\x8c\x97\xee\x15\x5c\xbb\x04\x38\x06\xaa\x44\x00\x4f\x82\xbb\ -\xcc\x47\x58\xd6\x2d\xa0\x42\x82\x7e\x2b\x7c\xca\x05\xf0\x7c\xc5\ -\x86\xcf\xc2\x18\xad\x29\x6d\xad\x3c\xdb\x87\x48\x20\xa0\x22\x88\ -\x11\x98\xc8\x2d\x89\x56\x53\xdb\xc3\x63\x34\x8f\xa5\x55\x0a\xbf\ -\xe1\x41\x52\xfb\x57\xa4\x17\x9c\x23\x15\xa0\xf6\x84\xaf\x44\xf8\ -\x08\xb6\xe2\x05\x21\x2c\x9b\xf4\x1e\x12\x01\xf2\xe0\xd7\x41\xd9\ -\x44\x80\x22\xb0\xd8\xe3\x5b\x55\x00\x16\x0d\x9d\x25\xd1\xa4\x14\ -\x48\x97\x90\xa0\x02\x33\xd9\x05\x71\xea\xaa\xbb\x78\x8c\xc6\x4e\ -\x3e\xa8\x4c\xa2\x17\x2c\x20\xa8\x49\x05\xa8\x6d\xb5\xff\x39\x55\ -\x04\xa0\xec\xad\x97\x0a\x8b\xed\x62\xa1\xc7\x66\x7f\x30\xd9\x12\ -\x52\x93\x00\x14\x19\xc3\xd5\xef\x3b\xca\x4e\x0d\xae\x4e\x02\x16\ -\x65\x68\x8c\x3f\xcb\x5e\xc0\x3f\x93\x00\x5d\x45\x6b\x08\xa6\x56\ -\x23\x00\xc5\x93\x29\xe3\xce\xed\x7d\x9d\xd3\x6a\xed\xeb\xcf\x09\ -\xc0\xa2\xaf\x31\xd7\x8f\x84\x5d\x58\x35\xfc\x8e\x30\x0a\x45\x25\ -\xcd\x4f\xdc\xf4\xab\xcb\x75\x80\x67\xd0\xaa\x5a\x01\x3e\x5a\x9c\ -\x52\xe1\x9d\x08\x36\x7f\xf7\x21\x5d\xe1\x65\x7c\x58\xc3\x94\xcd\ -\x3b\xba\x05\xd8\x8e\x9c\xc8\x53\x6d\xbf\xec\x11\x09\xbc\xb8\x3a\ -\x09\x94\x9b\x2f\x7f\x6a\xcd\xb8\x26\x49\x0a\x60\x00\x9d\xbf\xeb\ -\x4e\x5f\x52\x01\xbe\xaf\x00\x0f\x44\x8f\x81\xf5\x50\x26\x0e\xbe\ -\xc8\xfc\xb4\x0a\xef\x78\x90\xf9\x9b\x1b\xe1\x96\x48\x89\x4f\x6a\ -\xea\x8b\x6f\xc8\x97\x4b\xc0\xcf\xe0\xf2\x7d\xef\x36\x8f\x9f\xb7\ -\xca\xc1\xd7\xbc\xef\xf4\x00\x79\xd3\x55\xcf\x88\x00\x42\x2a\x01\ -\xc7\x68\x75\x91\xb9\xe2\x4c\x5f\x56\x80\xfa\xe5\xc5\xbf\x41\x0d\ -\x13\x50\xe8\x32\x73\x2d\xf1\x76\x33\x2d\xc4\x4b\xde\xe9\x6a\xa7\ -\x5e\x84\xe1\xe2\xbd\x0b\x56\x8a\x17\x7e\x3c\x15\xcf\x0e\x3e\x21\ -\xde\x0d\x65\xad\x78\x51\x0c\x5d\xc2\x3e\x44\xbc\xd1\x83\xd5\xff\ -\x7a\x8c\xa1\x2e\x85\x6f\x4a\x67\x00\x81\x31\x09\x7e\x3b\x60\xeb\ -\x03\x4a\xe1\x47\x03\xcd\x32\xd9\xe0\x59\xbc\xa3\xcc\x43\xaa\x0a\ -\x50\x1d\x39\xcf\x14\xf2\xce\x9d\x6d\x13\x31\x76\xf6\x50\x9f\x66\ -\x36\xf3\x42\x74\x1a\x8f\xce\x6d\xcf\x0c\xa3\x17\x12\x8a\x17\x70\ -\x44\x88\x43\x7c\x2b\xee\x0d\xc4\xaf\x45\x56\x59\x09\x1b\xb4\x6f\ -\x8b\x6d\x46\x4f\x47\xdb\xa1\xd3\xd0\xa2\xa7\x33\x1a\xb6\xed\x8a\ -\x8d\x74\x5b\xa0\x82\x52\xfd\xaa\x5f\xef\x4b\xd7\x4d\x4a\x05\xf8\ -\x7c\xf8\xa2\x0d\x1e\xb8\x26\x0c\xea\x2d\x55\x44\xf7\x7b\x6d\xf2\ -\xab\x06\x2f\xc1\x07\x41\x16\x53\xf2\x35\x12\x88\xc8\x84\x14\x7c\ -\xc6\x04\xf8\xb8\xcb\xf0\x17\x2e\x6b\x8d\x93\xcf\x0d\xc7\x89\x67\ -\x86\xe1\x84\x53\x43\x71\xdc\xf1\x21\xe8\x72\x6c\x30\x8e\x3d\x3c\ -\x08\x47\x1f\x1c\x88\xa3\xf6\x0f\xc0\x5f\x3c\xfa\xe3\x88\x7d\x4e\ -\x38\x7c\x77\x5f\x1c\xba\xd3\x11\x87\x6c\x77\x40\xe7\xad\xf6\xe8\ -\xf0\x7b\x1f\x6c\xbb\x68\x16\xda\xfe\xe5\x89\x8e\xf7\xff\x46\xcd\ -\x33\xe7\x0a\x06\x5c\x0a\x2b\xf6\x0a\x47\xac\xca\xde\xc0\x22\xb4\ -\x58\xf8\x17\x82\xe9\x04\x04\x35\x03\xfa\x0b\x66\xfe\xaf\xb6\x9e\ -\xaf\x2b\x02\xf8\xa9\xb4\x51\xc0\x31\xbb\x9a\xe1\xce\x73\x6d\xf0\ -\x82\x9f\x45\xe9\x67\x04\xc0\x8c\x97\x6a\x91\xd5\x86\x9d\x05\x05\ -\xf8\x9a\x89\xc4\x58\xae\x0f\xde\x96\x0d\xc5\xa3\x0a\xd9\xb8\x5f\ -\x11\xf9\x5e\xf5\x9e\xfd\x7d\xd2\xbc\x6c\xc1\xb9\x01\x25\x8b\xc2\ -\xdd\xf0\x5b\x19\x7b\x73\x59\x92\xc3\x9d\x8b\xd9\x8e\xde\x57\x91\ -\xd2\x34\x24\x24\x12\x22\x9f\xe0\x9a\x88\x92\x77\xd5\x09\xe0\xf2\ -\xe0\x59\x02\x2c\x79\x16\x07\x83\x6e\xbe\x03\x7b\x2f\x04\xc5\x86\ -\xf4\x97\xec\x2b\x15\xa0\xfa\xf0\xe9\xd6\x2f\xd8\x7c\xa5\x16\x76\ -\x7a\x6e\x52\x41\xef\xa7\x26\x6f\x5d\x12\xcd\xa2\x97\xc6\xb5\xf5\ -\xdb\x17\xd3\x8e\x77\x26\xd2\x22\xec\x5a\x84\xe5\x2b\x22\x80\x20\ -\xf4\x91\x11\x8f\x04\x2e\xc4\x0c\x78\x8a\x49\x8c\x3f\x06\xc8\xf8\ -\xe1\x59\xf9\x64\x3c\xa0\x28\xa0\x81\x4b\xf2\xf1\x88\xfa\x43\x1e\ -\xaf\xeb\xc7\x7b\xbe\x36\x69\x8b\xc3\xdd\x84\xdf\x12\xfc\x82\xb0\ -\x99\xb9\x83\x79\x27\xfd\xd9\xe0\x29\x7a\x41\x41\x31\x34\x7c\x42\ -\x91\x67\x35\xe1\x2f\x0e\xcb\x4f\x80\xa0\xd0\x5c\x98\x23\xcc\x81\ -\xd9\xa5\x6f\xc1\xe1\x00\x82\xac\x32\xfd\x45\xb7\x49\x05\xa8\x5e\ -\x00\xba\x32\x18\xdb\xde\x6f\x51\x49\x80\x6a\xe0\xf7\x4e\x6e\x15\ -\xbb\x3c\x58\xcf\xfb\xe9\x85\x06\xa1\x78\x44\x21\xaf\x6a\xd8\x55\ -\xe0\xa7\x9e\xd7\xe3\xdd\xf7\xb5\x41\xca\x59\x7f\x47\xde\xb7\x84\ -\xef\x16\xb8\x26\xcc\xd1\xfb\xef\x0c\xc9\xf0\x0d\x03\x03\xe3\xc4\ -\xe1\xa3\x62\x44\x62\x42\xd5\xf0\x37\x86\x17\xa7\x71\x82\x82\x33\ -\x95\xce\x3e\x8a\xa2\x7d\x8c\x22\xfa\x9e\x10\x02\x47\x86\xfe\xa2\ -\x7b\xa5\x02\x54\x2f\xc0\x19\x86\xcb\xa0\xf9\x9d\xca\x02\x74\x7c\ -\x6e\x52\x6c\x9f\xd8\x2a\x7a\x71\xb0\x9e\x8f\xf7\x95\x86\x91\x45\ -\x87\x94\x3e\x7e\x21\xf0\x4f\x1c\xa8\x97\x19\x75\xd3\x3c\x86\x0d\ -\x9f\xb2\x31\x78\x4c\xfc\xd7\x04\x3f\x2f\x6c\x46\xde\x60\x9f\xe3\ -\x95\xee\x7a\x4a\xcb\x87\x01\x09\x6c\xf8\x14\xfd\x88\x94\x20\xc9\ -\xf0\x77\x86\x97\xe5\xc9\x06\x85\x24\x43\x50\x10\x26\xa4\xf4\x0d\ -\x4b\x7a\xe4\xec\xab\xb7\xfc\x75\x22\x8c\x89\x65\x2b\x83\x9e\x52\ -\x01\xaa\x17\x60\x8f\x68\xc3\xa7\xfa\x5c\xb4\xd8\xa3\x8d\x13\x8f\ -\x68\xe7\xfa\x5f\x6a\x18\x5d\x72\xb0\x5e\xd1\x57\x07\x2e\x01\xff\ -\xa0\x4a\x8c\xbf\x77\xe7\x2c\xc9\xf0\xef\xfa\xd9\xbe\xfc\x9a\xf0\ -\x5d\x83\xd6\x84\x3b\xde\xbf\x92\x5e\x35\xfc\xd6\x81\x7e\xc9\x24\ -\x74\xa1\xa4\x00\x76\x91\x59\x81\x6c\xf8\xee\xe1\x42\x7e\xfd\xa0\ -\xf0\x48\x1a\xbe\x6a\xf0\x83\x22\x4c\xb3\x2c\x26\xa0\x20\xd5\xb2\ -\x70\xc5\xfa\xbe\xa8\xd0\x40\xb4\xdf\x6f\xa9\x78\xc3\x08\x39\xa9\ -\x00\xd5\x6f\x9b\x5e\xd8\xc3\x1a\xf0\xdc\x06\xe6\x4d\xf6\x2e\x05\ -\x7f\x12\x66\xf1\xb7\x86\x9f\x73\xb2\x31\xcf\x9b\xd7\xad\x54\x32\ -\x7c\xca\xe9\xc0\xbe\x3e\x9f\x7d\xd6\x87\xce\xc8\x77\xe6\x1d\xf7\ -\xab\x1a\x3c\xc5\x24\x80\x97\x42\x02\x17\x48\x86\x4f\x99\x19\x51\ -\x10\xc7\x0a\xa0\x13\x1c\x13\x40\xc3\xa7\x2c\x7d\xbc\x26\x84\x86\ -\x2f\xc9\x8b\x60\x33\x1c\xda\x4f\x9d\x2d\x09\x62\xfe\x3f\xf7\x0a\ -\xaa\x4b\xfd\x00\xf7\xb8\x5c\xc0\xb4\x58\x10\x86\x9c\x86\xe0\xe3\ -\x33\x98\xb7\xc9\x9b\x64\x7d\x84\xfb\x15\x33\xbf\x22\xfc\x0f\xc9\ -\x57\x5a\x3e\xac\x1a\x3c\xcb\xfa\x90\x71\x49\x35\x3e\xeb\x83\x7e\ -\x8f\xe8\xeb\x7d\x25\xad\xba\xf0\xcd\xfd\x7d\x52\x49\xd8\xa5\x55\ -\xc3\xa7\x6c\x8f\x28\x2b\xa0\xe1\x5b\x86\x26\xf9\xb0\xe1\x53\x96\ -\x4f\x33\xf6\x7e\xb9\x59\xfb\x9a\xf0\x6e\xab\x20\x0c\x34\xf1\xc3\ -\xc7\xe6\x91\xfc\x64\x8b\x3c\x2a\x82\xcf\x85\x96\x68\xde\x5a\x91\ -\x9d\x85\xb4\xea\x7b\x37\x0d\xc5\xd3\xe9\x74\xea\xaa\x00\x4b\xe9\ -\x1d\x12\x78\xb3\xbc\x49\x97\x74\x1f\x7c\xe9\x86\x4b\x07\xa6\x02\ -\x3f\x68\x95\x4c\x00\xdf\x5d\xe1\x71\x75\xe1\x0b\x0f\xd6\x7b\x11\ -\x72\xa7\x7d\x72\x4d\xe1\xdf\xf5\xb5\x7d\x56\x5d\xf0\xf3\xc3\x67\ -\x14\x38\xf3\xfe\xaa\xf6\xae\xa7\xb4\xbf\xb6\x2b\x9d\x7b\xf7\x98\ -\x3f\x44\xc6\xa7\x55\x0d\x9f\x13\xf1\x24\x83\x86\x3f\x20\xe4\xb5\ -\xbf\x64\xf8\x1a\xb7\xce\xe7\xae\x19\x02\xc2\xdd\x7d\x74\x7c\x22\ -\x5c\x14\xee\x15\x1c\xd6\x7d\x8c\x37\x5a\x22\x45\x78\xc3\x28\xf7\ -\xd5\x09\xc3\x77\x01\xee\x7a\xb8\x75\xa6\x16\xb6\x6c\x2a\x87\xe2\ -\xce\x28\xd3\xef\xf0\xd9\xa9\x11\x22\xc5\x9d\x5c\x74\xc7\x55\xd5\ -\xba\x28\xc0\x1d\x83\xe6\x80\xc2\xac\x4f\xed\xfa\xf4\x10\xf0\xf3\ -\x9a\x0a\x42\x2a\x02\xe5\xfa\x7c\x4e\xec\xfb\x5d\x0a\x0f\x69\x0d\ -\x9f\x86\x5f\x74\x44\x35\x98\xf7\xc0\x3a\xbf\xa6\xf0\x29\xa7\x02\ -\xfa\xfd\xa3\xf8\x9f\x1a\xb4\x2a\x92\xdc\xf5\xaf\x6b\x0a\xbf\xf3\ -\x8d\xfd\x6f\xc0\xab\xef\x47\xf0\x72\x44\xf0\x72\x2a\x83\x4b\xeb\ -\x83\x20\x24\x3c\x9a\x15\x40\x2d\xf2\x69\x98\x5b\xd8\xbb\x08\x12\ -\x7a\xa9\xa4\x00\x43\x56\xf5\x8d\x20\x02\xe0\xba\xc1\x72\xa9\xbb\ -\x7b\x19\xe6\x06\x3b\xcb\x06\x26\xcd\x50\xf4\x2d\xbb\xd4\x22\x97\ -\x15\x81\xa5\xf8\x8a\x11\xf6\xb5\xaa\xd8\x33\x79\xda\x7f\xb9\x49\ -\xe7\xd5\x7a\x5a\xda\x68\x7f\xec\x0a\xfb\x98\x59\x5b\xd7\xea\x00\ -\xb4\xef\x5d\xb8\x6e\x89\x38\xfc\x34\x48\xc3\x27\xc0\xc3\x48\x48\ -\x4c\x3c\x09\x37\xf7\x4f\x85\x52\x56\x02\xca\x89\x59\x4c\x46\xd4\ -\x8e\xfa\x37\xef\xf3\x6c\xde\x7e\x2e\x7c\xca\xba\xb0\x71\xcf\x2b\ -\xee\xfa\xb0\xe9\x1f\x86\xfa\x1e\xf3\x25\x21\x0b\x6b\x0a\xdf\xe6\ -\xf6\x5f\xef\x18\xaf\xbe\xef\xcb\xc3\xaf\xc2\x09\xb7\x24\xf0\xbf\ -\xe3\xa7\x1d\x96\x78\x8b\x04\x9e\x2f\x19\x3e\x13\xf8\x10\x57\x0e\ -\x97\xcf\xa2\x02\x50\xb6\xda\x37\xe1\xed\xe8\xd9\xa2\xcc\x7f\x90\ -\x82\x5f\xd4\x30\x78\x9b\xb5\xb1\x61\x40\x55\x09\x3e\x5e\x6a\x85\ -\xc3\xac\x0d\xd8\xd0\x8e\xfe\x27\x87\x58\x93\xd7\x64\xfa\xfd\x03\ -\x2e\xf3\xd0\x2d\x0b\x51\xd5\xc0\x88\xfe\xe5\x8d\xba\x26\x40\x7f\ -\xfa\x4b\x5c\xdc\xc7\x60\xb6\x0f\xa4\x60\x38\x08\x09\x28\x26\xeb\ -\xce\x16\x08\x22\x12\x14\x4a\x4a\x40\xd9\x3f\x8d\x53\x74\x7e\x4f\ -\x33\xbf\x7b\xde\x5d\x13\xaa\x0b\xff\xb6\x6f\xf7\xc4\x8a\xbb\x3e\ -\x70\x55\x54\x5f\xef\xbf\x53\x6b\x0a\x9e\xd2\xe3\xce\xe9\x5c\xce\ -\xfe\x7e\x69\xd5\x86\x4f\x60\x3c\xec\xcb\x1a\x4d\x33\x0e\x30\x1c\ -\x62\x98\xac\xb7\x65\x6b\x68\xf3\x9d\x1e\x48\x69\x46\xff\xbb\xc3\ -\x1d\x7f\x99\x65\x1b\x4b\xc2\x2f\x13\x49\x30\x98\x93\x47\x04\xc8\ -\x26\xe0\xbd\x01\x4a\x3e\x51\x43\x01\x1f\x8d\x96\x89\x2a\x3c\xd1\ -\xfc\x99\xa4\x04\xd9\xa7\xac\x70\x56\xef\xa1\xa8\x28\x5b\x8f\xad\ -\x20\xb6\xff\x86\xcf\xad\x3e\x2d\xf2\x9b\x3b\x0c\x14\x85\x4f\x69\ -\xe9\xe2\x4a\xff\xc1\xa7\xae\x09\x20\xea\x0d\xfc\x63\xa3\x1d\x66\ -\xdd\xe3\xbe\x91\x08\x5f\xc4\x9b\xdb\xe0\x73\x6b\x13\x3c\x3e\x38\ -\x1d\x72\xaa\x4a\x50\x51\x2a\xac\xd1\x88\xba\x7d\xa3\x63\x30\x09\ -\xbe\x8c\x15\xe0\xaf\xc0\x01\x3e\x0b\xc2\x67\x92\xbb\xfe\xe8\x67\ -\xef\x7a\x8a\xdd\xdd\xf3\x1f\xb8\xfb\x07\x24\xd7\x14\xbe\xca\x72\ -\xab\x44\x43\xa7\x86\xa9\x2d\x1c\x35\x50\x8c\xd0\x60\xf6\x48\x6f\ -\x12\x7c\x3e\x0d\x9f\xc5\x7a\xe5\xac\xcc\x95\x43\xb9\xb4\x2e\x80\ -\x9b\x1c\x1b\xfa\x53\x01\x28\x57\x9d\xd4\x7c\x89\x04\x42\x42\xc9\ -\xf3\xb9\xca\x3e\x82\xab\x46\x85\xac\x04\x39\x67\x2c\x84\x2b\x9d\ -\x96\xa2\x89\x56\x3b\x14\x0d\x88\x01\xec\x24\xa8\x7c\xc5\xe7\xb6\ -\x96\x23\x23\x83\x23\x1e\x26\x60\xdf\x98\x8c\xcc\x46\x17\x1f\x16\ -\x28\xfc\xf6\x3b\xfd\x87\xb8\xba\x26\x00\x1d\x8a\x15\xae\xde\x3e\ -\x0e\xb7\x7a\x4d\x2c\x4b\xf1\xd1\xe1\x55\x29\x05\x0a\xfd\x76\x41\ -\xfa\xed\xcd\x90\x7c\x70\x26\x64\xd6\x24\x01\xe5\xf0\x7c\xc5\xd4\ -\xab\x67\x4d\x79\xe4\xf1\x90\xb3\x30\x68\x81\x8f\xe3\x83\x2b\xaf\ -\x68\xc0\x0e\x77\xaf\x7c\x74\xb8\x76\x3e\xd3\xfe\xf2\x99\xe7\x76\ -\x67\x8e\xc7\xd9\x1d\x3d\x14\xd9\x6b\xbf\x57\x70\xcf\xbd\x7b\xfd\ -\x7b\x6c\xdb\xce\x93\xdb\x3f\x38\xba\xba\xe0\xe5\x36\xdb\xe4\xeb\ -\xf6\x6b\xf4\x86\x0d\xde\xa0\xb7\xba\xd0\xb0\x8f\xba\x90\xfd\xb3\ -\xfe\x40\x83\x2c\xdd\xd5\x6b\x93\x25\x25\x68\xbd\x71\x03\x4e\xee\ -\xa3\x80\xbf\x3b\x33\xb8\xd1\x56\xff\x2d\x2b\xc1\x05\x27\xcd\x87\ -\x44\x00\x3e\x2d\x0d\xa2\x87\x33\xa9\xd9\x3b\xb5\x42\x59\x09\xf2\ -\xcf\xb5\x13\xac\xed\xbf\x01\xc7\x58\x4d\x45\x25\x39\x51\xd7\xf1\ -\x6b\x3a\xac\xfc\x99\xcf\x8b\x4a\x82\xda\xd6\x63\xd0\x72\xd7\x89\ -\x8f\xca\xa1\x19\xa5\x04\x94\x9b\x30\x87\x6d\x65\xc8\xd5\xb5\x4a\ -\xe0\xb3\x65\x1b\x47\xe3\x16\x2f\x37\x11\xd7\xce\xdb\x85\x0b\xc3\ -\x98\x4c\x56\x82\x7c\x5f\x08\x20\x8f\x02\x24\xbc\x3e\x3c\x0b\x52\ -\x6a\x12\xc0\xd3\x0d\xf2\x56\x4d\x82\x80\x4e\x2e\x72\xc1\x5d\xa6\ -\x2d\x88\xef\x3a\x75\x41\x0e\xa1\x8c\x80\x35\xd1\x74\xce\xf0\x7f\ -\x14\xfb\xdc\xdd\xbd\x51\xd3\x59\x57\xa8\xd7\x4b\x0d\xb5\x2c\x94\ -\x51\xad\xb9\x02\xca\xab\x70\x45\x67\x1b\x30\x1c\x40\x45\x0d\x19\ -\xd4\x68\xa1\x88\x3a\x1d\x55\xd0\xa0\x8f\x06\x36\x1e\x6c\x87\xcd\ -\x36\xef\x14\x09\x50\xbf\x57\x1f\xe4\x90\xaf\xeb\x63\x0a\x38\xa3\ -\x9b\x12\xb2\x02\x50\x4e\xd8\x6b\x45\x44\x0e\x85\x0f\x54\x02\x4a\ -\xdc\x04\xd9\xe0\x92\x33\xfa\x69\x54\x82\xc2\x4b\xe6\xa5\x1b\x06\ -\xae\x2f\x59\xe3\xb4\x1b\xcd\xb5\xad\xd8\xba\xc1\x55\xf6\xc0\x28\ -\x71\x91\x4f\x0f\xa5\xc8\xaa\x27\xd7\x0c\x5b\xb6\xde\x89\xcc\xaf\ -\xe1\xc2\xdd\x57\x03\x72\x56\xde\x7f\x94\xde\xe8\xef\xd0\x62\xb9\ -\x21\x2e\xec\xee\xea\x75\x4e\x80\x93\x0b\x56\x8f\xa8\x10\x80\xb2\ -\xe7\xd0\xb8\xec\xbc\x20\x95\x60\xb1\x04\xc2\x90\xfd\x10\x2f\x96\ -\xe0\xdd\xd1\x39\xf0\x44\x22\xf4\x82\xd5\x93\x21\xa0\xdb\x28\x6e\ -\x88\x8c\xb3\x4c\x31\x0c\x96\x41\x4a\x8b\xa1\xf6\xaf\xab\x0b\xdc\ -\xda\x6d\x3e\x5a\x0c\x9f\x80\x46\x3d\x1c\xb1\xf1\xb0\x5e\x08\x1e\ -\x0e\x08\xfb\xec\x11\xf6\xf4\x41\xd8\x65\x87\x32\x0b\x3b\xa0\x72\ -\x5b\x75\x94\x53\xe6\x4a\x8e\xeb\x17\x88\xb7\xbe\xa5\x5b\xdd\x9e\ -\x13\xef\x1e\x26\xfa\x37\x56\x08\x15\xa3\x26\xa8\xd4\xbe\x03\x5b\ -\x8c\xff\x45\x8f\xb1\x33\x6e\x02\xf8\x9b\x95\x4e\x25\x09\x0e\xf5\ -\xd6\x49\x88\x1a\x02\xd9\xac\x04\x84\x0f\xaf\x96\xa9\xf2\x84\xd7\ -\x8c\x4a\x4b\x2e\x99\xf1\xb7\x0d\xdd\xf2\x66\xbb\xf3\x51\x9c\xd4\ -\x79\x0e\x1a\x36\x34\x66\xa7\xb0\xd1\x93\x48\x72\x64\x38\xca\x68\ -\xd2\x64\x25\x76\xea\x1c\x82\xcc\xfc\xd8\x32\x58\xf1\x12\xbd\xee\ -\x86\x17\x12\x70\xcb\xd9\xbb\xd8\xb0\x45\x2b\xfa\xf5\x7b\xea\x62\ -\x33\xd0\x6b\xce\x32\xe7\x4a\x02\xb0\x04\x5f\xb7\xf0\x23\x02\x7c\ -\x2c\x09\x82\x68\xb1\x00\x78\x67\x33\x14\xac\x9c\x0b\xf7\xba\x4f\ -\xe0\x44\x28\x0c\x95\x29\x62\x43\x97\x44\x61\x80\x06\x5a\xbb\xce\ -\xc5\x76\xc3\xc6\x8b\xc2\x6e\x62\x62\x81\x2a\x8d\x9b\x20\x7d\x6e\ -\x56\x33\xd1\xa3\x4c\x7c\xe7\xd0\x49\x22\x61\xb4\x63\x4a\x7c\x8c\ -\xeb\x2c\x71\x1d\x85\xa9\xe1\x94\x92\xf6\xe2\x23\x5f\x27\x11\x42\ -\xc4\xb3\x9a\x4c\x25\xef\x58\x55\x05\xee\x9b\x3e\xcd\xd5\x71\x59\ -\xe7\xe6\x9f\x44\xe8\xde\x34\x37\x7c\x08\xa4\x4b\x48\x80\xd1\x23\ -\x98\xe4\x7c\x2f\x9d\x58\xfe\x15\x93\xd2\x7d\x23\x77\x24\x52\x09\ -\x28\x8b\xed\xfe\x40\x0b\xdd\x49\xd8\xc3\xe8\x2e\x8e\x68\x5f\x8c\ -\x1d\xba\x45\xf1\x61\xe9\xd3\x22\x1a\xbe\xcc\xaa\x97\x1f\x68\xf8\ -\x7f\x9e\xbb\x8b\x4d\x9a\xe9\xd3\x8b\x26\x4b\x9e\xc7\x54\x97\x04\ -\x08\x9c\x36\x7f\x40\xb5\x02\x50\x8e\xfc\x35\xec\x39\x3f\x44\x36\ -\x3e\xee\x04\x04\x53\x01\x96\xad\x01\x3f\xdb\x65\x20\x24\x20\xa5\ -\xdb\x12\x28\xea\xb8\x10\xde\x58\xcc\x65\x22\x9a\x3a\x32\xe9\x4a\ -\x2d\x18\x04\x25\x06\x19\x2e\xf7\x99\x78\xd7\xaf\x75\x84\x79\xe2\ -\xa0\xe8\x49\x23\x3d\x68\x97\x2c\xa1\xb9\x38\x28\xe6\x07\xfe\x6e\ -\x0a\x84\x99\x74\xeb\x39\x7d\x55\x05\xfc\xa5\x55\x23\xdc\x68\x63\ -\x80\x9b\xbb\xe9\x0a\xef\xf7\x67\xde\x4b\x4a\x40\x2b\x8a\x09\x6e\ -\x0a\xfe\x85\x67\x8d\xdf\x1c\x18\xbb\x27\x8a\x95\x60\xa0\x99\x6f\ -\xc1\x48\x4b\x44\x4b\xfb\xe7\x2f\x49\xf0\x1f\x69\xf8\x14\xb5\xa5\ -\x51\x1f\x69\xf8\xda\xcd\x0d\xd8\x3d\x8e\x9a\x7f\xb7\x9e\x40\xf2\ -\xea\x26\x3e\xe0\x60\x9f\x78\x20\x43\xfd\x07\x9e\x38\x52\x30\x69\ -\xb6\x63\x8d\x02\x50\xfe\xdc\x3f\x85\x1f\x7e\xad\xd5\xed\x75\x6b\ -\x18\x9e\xed\x12\x88\xb7\x59\x08\x01\x5d\x7f\x85\xbb\x9d\xa7\xc0\ -\xdd\x0e\x63\xc1\xcf\x72\x28\x3c\x6e\xd7\x1f\x0a\x2d\x06\x02\x2a\ -\x37\xac\xd8\xb4\x99\xa9\x45\x92\xcb\x88\x0f\xd7\x48\x90\xe5\x30\ -\xd8\xbe\xb1\x0a\xba\x99\x35\xc2\x33\x76\x9c\xb2\x2a\x12\x60\xf4\ -\x30\xc8\x4e\x5d\xa3\xe5\x7b\x68\xdc\x8e\x30\x2a\xc0\xe8\x0e\xfc\ -\xc7\x96\xce\xf9\x41\x24\xf4\x12\x36\x7c\x91\x00\xb3\xef\xa0\xb6\ -\x9e\x21\x7b\xcc\xbd\xee\x7f\x3d\x16\x20\xde\xbd\x7b\x66\xf9\xc1\ -\xc5\x0c\x6a\x69\x59\x60\x8b\x16\x0e\xa8\xa0\x20\x3a\x41\x3b\x94\ -\xa0\xfc\x03\x3e\x18\x1d\x5a\x0c\xf7\x18\xd4\x06\xef\x25\xad\xc9\ -\x7b\x8a\x5e\x58\x13\x87\x5e\x2d\xe2\x99\x8d\x94\x7b\x4d\x43\xae\ -\x89\xe6\xed\x45\xe1\xbf\xa7\x13\x3c\x6b\x69\x69\x47\x8f\xd5\x1b\ -\x45\x97\xa6\xd1\xdf\x5b\x43\x81\x8b\x03\xf4\xf5\xd0\xa5\x8d\x7d\ -\xe9\x62\xab\xee\x2f\xf7\xf7\xe8\x18\x7a\xc9\xb1\x45\xec\x83\x81\ -\x1a\xa9\x61\x23\x95\x22\x0e\x8c\xdc\x16\x60\x3a\xea\xfd\x03\x12\ -\x78\x99\x64\xf8\x22\x86\xba\xb3\x67\x32\xea\x7c\xf5\x60\x10\x0d\ -\x51\xfc\xec\xa2\x73\xf1\x1d\xc5\x56\xd2\xe2\xf1\x06\x1d\xb6\xe4\ -\x70\x64\x50\x53\xb3\x0d\x9a\x9a\xfe\x82\xd6\xd6\x0b\xd0\xcd\x2d\ -\x1c\x47\x8d\xba\x8a\x9c\xf2\x89\x0d\x93\x7f\xd0\x06\xd1\xe8\x34\ -\xae\x2d\x0e\x76\xb5\x2c\x3c\x13\x38\x3f\xb4\x9a\xf0\x8b\xa6\x06\ -\x8f\x0e\x00\x2f\x03\x34\x1b\xca\xc9\xab\x29\x7c\xf3\xbe\x80\x32\ -\xe5\x3b\x78\x4f\xad\x03\x8f\x3d\x2a\xc2\x48\xda\x6e\xa7\xbf\x7f\ -\x13\x65\x23\x1c\x6c\x3c\x1f\x47\x99\xac\xae\x84\x8b\xf9\xea\x57\ -\x8a\x2e\x57\x7d\x60\x46\xa0\x1f\x2c\x4a\x0c\x83\x15\x29\x39\x15\ -\x02\xb4\xe9\x2f\xea\x45\xfc\xe2\x68\xa0\xb8\xf8\x99\x2a\xee\x6d\ -\x12\x56\x54\x7e\x68\x9b\x53\x9d\x3c\x3f\x9a\x76\x41\x68\x35\x08\ -\x65\x4c\x47\xa3\x99\xb9\x0b\x5a\x5a\xba\x89\xe8\xd2\x65\x6e\x19\ -\x15\x80\x62\x6a\x64\x57\xa9\x97\xe9\x3b\x7e\x10\xa3\x64\xe5\xb9\ -\xe8\xec\x66\xc9\x22\xfc\xdd\x73\xb8\x4f\xb2\xd0\x53\x40\xc3\x4f\ -\x14\x7a\x64\x74\xba\xd6\x3d\x9e\x86\x4f\x10\x58\x0c\x02\x61\x4d\ -\x02\x68\xea\x57\x0c\xb9\x72\xeb\x50\xfd\x87\x8a\x30\x82\x96\xba\ -\x72\x5c\x05\xec\xa2\x33\xa4\x92\x00\x13\x2d\x36\xa4\xd9\x0f\x3c\ -\x14\x0c\x03\xbc\xb0\x82\xc1\x47\xf2\x60\xd0\x1e\x92\x9f\x68\x3c\ -\xc1\xe9\x6b\x04\x58\x29\x3a\xcc\x71\xd0\x7a\x84\x9d\xb9\x08\x8b\ -\x83\x11\xa6\xdd\x44\x70\xf5\x21\xff\x8d\x40\x20\x01\xb3\x70\xc7\ -\xdc\x7a\x61\xda\x79\x5e\x06\x15\xa0\x43\x87\xe9\xa2\xf0\x27\xba\ -\x5c\xcf\xf3\x73\x11\x1d\x70\x28\xa8\x5a\xd1\xf8\x0e\x1f\xc0\x2a\ -\x8d\x26\xf5\xb0\xff\x74\x13\x1c\xfc\x9b\x79\xce\x90\xb9\xe6\xd9\ -\xce\x73\xdb\xbe\x9f\xb4\xa1\x9b\xbf\x6f\xee\xc6\x50\xad\x13\x6d\ -\xb3\xc4\xe1\x23\x78\x1a\xe4\xd6\x14\xbe\xb1\x6d\xc5\x19\x84\xbd\ -\xeb\xe8\xd6\x38\x8c\x78\x53\xea\x94\xa6\x2a\xad\xd0\xd9\x78\x81\ -\x48\x80\xf1\x16\xab\xd2\xb7\x38\x1f\x2d\xe3\x0c\xd8\xff\xa6\x92\ -\x04\x66\xa3\xd8\xdd\xcb\xe5\x3e\x2b\x80\xf8\x28\xd3\x12\x70\xde\ -\x58\x7e\x9e\x5f\x55\x3c\x05\x7c\xd8\x51\x90\x0c\x1b\xdf\x06\xc3\ -\xe2\xa7\x71\x30\x2d\x92\x4f\x44\x78\xdf\xdc\x61\x47\x30\x95\xc0\ -\xcd\x35\x2c\x37\xf1\xb7\x89\x69\xb8\xb4\x1f\x5a\x6a\x89\xea\x02\ -\x17\xbe\xe7\x9e\x7a\xb4\x6e\x61\x3c\x03\xf0\x97\x37\x95\x71\x7c\ -\x2a\xef\xcf\x39\xa0\x5f\x5c\x11\x3e\x81\xf1\x34\x48\xad\x56\x80\ -\x01\x80\xf5\xca\xcf\x1c\xbc\x52\xe7\x57\xf3\x94\x0f\xef\x5e\x92\ -\xe7\xd6\xc3\xae\xba\xc3\x71\xb8\xe9\x6f\xa2\x96\x80\x75\x7f\xaf\ -\xa8\x8a\xf0\x9d\x76\x23\xc8\x8b\xd6\x20\x1c\xff\xe2\x84\x10\xf1\ -\x71\xae\x61\xd0\xdc\x12\x61\x6b\x06\x0d\x1c\xc1\xa3\x14\x19\x0f\ -\xbe\x90\xf1\x2c\x2b\x61\xbc\xf0\x23\xb3\x1f\xf3\x09\xb9\x1c\x2f\ -\x7c\xcf\xf1\x12\x66\x2a\x7a\xf0\x43\xd4\xb6\xe7\xdc\x6f\x35\xcf\ -\xef\xda\xcd\xd9\x6b\xee\xd3\xf0\x29\x57\x87\x59\x61\x63\x25\x79\ -\xb6\xe2\x41\x7b\xa5\x14\xbe\xc3\x48\x20\xf6\xb8\x58\x29\xfc\x32\ -\xab\x10\x55\x9e\x64\xf0\x2c\x1c\x77\xfd\x84\xea\x04\xd0\x35\x07\ -\x76\xda\x95\xd1\x4f\xb3\xac\xab\xbc\x0f\xa2\xd8\xb0\x81\x29\xce\ -\xef\xb5\x16\xd7\x0f\x3e\x84\x4c\xbf\x7d\x7c\x91\x00\xe4\x71\x2d\ -\x7e\x8c\xdb\x7f\xd5\x8c\x20\xf2\x6a\x29\x3e\xa9\x52\xf4\x8d\x0d\ -\x9a\x34\x47\xa7\x49\xcb\x71\xc3\xd5\xe7\x9f\x66\xb6\x86\x10\x78\ -\x28\xf4\xba\x8e\xaf\xbd\x4e\xe1\x63\xcf\x83\xf8\x6c\xe7\xce\x9c\ -\xd7\xcb\x7a\xf6\xbc\x9e\x60\xa7\x7f\x25\xdb\xb5\x4b\x6c\xde\x5c\ -\x87\xb2\x92\x45\x7d\xf1\xf8\x80\x76\xd8\x49\x5b\x8d\x3d\xfd\x72\ -\xc3\x7f\x7a\x46\x0e\x5d\x4e\x25\xa3\x0c\x38\x3c\xad\x22\xfc\xdc\ -\x66\x37\x1a\x87\x57\x17\x3e\x45\x66\x4f\xf3\xe8\xaa\xe1\x9b\x39\ -\x00\x72\x65\x45\xbf\x97\xfb\x4f\xb7\xb6\xaf\x7c\xc5\x14\xed\x98\ -\x42\xfd\x06\x2d\xb1\xa1\x95\x2b\x42\x97\xb9\x28\x7a\x9c\x03\x2c\ -\xff\xa6\x29\x61\xb4\x87\x48\x7c\x5a\x17\x6d\xd3\x1f\xa7\x77\x31\ -\xc3\x30\x68\xd2\xc5\x01\xe7\xfc\x7e\x0b\xb7\xef\x78\x87\x5e\xe4\ -\x91\x20\xc9\xc2\x85\xb7\x43\xa6\x8e\xdf\xfa\x76\xae\x31\x93\xe2\ -\xae\x0a\xde\xcf\x0c\x99\xd0\xb7\x76\x8d\x53\x82\x86\x98\x15\x65\ -\xcc\xee\x8d\xa1\x13\xba\xa2\x8b\xa9\x0e\xca\x71\x39\x42\xf1\x49\ -\x61\xa3\xbe\xe5\xa4\x2c\xba\x22\xa8\xa9\x53\x79\xf8\xc3\x32\x99\ -\x67\xaa\xa7\x75\x5f\x54\x1b\xfe\x7e\xc3\xb7\x70\xac\x65\x98\xf2\ -\x6e\xad\xbf\xab\x0a\xa0\xa1\x2b\x0a\xff\x43\x6d\x6d\xf6\x7d\x07\ -\x09\xb8\xe2\xd2\xb6\x58\xa2\xe7\xf2\xab\x16\xb8\x7e\xcd\xa6\x0c\ -\x13\xc4\x7d\xdc\xa4\x99\xc7\x25\x4d\xbf\xbe\xa4\xd2\x77\x0e\xdd\ -\xdd\xf9\x42\x4f\xcf\x52\xf2\xff\xfb\xf3\xe9\xb1\xa7\xb3\xbb\x98\ -\xf2\x7e\x33\x86\xe2\x0d\x0d\xc1\xff\xb8\x2c\x84\x67\xb5\x82\x24\ -\xb4\x04\x61\x72\x37\xf5\x22\x9f\x7e\xad\x30\x6c\x5c\x17\x5c\x67\ -\x6b\x8c\x3a\x2a\xa2\x7d\xf7\xf2\x09\x07\xe8\x96\x2f\x5f\xb8\xbe\ -\x21\xed\x82\xed\xb0\x1d\xb0\x97\x1f\xf7\x8d\xec\x61\xbd\x7c\x71\ -\xe0\xc5\x70\xc4\x30\x09\xce\xb7\x0e\x03\xef\x76\x8f\x21\xaa\x63\ -\x2e\xc4\x5b\x0b\xe0\x9c\x1a\x4f\x71\x0b\x04\x48\x86\x6f\xd4\x15\ -\xfe\x31\x0b\xe6\xa7\x5e\xed\x0b\x20\x2f\x39\xe5\xeb\xbb\x4d\x0a\ -\x25\x2f\x3b\xf1\x81\xc8\xa2\x0f\x54\x49\x49\x03\x1d\x1d\xe7\x89\ -\x0e\x3b\x16\x31\x7e\x4b\x1e\x11\xe0\x03\x01\x97\xe9\x02\xcf\x93\ -\x54\x2a\x2f\x2a\x82\x7f\x81\x19\x64\x10\x11\x90\xf2\xbc\xb3\xb2\ -\xc0\xdb\xde\x10\x77\xd9\x18\x62\xb7\xa6\x1a\x6c\x30\xe1\xe2\x93\ -\x37\x7a\x8b\x9b\xa1\x7b\xc5\xa7\x68\xe6\x92\xc6\x0f\x82\x61\x3d\ -\x34\x3a\x5c\x1f\x99\xc3\x46\x69\x70\xc7\x2c\x19\x42\x3a\x7c\x24\ -\x61\x23\x3c\x91\x20\xae\xf3\x47\x38\xa6\x10\x4c\x57\x0c\xab\xfc\ -\x01\x3c\x36\xfc\x76\xfd\x01\x15\x54\x2a\x4e\xf7\xa8\xf7\x6f\x59\ -\xf2\xfd\x43\x67\x05\x93\x57\x6b\xf1\x81\x48\x6f\x15\x15\xeb\xa3\ -\xb5\xf5\x2f\x38\x79\xf2\x3e\x91\x04\x63\x2d\x5a\xbd\xa4\x02\x50\ -\x16\x18\x42\xc4\x3e\x2e\xe4\x78\x01\x14\xde\x56\x05\x9f\x92\xb6\ -\x90\xcf\x8a\x40\x49\xeb\xa8\x88\x17\x2c\x35\x70\x54\xd3\x7a\xa8\ -\xc0\x65\x10\x28\xc6\xf5\x10\x9c\x1b\x21\xac\xd0\x47\x38\x65\x86\ -\x10\xd5\xb9\x72\xd0\xd5\x11\x63\x95\x09\x07\x39\xf1\xec\x5e\x01\ -\xea\xab\x3e\x09\xa0\xdd\xa6\xe2\xee\xef\x2f\x0d\xfb\x3b\x4f\x0b\ -\xa7\x6d\x4b\xda\xc1\x40\x38\xa4\xac\xac\x2e\xb0\xb5\x1d\x8b\xe3\ -\x46\xaf\xc3\x99\x46\x20\x60\x25\x98\xdb\x12\x52\x76\xc9\xc3\x53\ -\x22\x01\x12\xde\x05\x36\x02\x5f\x41\x7b\x28\x95\x14\x81\x12\x66\ -\x29\x83\x1c\x5f\xab\x2f\x87\x5d\x95\x50\xf3\x44\x38\xc0\xa4\x49\ -\x6e\x16\xa1\xb9\x04\x7c\x69\xf8\x26\x7d\xc8\x23\x8b\x2b\x0a\xff\ -\x92\x34\xe8\x1f\xbc\x2e\x80\xee\xa4\x4d\x78\x51\xbf\xbe\x26\xda\ -\xea\xaa\x21\x2b\x00\xe5\x57\x63\x28\xd8\xa2\x0a\x21\x62\x09\xf0\ -\x20\x03\x2f\xe2\x9a\x43\x50\x15\x09\x84\x23\x16\xeb\x46\x7c\x53\ -\xf8\xbe\x46\xa1\x24\xf0\x82\xaa\xbb\x85\xe8\xcc\x81\x10\x2a\x80\ -\x5a\x93\x8a\x31\xfa\xa6\xd2\xa0\xff\x1f\x16\x86\x88\xc7\x0f\xe8\ -\xa8\xa0\xd0\x88\x3c\x77\xa7\xb7\x00\x49\x11\x84\xbf\x37\x01\x1f\ -\x56\x02\xca\x51\x19\x88\x4d\x35\x82\x47\xac\x04\x59\xe6\x70\x53\ -\x25\xac\xd3\xe3\xaf\x0a\xff\x7a\x13\x5f\x12\x76\x59\x75\x7b\x05\ -\xe9\x8c\x86\xf7\x86\x9d\x2a\x8a\xfe\x79\xd2\x90\xff\x9f\x57\x06\ -\x89\x77\xf2\x7e\xaa\x2c\x43\x9a\x6d\xba\x95\x24\xc0\x45\xfa\x10\ -\xe8\xc1\x81\x8f\x92\x22\x9c\x51\x80\xa0\x1c\x13\x48\x79\xd7\x09\ -\x1e\xdc\xb2\x51\xe3\x91\x80\x05\x35\x06\x4f\x6b\xfa\x67\x69\x07\ -\x50\x0d\x1b\x45\x11\x9a\x0e\x06\x94\xab\x27\x0a\xff\x61\x5d\x3f\ -\xd2\xad\xce\x2e\x0d\x13\x2f\x41\xf2\xa4\x07\x2b\x5a\x69\x00\xce\ -\x69\xf9\x49\x02\x52\x2f\x48\xd8\x23\x07\x69\x92\x12\x10\xf8\x57\ -\x35\xe0\x46\x96\x2e\xf8\x5a\x9f\x32\xf3\xad\x36\xfc\x47\x1d\x3f\ -\xc0\x11\xb9\xd0\xcf\x85\x2f\x6a\x05\x94\xf7\xf8\xe5\x7c\xef\xf1\ -\x08\xa9\x00\xff\x99\x08\x74\xd3\x24\x7e\x23\x05\xc0\xf1\xfa\x95\ -\x4a\x83\x77\x7f\x2a\x41\x4c\x25\x09\x18\xc8\x88\xea\x06\x05\xef\ -\xea\xcb\xa4\x71\xe2\xac\xdf\x56\x0a\x3f\xca\x32\x9d\xd4\xf4\x13\ -\x6a\x08\xfd\x03\xec\x81\x48\x98\x49\x9e\xf7\x83\xc8\x9f\xcb\x2b\ -\x7e\xc3\xa5\xe1\xd6\x92\xc5\xa1\xe2\x39\x05\x19\x32\xa4\x4d\xdf\ -\xbb\x71\x25\x09\xf8\x6b\x35\xc1\x4f\x52\x82\xc0\x4e\x90\x5e\xa0\ -\x0a\xbe\x1b\xa6\xea\x04\x54\x84\x1f\x6c\xf6\x04\xbc\x98\xcc\x4f\ -\xfb\x01\x42\x2e\xec\x85\x50\xd8\x00\x3c\x98\x0f\x8f\xc1\x0d\x4a\ -\x09\x08\x2e\x04\x25\x51\xf8\x07\xa4\xc1\xd6\xb2\xd5\xc1\xe2\xad\ -\xd5\x68\x37\x30\x1a\x2a\x03\x4e\x93\xa8\x20\x2e\x6b\x06\xbe\xe4\ -\x59\xc1\xa7\x02\xdc\x34\x82\xe0\xf8\xf6\x90\x4c\xbe\x43\xa8\x11\ -\xdc\x31\x06\x1e\xb4\x08\x21\x81\xbf\x82\xdd\x10\x04\xeb\x48\xe0\ -\x73\x21\x81\x84\x2d\x10\x05\x2e\x89\x2b\x41\x5b\x14\xfe\x13\x69\ -\x87\x4f\x2d\x5d\x1e\x2e\x9e\xd4\xb0\x86\xce\x17\x50\x22\x15\xc4\ -\x21\x4d\x3f\x49\x30\xdf\x08\xa2\xf7\x72\xe1\xdd\x19\x75\xf0\x0d\ -\xef\x0e\xc8\x97\x85\xe8\x64\x1d\xb9\x64\x99\x39\x90\xf4\x8f\xb0\ -\xab\xa3\xfc\xb9\x5f\x44\x68\x2b\x0d\xb5\x96\xef\x0f\x20\xee\x52\ -\x7e\x45\x4b\x83\xf6\xea\x80\xb3\xc5\x15\x44\x52\x51\xcc\x70\xd7\ -\x00\x6f\x2a\x40\x6a\x0b\x08\xa4\x6f\xcd\xab\x35\xb9\xeb\xbf\x14\ -\xbe\x5d\x45\x93\x6f\xbc\x34\xd0\x3a\xb2\x41\x84\x78\x90\x69\x0a\ -\xad\x1b\x68\xca\x03\x8e\x13\x57\x10\x7f\x6d\x09\x85\xa1\xdd\x41\ -\x10\x61\x0b\x7c\x64\x20\x53\x08\xf0\xa1\xd9\x28\xc8\xa8\x31\xfc\ -\xe1\x84\xf2\x61\xde\xdd\xd2\x30\xeb\xe0\x0e\x21\xe2\xd9\xbe\x77\ -\x64\x18\xc0\x9e\xe2\x0a\xe2\xc5\x4e\x90\x49\x4b\x81\x9c\x86\xe0\ -\x43\xdf\x5e\x52\x7d\x08\xac\x36\xfc\x09\x84\xf2\x19\x3e\xb7\xfe\ -\x57\x9b\x2c\x4a\x05\xf8\x7e\x22\xd0\xd2\xa0\x4c\x9f\xd4\xe2\x97\ -\x1b\x83\x80\x0a\x10\xdb\x09\x32\xc8\xbf\x94\xd2\xb7\x38\xa2\x37\ -\x44\xfc\x43\x00\x3d\x51\xf8\x8f\x7e\xc4\x34\x74\xa9\x00\xff\x3b\ -\x09\x70\x38\xa9\xcd\x53\x01\x28\x45\x8a\x10\x44\xdf\x62\x31\x07\ -\x5e\xc8\x4d\x81\x92\x8a\xf0\x3b\x8a\xc2\x7f\xf7\x9f\xce\x32\x92\ -\x52\x4b\xf7\x08\x22\xaf\xdf\xe5\x38\xa4\x42\x68\x00\x48\xea\x02\ -\x18\x6c\x0c\xa9\xa2\xb7\x48\xc7\x0e\x0c\x21\x40\x14\x7e\xbf\x8a\ -\x99\xbd\x4e\xd2\x00\x7f\xc2\x5d\xc2\xd8\x9d\x41\xcd\xea\x03\x9e\ -\xef\x00\xf8\x9c\x53\xfe\x18\x20\x6d\x3c\xa1\x5e\x6f\x12\xbc\x02\ -\x54\x5a\xdd\x2a\xe5\x27\xdc\x26\x4e\xbc\x1a\x26\x9d\x96\x06\x6e\ -\x24\xf0\x25\xe4\x6d\xf6\xa3\x4b\xa4\x98\x8a\x4a\x9f\x82\x34\xbc\ -\x9f\x7c\x9f\x40\xf1\x80\x12\x3d\x7c\x21\x5d\xbc\xb8\x81\x72\x50\ -\x5a\xe3\xff\x17\x9f\x18\x22\x45\x2a\x80\x94\xef\xcc\xff\x01\x19\ -\x47\x8e\x78\xd3\x1b\x66\xf0\x00\x00\x00\x00\x49\x45\x4e\x44\xae\ -\x42\x60\x82\ -\x00\x00\x05\x24\ -\x89\ -\x50\x4e\x47\x0d\x0a\x1a\x0a\x00\x00\x00\x0d\x49\x48\x44\x52\x00\ -\x00\x00\x18\x00\x00\x00\x18\x08\x06\x00\x00\x00\xe0\x77\x3d\xf8\ -\x00\x00\x00\x04\x73\x42\x49\x54\x08\x08\x08\x08\x7c\x08\x64\x88\ -\x00\x00\x00\x09\x70\x48\x59\x73\x00\x00\x06\xec\x00\x00\x06\xec\ -\x01\x1e\x75\x38\x35\x00\x00\x00\x19\x74\x45\x58\x74\x53\x6f\x66\ -\x74\x77\x61\x72\x65\x00\x77\x77\x77\x2e\x69\x6e\x6b\x73\x63\x61\ -\x70\x65\x2e\x6f\x72\x67\x9b\xee\x3c\x1a\x00\x00\x00\x13\x74\x45\ -\x58\x74\x41\x75\x74\x68\x6f\x72\x00\x52\x6f\x64\x6e\x65\x79\x20\ -\x44\x61\x77\x65\x73\x0e\xd8\x7e\x1d\x00\x00\x04\x82\x49\x44\x41\ -\x54\x48\x89\x8d\x96\x6d\x88\x54\x55\x18\xc7\x7f\xe7\xbe\xcd\xdc\ -\xb9\xb3\xb3\x33\xfb\x1a\xeb\xbe\xe9\x6e\xad\x2f\x69\xea\x4a\x68\ -\x8a\x22\x24\x94\x58\x7e\xaa\x48\x23\x30\x41\xa1\xec\x5b\x51\x41\ -\xf8\x31\xa3\x3e\x44\x94\x44\x92\x09\xa5\x46\x54\x84\x21\x59\x44\ -\x18\x96\x19\xe8\xb2\x5a\x9b\xba\xea\xa4\xfb\x66\xee\xce\xce\xec\ -\xec\xcc\xdc\xbd\xf3\x76\xef\xe9\x43\xb3\x63\xe6\xbe\x3d\xf0\x7c\ -\xfb\x9f\xff\xef\x3c\xcf\x3d\xf7\x39\x47\x48\x29\x99\x2d\x36\xbf\ -\x27\x7c\x6a\x40\x7f\xc0\x6f\xaa\x8f\x02\x64\x1d\xf7\x84\x3b\x51\ -\xb8\xf0\xed\x8b\x32\x37\xdb\x5a\x31\x1d\x60\xf7\x01\xa1\x67\x2a\ -\x42\x6f\x37\xd7\x76\xac\xaf\x0a\xd6\xd5\x07\x2c\x7f\xb5\x69\x05\ -\x7c\x52\xba\x38\xb6\x93\xb3\xed\x6c\x62\xdc\x8e\xdd\xea\x8b\x5d\ -\x39\x15\x4c\xa7\x5e\xfe\x70\x97\x2c\xcc\x19\xb0\xf5\xa0\xb1\xa2\ -\xb9\x7e\xfe\xa1\x65\x1d\xab\x96\x7a\x5a\x56\xc9\xbb\x0e\x92\x3b\ -\x75\x02\x81\xa1\x9a\x50\x50\xbd\x9e\x2b\xe7\xff\xe8\x1f\xbe\xb1\ -\xe3\xd8\xce\x7c\xf7\xac\x80\x6d\x9f\x87\xf7\x2d\x69\x59\xf9\x5c\ -\x5d\x7d\x4d\x9d\xe3\xa6\x67\xeb\x00\x00\x01\x35\x44\x7c\x78\x74\ -\xe4\x42\x5f\xd7\xc7\x47\x9f\x4a\xbe\x36\x2d\xe0\x89\xc3\xe6\xb3\ -\x6b\x96\xae\xdf\x6f\x04\xf5\xa0\x27\xdd\x39\x99\x87\xb4\x7a\xaa\ -\xb4\x05\xa4\x8a\x43\x8c\x24\xaf\x65\xce\xf4\xfc\xfa\xc2\x17\xcf\ -\x38\x9f\xdc\x05\x78\xfc\x80\xa8\x59\xdc\xb6\xfc\xb7\xc6\xd6\x79\ -\x6d\x73\x33\x17\x6c\xa8\xdc\x43\x83\xb1\x0c\x9f\x08\x72\xc9\xf9\ -\x9e\x73\x99\x4f\x19\xb8\xd1\x17\xbd\x18\xed\x59\xfd\xcd\x2e\x39\ -\x0a\xa0\x4c\xca\xab\xab\xea\x8e\x34\x35\x37\xcc\xd1\x1c\x56\x5a\ -\x4f\xd2\xea\x5b\x8d\x5f\x54\x10\x2b\x46\x39\x97\x39\x8c\x2b\x5d\ -\x5a\x9a\x5b\xdb\xaa\xab\x6a\x8f\x4c\xea\x14\xf8\xf7\xa3\xde\xd7\ -\xd2\xb1\xd6\x15\x73\x33\xaf\xd1\xdb\xb9\xd7\xdc\x88\x82\x4a\xda\ -\x1d\xe1\x97\xd4\x07\xb8\xb2\x08\x40\x51\xb8\xb4\x37\xcf\x5f\xbb\ -\xf5\xa0\xb1\xa2\x0c\xf0\xfb\xd4\x2d\x56\xd0\xb4\x40\x20\xc4\x54\ -\xa9\x94\x53\x53\xfc\xac\x0b\xed\x22\xa0\x86\xc9\x4b\x87\x4b\xce\ -\x09\xd2\xee\x2d\x14\xa1\xa2\x08\x0d\x21\x54\x02\x96\xdf\xf2\xfb\ -\xd4\x2d\x00\x1a\x80\x65\x55\x76\xaa\x86\x86\xbc\xdd\xb1\x52\x97\ -\xc5\x5d\xbb\x5f\x57\xb1\x9b\x88\xd6\x02\xc0\xad\x42\x0f\x97\xb3\ -\x3f\xa2\x08\xed\x0e\x8d\x66\xe8\x58\x66\xa8\xb3\x0c\x08\x9b\x91\ -\x26\x4f\x4a\x54\x45\x9d\xd1\x7c\x81\xff\x21\x1a\x7d\xcb\xf1\x3c\ -\x8f\x91\x42\x2f\xc7\xe3\x7b\x31\xd5\x10\x86\x12\xb8\x43\x57\x14\ -\x0a\xe1\x40\xa8\xa9\x0c\x30\x0d\xb3\x5a\x11\x3a\x0a\x0a\x4c\x61\ -\x0c\x10\x50\x23\x2c\x31\x1f\x43\xb8\x3a\x49\xf7\x26\xc7\xe3\x7b\ -\x89\xe5\xa3\x00\x58\x6a\x15\x11\xa3\x11\x53\x0d\x23\x10\xe4\xbd\ -\x1c\xa6\xe1\xab\x2e\x03\x9c\xfc\x44\x5c\x57\x8c\x96\xff\x9a\x77\ -\x98\x9b\x08\x28\x61\xba\xed\x2f\xf1\x64\x91\x4e\x73\x1b\x16\xb5\ -\x14\x65\x8e\x0b\xf6\x57\x0c\xe5\xcf\x97\xb5\xb6\x9b\xc0\x76\x12\ -\xf8\x14\x8b\xb0\xde\x48\xde\x4b\xe1\xe4\xb3\xf1\x32\x20\x69\x8f\ -\x0d\x08\xe9\xad\x14\xc2\x00\x60\x51\xe0\x11\x96\x04\x36\x23\x50\ -\x18\x2b\x0c\x52\x70\x73\xdc\xa3\x2d\x06\xa0\x3f\x77\x96\x53\xa9\ -\xfd\x53\x56\x99\xf3\x6c\x86\x73\xbd\x54\xa9\xb5\x24\x27\xc6\x07\ -\xca\x00\xdb\x49\x75\x25\x9d\xa1\xad\xe8\x3a\xa6\x5a\x89\x81\x85\ -\xf0\x34\x3c\xcf\xa3\xcd\xd8\x80\x2e\x4c\x14\xa1\x13\x2b\x5c\xe5\ -\x58\xe2\x55\x60\xe6\x09\xac\xba\x3a\xb6\x93\xe9\x2a\x03\xb2\x39\ -\xf7\x78\x2e\x53\x7c\x65\x3c\xd0\x67\x49\x3c\xbc\xa2\xa4\xb5\x76\ -\x0d\x9a\xf0\x53\x55\x3a\x31\xb6\x1b\xe7\x64\xea\x1d\x26\xbc\xc4\ -\x8c\xe6\x02\x85\x82\x2d\xed\x6c\xce\x3d\x0e\xa5\xff\xe0\xd8\xce\ -\x7c\x77\x74\xa0\xff\x74\x8d\xd2\x00\xc0\x60\xbe\x9b\x44\xb1\xbf\ -\xbc\xc8\x93\x2e\x97\x9c\xef\xb8\xea\xfc\x34\xa3\x39\x40\x8d\x52\ -\x47\x74\x70\xf0\xf4\xe4\x64\x2d\x1f\xfc\x78\x22\xb6\x3d\x31\xe4\ -\x44\x4d\xc5\xc2\xc3\xe5\x77\xfb\x6b\x3c\x59\xa4\x20\x1d\x06\xf2\ -\xe7\xf8\x21\xf9\xe6\xac\xe6\xa6\x12\x20\x31\xe4\x44\xe3\x89\xf8\ -\xf6\x72\x45\xff\x9f\xa6\x9d\x0b\xef\x7f\x3f\xe9\xff\xbb\xc2\x95\ -\x1e\x0b\xcd\x87\xc9\xca\x34\xd7\xb3\x67\x98\xad\xef\x9a\xd0\x08\ -\x3b\xb5\xe9\xae\xde\xde\x3d\x53\x4e\xd3\xc9\xd8\xf6\x59\x78\x5f\ -\xc7\xbc\x96\x1d\x6a\x4d\xa1\x3e\xe9\xc6\x67\xdd\x35\x40\x58\x8d\ -\xe0\x8e\x6a\xc3\xbd\x43\xfd\x87\x8e\x3e\x9d\x9a\xfe\x3e\x98\x8c\ -\x4d\x6f\x19\xab\xdb\xda\xeb\x3f\x5a\xd0\x5e\xb7\x28\xad\x24\x94\ -\xac\x9c\xfa\x46\xf3\x0b\x3f\x15\x6e\xd8\xfb\xeb\xda\xc8\xe5\x8b\ -\x5d\xb1\xe7\x7f\xde\x57\x3c\x2d\x65\x69\xea\x4d\x05\x10\x42\xa8\ -\x40\x35\x10\x36\x2b\xa8\xdd\xf8\x7a\xf0\xa5\x96\xe6\xea\x65\xa1\ -\x50\x20\x12\x08\x2b\x41\xa3\x42\xd1\x01\x72\x29\xaf\x38\x91\x2c\ -\x66\xd2\xa9\x6c\xf2\xfa\xf5\xd8\x9f\x27\xdf\x98\x78\x37\x67\x33\ -\x0a\x8c\x01\x49\x29\x65\x72\xda\x0a\x84\x10\x16\x10\x01\x2a\x4b\ -\x59\x61\x04\x89\x34\x3c\xa8\x2c\x6c\x5a\xa5\xad\x90\x12\x65\xe0\ -\x6c\xf1\xfc\xcd\xb3\x5e\xb4\x60\x33\x06\x64\x80\x14\x30\x5e\xca\ -\x84\x94\xb7\x1f\x00\xd3\xbe\x2a\x4a\x30\x1d\x30\x00\x5f\x29\x75\ -\x40\x05\x8a\x40\x0e\xc8\x03\x59\xa0\x20\xe5\xd4\x37\xd5\x3f\x13\ -\x05\x02\x8c\xec\xcf\x7e\xae\x00\x00\x00\x00\x49\x45\x4e\x44\xae\ -\x42\x60\x82\ -\x00\x00\x05\x64\ -\x89\ -\x50\x4e\x47\x0d\x0a\x1a\x0a\x00\x00\x00\x0d\x49\x48\x44\x52\x00\ -\x00\x00\x18\x00\x00\x00\x18\x08\x06\x00\x00\x00\xe0\x77\x3d\xf8\ -\x00\x00\x00\x04\x73\x42\x49\x54\x08\x08\x08\x08\x7c\x08\x64\x88\ -\x00\x00\x00\x09\x70\x48\x59\x73\x00\x00\x0d\xd7\x00\x00\x0d\xd7\ -\x01\x42\x28\x9b\x78\x00\x00\x00\x19\x74\x45\x58\x74\x53\x6f\x66\ -\x74\x77\x61\x72\x65\x00\x77\x77\x77\x2e\x69\x6e\x6b\x73\x63\x61\ -\x70\x65\x2e\x6f\x72\x67\x9b\xee\x3c\x1a\x00\x00\x04\xe1\x49\x44\ -\x41\x54\x48\x89\xb5\x95\x4b\x6c\x54\x55\x18\xc7\x7f\xe7\x9c\x3b\ -\xd3\x99\x32\xb5\xf4\x41\x1f\x38\x02\xa5\x8d\x4c\x54\xb0\x25\x48\ -\xa2\x12\x62\x14\x17\x46\x12\x64\x81\x26\xb0\x31\x18\x12\x36\x04\ -\xd2\x45\xe9\xca\x84\x5d\x29\x1a\x43\x80\x6e\x0c\x2b\xdc\x88\x09\ -\xa0\x21\x04\x35\x18\xa2\x26\x3e\xa3\x62\xa8\x4f\x7c\x61\x95\x81\ -\xb6\x4c\xcb\xbc\x67\xee\x39\x9f\x8b\xdb\xde\x4e\x2b\x10\x37\xde\ -\xe4\x4b\xee\xf3\xf7\xff\xfe\xdf\xf9\xee\x77\x94\x88\xf0\x7f\x1e\ -\xde\xdd\x1e\x9e\x53\xaa\x23\x6a\xcc\x33\xf1\x58\xec\xc9\xc6\xae\ -\x15\x2b\xeb\x97\x76\x2e\xb5\xc5\x62\x29\xfb\xd7\x5f\x63\xb9\x6b\ -\xd7\x7f\x2c\x55\x2a\xe7\x2b\xd6\x7e\xb0\x59\xa4\x70\x27\x86\xba\ -\xad\x03\xa5\xd4\x87\xb1\xd8\xcb\xc9\xc7\x1e\xdd\xdd\xd9\xde\xd6\ -\x11\xab\x8b\xa3\x4a\x45\xc8\xe5\xc1\x18\x48\x2c\xc2\x79\x86\x5c\ -\x21\xef\x7e\x1f\xbd\x7c\x65\xe2\xa7\x5f\xf7\x3c\x59\xad\xbe\xf7\ -\x9f\x04\xce\x2b\xb5\xa2\x75\x69\xe7\x1b\xa9\x0d\x8f\xaf\x4f\x54\ -\x6d\x84\x52\x29\x7c\x26\xc0\xec\xfb\x32\x13\x34\x24\xb8\x91\x9f\ -\x9e\xfa\xe5\xe3\x4f\xdf\xb6\xb7\xb2\xbb\x9f\x10\x29\xd5\xf2\xe6\ -\x09\xbc\xa7\x54\x6a\xc5\xda\xde\xf7\x7b\xba\xbb\x93\x3a\x57\x98\ -\x83\x2c\x80\x2e\x14\x11\xcf\xc3\xc6\x23\xf2\xdd\xa7\x9f\x7d\x91\ -\x1f\xbb\xf6\xf8\x13\x22\xfe\x2c\x53\xcf\x9e\x1c\x50\x4a\xb7\x2e\ -\x5f\x76\xa2\x67\xf9\xb2\x24\xd9\x3c\x4e\x24\x0c\x0b\xd8\x9a\x6b\ -\x07\xc1\x3d\xc0\x01\xce\xf7\x21\x5b\x54\x3d\x0f\xaf\x5e\xa7\xeb\ -\xeb\x5f\xab\x75\x10\x0a\x6c\x8a\xc7\x87\xee\x7f\xe8\x81\x3e\x29\ -\x56\x02\x80\x08\x95\xed\xdb\xa9\x6e\xd9\x32\x27\x52\x03\xb5\x9e\ -\x87\x1d\x18\xc0\xef\xed\x0d\xc5\x8d\x55\x3a\xd9\xf7\xe0\x0b\xef\ -\x46\xa3\xeb\x67\xb9\x1e\xc0\x05\xa5\xee\x5f\xf9\xd8\xfa\x17\xeb\ -\x7c\x67\x1c\x0a\x01\xec\x8e\x1d\xf8\xcf\x3d\x17\x64\xa1\x14\xfa\ -\xf4\xe9\xb0\x3c\x2e\x12\x81\xfd\xfb\xa1\xb7\x17\xfa\xfa\x70\x43\ -\x43\xf0\xf5\xd7\x88\x15\x9a\x1b\x9b\x96\x34\x25\xdb\x5f\x47\xa9\ -\x5e\x44\x44\x03\x78\x9e\xf7\x52\xc7\xe2\xa6\x25\x0e\x15\x64\xe9\ -\x79\xd8\x9e\x9e\xd0\xa6\xdb\xbe\x1d\x7f\xeb\xd6\x20\xd3\x68\x14\ -\x06\x07\x51\x7d\x7d\x28\xa5\x50\x91\x08\x74\x77\x63\x95\xc2\x29\ -\x85\xad\x38\x5a\xdb\x5a\x97\x9d\x85\x9e\xd0\xc1\xa2\xd6\x96\x07\ -\x11\x70\x5a\x07\x59\x3a\x07\x43\x43\xa8\xc1\x41\x58\xbd\x3a\x50\ -\xd9\xb1\x03\x17\x89\xa0\x52\x29\xd4\x9a\x35\xa1\xb8\x3d\x79\x12\ -\xff\xcc\x19\xc4\x18\x10\x41\xb4\xa6\x2e\x16\x5b\x1c\xd1\xfa\x29\ -\xe0\x67\x0d\x10\x6b\x6d\xba\xcf\x39\xc1\x69\x3d\x17\xd6\xe2\x86\ -\x87\x91\xcb\x97\xe7\x16\xec\xf9\xe7\x43\xb8\x88\xe0\xbf\xf9\x26\ -\xd5\x53\xa7\x82\xc4\xb4\xc6\x79\x1e\x62\x0c\x26\x12\xa5\x2e\x11\ -\xdf\x00\xa0\xdf\x52\x2a\x51\xb7\x28\xde\xee\xbc\xc8\x7c\x01\xad\ -\x71\xce\xe1\xbf\xf2\x0a\x32\x3a\x3a\x57\x2e\xe7\xf0\x7d\x9f\xe2\ -\xa1\x43\x64\x07\x06\x28\x5f\xb9\x82\x2d\x95\x70\xc6\x04\xdf\x18\ -\x83\xad\x5a\xe2\x4b\x9a\x97\x87\x25\xc2\x98\x60\xe1\x6a\x7b\x7b\ -\x06\x28\xc6\x20\x4a\x81\x13\x9c\xb8\xf0\x1f\x70\x80\xb5\x16\x3f\ -\x9d\x46\xd2\x69\x74\x4b\x0b\x5e\x32\x89\x6e\x6e\xc6\x96\xcb\x88\ -\xb8\xa0\x8b\xb6\x89\xe4\xbe\x79\x68\xd5\x75\xb9\xd7\xb4\x8b\x95\ -\x00\xae\x54\x00\x8f\x44\x88\xec\xdb\x07\xa9\x14\xd6\xd9\xda\xf6\ -\x26\xd6\xdf\x8f\x03\x0a\x87\x0f\x07\x5d\x37\x31\x41\x65\x7c\x1c\ -\xe2\x71\xbc\xce\x26\xf2\x13\x53\x7f\x84\xff\x41\x71\x32\xf3\xa7\ -\x3f\x39\x81\xd3\x26\xb4\xea\x97\xca\xe8\x5d\xbb\x90\x55\xab\x70\ -\x2e\xc8\xa6\xf0\xea\xab\x54\x3f\xfa\x28\x14\xa9\xef\xef\x27\xb6\ -\x77\x2f\x56\x24\x08\xc0\x2f\x14\xa8\x7a\x9a\x72\xae\xf8\x71\x58\ -\xa2\xc2\x44\x66\xb4\x9c\xcd\x3c\xeb\x46\x7f\x40\x25\x12\x38\xdf\ -\x27\x3e\x32\x82\x5e\xbb\x36\x84\xe5\x87\x87\x29\x1c\x3b\x86\x44\ -\xa3\x34\x1e\x3f\x4e\xdd\xc6\x8d\x00\x24\xfa\xfb\x71\xbe\x4f\xf6\ -\xc8\x91\xb0\xb4\x3e\x4c\x39\xe7\x2e\x84\x0e\xf0\xfd\xe3\x19\xe7\ -\xc6\x2d\x8e\xca\xf8\x38\xd5\x4c\x06\xff\xd2\xa5\x10\x9e\x3b\x78\ -\x90\xdc\xd1\xa3\x41\x96\xe5\x32\x93\x3b\x77\x52\xba\x78\x31\x28\ -\x63\xb9\x4c\xe9\xdb\x6f\xf1\x67\x5c\xe8\xf6\x26\xa6\x27\x32\x57\ -\x37\xc3\x15\xa8\x19\x76\x17\xea\xeb\x87\xbb\xfa\x52\xfd\xf6\xf2\ -\x2f\x46\x24\x58\x8b\xc4\xe0\x20\xf6\xd6\x2d\x72\x23\x23\x41\x8f\ -\xd7\x36\x41\x34\x4a\xeb\xc8\x08\xd9\x13\x27\x28\x5c\xbc\x18\x0c\ -\xc4\xa8\x87\xac\xec\x18\xff\xfb\xab\x9f\x36\x6f\x16\xf9\x7c\x9e\ -\xc0\x01\xa5\xf4\xa6\x64\xfb\x67\x1d\x0d\x0d\xeb\x2a\x63\xd7\x91\ -\x05\xc0\xd9\xde\x9f\x27\x52\x73\x0d\x50\x97\xba\xcf\xa5\xbf\xff\ -\x7d\xe4\xe9\x42\x69\xcf\xac\xfb\x79\xe3\xfa\xac\x52\xa9\xb6\x54\ -\xd7\xfb\x8d\xc6\x24\x2b\x7f\xa4\xff\x05\x58\x08\x0d\x47\xb7\x67\ -\x88\x76\x77\xca\x74\xfa\xe6\x17\x92\x9e\x9c\x37\xae\x6f\xbb\xe1\ -\xc4\xda\x9a\xdf\x58\xb2\x62\xe9\x23\xfe\x6f\xd7\xa2\x36\x5f\x9c\ -\x2f\xb0\x40\xc4\x6b\x6b\x44\x9a\x13\x99\xc9\x1f\xc7\xde\x89\x15\ -\x4a\x77\xdf\x70\x00\x94\x52\x0d\x31\x68\x39\x12\x31\x03\xa9\x55\ -\xcb\xb7\x35\x18\xd3\xaa\x7c\x8b\x9d\xce\x53\x9d\xce\x83\xd1\x98\ -\xc5\x09\x74\x43\x0c\xab\x95\x4c\x66\x72\x63\x17\xae\x5e\x3f\x78\ -\x08\xde\x05\xa6\x80\x29\xb9\x93\x03\xa5\x54\x04\x68\x01\x16\x03\ -\x4d\xbd\xd0\xb5\x49\xeb\x8d\x5d\x9e\xe9\x6b\x69\x69\x68\x6b\x6c\ -\x5c\xd4\x58\xf5\xad\xbd\x99\xc9\x4d\xdf\x98\xce\x5f\x1b\xf5\xed\ -\x97\xe7\xe0\x93\x71\x48\xcf\xc2\x81\x8c\x88\x64\xef\xe8\x60\x46\ -\xa8\x1e\xb8\x67\x26\xea\x81\x38\x50\x07\x18\x40\x11\xec\x3b\x15\ -\xa0\x0c\xe4\x81\x1c\x70\x0b\xc8\xca\xec\x8c\x98\x39\xfe\x01\x76\ -\x95\xba\xf1\x06\x3a\xff\x81\x00\x00\x00\x00\x49\x45\x4e\x44\xae\ -\x42\x60\x82\ -" - -qt_resource_name = "\ -\x00\x06\ -\x07\x03\x7d\xc3\ -\x00\x69\ -\x00\x6d\x00\x61\x00\x67\x00\x65\x00\x73\ -\x00\x0e\ -\x05\xcd\xf4\xe7\ -\x00\x63\ -\x00\x6f\x00\x6e\x00\x6e\x00\x5f\x00\x65\x00\x72\x00\x72\x00\x6f\x00\x72\x00\x2e\x00\x70\x00\x6e\x00\x67\ -\x00\x13\ -\x09\xd2\x6c\x67\ -\x00\x45\ -\x00\x6d\x00\x62\x00\x6c\x00\x65\x00\x6d\x00\x2d\x00\x71\x00\x75\x00\x65\x00\x73\x00\x74\x00\x69\x00\x6f\x00\x6e\x00\x2e\x00\x70\ -\x00\x6e\x00\x67\ -\x00\x12\ -\x04\xe4\x91\x47\ -\x00\x63\ -\x00\x6f\x00\x6e\x00\x6e\x00\x5f\x00\x63\x00\x6f\x00\x6e\x00\x6e\x00\x65\x00\x63\x00\x74\x00\x65\x00\x64\x00\x2e\x00\x70\x00\x6e\ -\x00\x67\ -\x00\x0d\ -\x03\x9b\xc4\xc7\ -\x00\x77\ -\x00\x61\x00\x74\x00\x65\x00\x72\x00\x6d\x00\x61\x00\x72\x00\x6b\x00\x2e\x00\x70\x00\x6e\x00\x67\ -\x00\x13\ -\x0d\x76\x37\xc7\ -\x00\x63\ -\x00\x6f\x00\x6e\x00\x6e\x00\x5f\x00\x63\x00\x6f\x00\x6e\x00\x6e\x00\x65\x00\x63\x00\x74\x00\x69\x00\x6e\x00\x67\x00\x2e\x00\x70\ -\x00\x6e\x00\x67\ -\x00\x14\ -\x00\xe9\x23\x87\ -\x00\x6c\ -\x00\x65\x00\x61\x00\x70\x00\x2d\x00\x63\x00\x6f\x00\x6c\x00\x6f\x00\x72\x00\x2d\x00\x73\x00\x6d\x00\x61\x00\x6c\x00\x6c\x00\x2e\ -\x00\x70\x00\x6e\x00\x67\ -\x00\x11\ -\x06\x1a\x44\xa7\ -\x00\x44\ -\x00\x69\x00\x61\x00\x6c\x00\x6f\x00\x67\x00\x2d\x00\x61\x00\x63\x00\x63\x00\x65\x00\x70\x00\x74\x00\x2e\x00\x70\x00\x6e\x00\x67\ -\ -\x00\x10\ -\x0f\xc3\x90\x67\ -\x00\x44\ -\x00\x69\x00\x61\x00\x6c\x00\x6f\x00\x67\x00\x2d\x00\x65\x00\x72\x00\x72\x00\x6f\x00\x72\x00\x2e\x00\x70\x00\x6e\x00\x67\ -" - -qt_resource_struct = "\ -\x00\x00\x00\x00\x00\x02\x00\x00\x00\x01\x00\x00\x00\x01\ -\x00\x00\x00\x00\x00\x02\x00\x00\x00\x08\x00\x00\x00\x02\ -\x00\x00\x00\xd6\x00\x00\x00\x00\x00\x01\x00\x00\x68\x2a\ -\x00\x00\x00\x8a\x00\x00\x00\x00\x00\x01\x00\x00\x0c\x37\ -\x00\x00\x00\x60\x00\x00\x00\x00\x00\x01\x00\x00\x0a\x89\ -\x00\x00\x00\x12\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\ -\x00\x00\x01\x04\x00\x00\x00\x00\x00\x01\x00\x00\x8f\xa2\ -\x00\x00\x00\x34\x00\x00\x00\x00\x00\x01\x00\x00\x05\x99\ -\x00\x00\x00\xaa\x00\x00\x00\x00\x00\x01\x00\x00\x65\x5e\ -\x00\x00\x01\x2c\x00\x00\x00\x00\x00\x01\x00\x00\x94\xca\ -" - -def qInitResources(): - QtCore.qRegisterResourceData(0x01, qt_resource_struct, qt_resource_name, qt_resource_data) - -def qCleanupResources(): - QtCore.qUnregisterResourceData(0x01, qt_resource_struct, qt_resource_name, qt_resource_data) - -qInitResources() diff --git a/src/leap/gui/progress.py b/src/leap/gui/progress.py deleted file mode 100644 index ca4f6cc3..00000000 --- a/src/leap/gui/progress.py +++ /dev/null @@ -1,488 +0,0 @@ -""" -classes used in progress pages -from first run wizard -""" -try: - from collections import OrderedDict -except ImportError: # pragma: no cover - # We must be in 2.6 - from leap.util.dicts import OrderedDict - -import logging - -from PyQt4 import QtCore -from PyQt4 import QtGui - -from leap.gui.threads import FunThread - -from leap.gui import mainwindow_rc - -ICON_CHECKMARK = ":/images/Dialog-accept.png" -ICON_FAILED = ":/images/Dialog-error.png" -ICON_WAITING = ":/images/Emblem-question.png" - -logger = logging.getLogger(__name__) - - -class ImgWidget(QtGui.QWidget): - - # XXX move to widgets - - def __init__(self, parent=None, img=None): - super(ImgWidget, self).__init__(parent) - self.pic = QtGui.QPixmap(img) - - def paintEvent(self, event): - painter = QtGui.QPainter(self) - painter.drawPixmap(0, 0, self.pic) - - -class ProgressStep(object): - """ - Data model for sequential steps - to be used in a progress page in - connection wizard - """ - NAME = 0 - DONE = 1 - - def __init__(self, stepname, done, index=None): - """ - @param step: the name of the step - @type step: str - @param done: whether is completed or not - @type done: bool - """ - self.index = int(index) if index else 0 - self.name = unicode(stepname) - self.done = bool(done) - - @classmethod - def columns(self): - return ('name', 'done') - - -class ProgressStepContainer(object): - """ - a container for ProgressSteps objects - access data in the internal dict - """ - - def __init__(self): - self.dirty = False - self.steps = {} - - def step(self, identity): - return self.steps.get(identity, None) - - def addStep(self, step): - self.steps[step.index] = step - - def removeStep(self, step): - if step and self.steps.get(step.index, None): - del self.steps[step.index] - del step - self.dirty = True - - def removeAllSteps(self): - for item in iter(self): - self.removeStep(item) - - @property - def columns(self): - return ProgressStep.columns() - - def __len__(self): - return len(self.steps) - - def __iter__(self): - for step in self.steps.values(): - yield step - - -class StepsTableWidget(QtGui.QTableWidget): - """ - initializes a TableWidget - suitable for our display purposes, like removing - header info and grid display - """ - - def __init__(self, parent=None): - super(StepsTableWidget, self).__init__(parent=parent) - - # remove headers and all edit/select behavior - self.horizontalHeader().hide() - self.verticalHeader().hide() - self.setEditTriggers( - QtGui.QAbstractItemView.NoEditTriggers) - self.setSelectionMode( - QtGui.QAbstractItemView.NoSelection) - width = self.width() - - # WTF? Here init width is 100... - # but on populating is 456... :( - #logger.debug('init table. width=%s' % width) - - # XXX do we need this initial? - self.horizontalHeader().resizeSection(0, width * 0.7) - - # this disables the table grid. - # we should add alignment to the ImgWidget (it's top-left now) - self.setShowGrid(False) - self.setFocusPolicy(QtCore.Qt.NoFocus) - #self.setStyleSheet("QTableView{outline: 0;}") - - # XXX change image for done to rc - - # Note about the "done" status painting: - # - # XXX currently we are setting the CellWidget - # for the whole table on a per-row basis - # (on add_status_line method on ValidationPage). - # However, a more generic solution might be - # to implement a custom Delegate that overwrites - # the paint method (so it paints a checked tickmark if - # done is True and some other thing if checking or false). - # What we have now is quick and works because - # I'm supposing that on first fail we will - # go back to previous wizard page to signal the failure. - # A more generic solution could be used for - # some failing tests if they are not critical. - - -class WithStepsMixIn(object): - """ - This Class is a mixin that can be inherited - by InlineValidation pages (which will display - a progress steps widget in the same page as the form) - or by Validation Pages (which will only display - the progress steps in the page, below a progress bar widget) - """ - STEPS_TIMER_MS = 100 - - # - # methods related to worker threads - # launched for individual checks - # - - def setupStepsProcessingQueue(self): - """ - should be called from the init method - of the derived classes - """ - self.steps_queue = Queue.Queue() - self.stepscheck_timer = QtCore.QTimer() - self.stepscheck_timer.timeout.connect(self.processStepsQueue) - self.stepscheck_timer.start(self.STEPS_TIMER_MS) - # we need to keep a reference to child threads - self.threads = [] - - def do_checks(self): - """ - main entry point for checks. - it calls _do_checks in derived classes, - and it expects it to be a generator - yielding a tuple in the form (("message", progress_int), checkfunction) - """ - - # yo dawg, I heard you like checks - # so I put a __do_checks in your do_checks - # for calling others' _do_checks - - def __do_checks(fun=None, queue=None): - - for checkcase in fun(): # pragma: no cover - checkmsg, checkfun = checkcase - - queue.put(checkmsg) - if checkfun() is False: - queue.put("failed") - break - - t = FunThread(fun=partial( - __do_checks, - fun=self._do_checks, - queue=self.steps_queue)) - if hasattr(self, 'on_checks_validation_ready'): - t.finished.connect(self.on_checks_validation_ready) - t.begin() - self.threads.append(t) - - def processStepsQueue(self): - """ - consume steps queue - and pass messages - to the ui updater functions - """ - while self.steps_queue.qsize(): - try: - status = self.steps_queue.get(0) - if status == "failed": - self.set_failed_icon() - else: - self.onStepStatusChanged(*status) - except Queue.Empty: # pragma: no cover - pass - - def fail(self, err=None): - """ - return failed state - and send error notification as - a nice side effect. this function is called from - the _do_checks check functions returned in the - generator. - """ - wizard = self.wizard() - senderr = lambda err: wizard.set_validation_error( - self.current_page, err) - self.set_undone() - if err: - senderr(err) - return False - - @QtCore.pyqtSlot() - def launch_checks(self): - self.do_checks() - - # (gui) presentation stuff begins ##################### - - # slot - #@QtCore.pyqtSlot(str, int) - def onStepStatusChanged(self, status, progress=None): - status = unicode(status) - if status not in ("head_sentinel", "end_sentinel"): - self.add_status_line(status) - if status in ("end_sentinel"): - #self.checks_finished = True - self.set_checked_icon() - if progress and hasattr(self, 'progress'): - self.progress.setValue(progress) - self.progress.update() - - def setupSteps(self): - self.steps = ProgressStepContainer() - # steps table widget - if isinstance(self, QtCore.QObject): - parent = self - else: - parent = None - self.stepsTableWidget = StepsTableWidget(parent=parent) - zeros = (0, 0, 0, 0) - self.stepsTableWidget.setContentsMargins(*zeros) - self.errors = OrderedDict() - - def set_error(self, name, error): - self.errors[name] = error - - def pop_first_error(self): - errkey, errval = list(reversed(self.errors.items())).pop() - del self.errors[errkey] - return errkey, errval - - def clean_errors(self): - self.errors = OrderedDict() - - def clean_wizard_errors(self, pagename=None): - if pagename is None: # pragma: no cover - pagename = getattr(self, 'prev_page', None) - if pagename is None: # pragma: no cover - return - #logger.debug('cleaning wizard errors for %s' % pagename) - self.wizard().set_validation_error(pagename, None) - - def populateStepsTable(self): - # from examples, - # but I guess it's not needed to re-populate - # the whole table. - table = self.stepsTableWidget - table.setRowCount(len(self.steps)) - columns = self.steps.columns - table.setColumnCount(len(columns)) - - for row, step in enumerate(self.steps): - item = QtGui.QTableWidgetItem(step.name) - item.setData(QtCore.Qt.UserRole, - long(id(step))) - table.setItem(row, columns.index('name'), item) - table.setItem(row, columns.index('done'), - QtGui.QTableWidgetItem(step.done)) - self.resizeTable() - self.update() - - def clearTable(self): - # ??? -- not sure what's the difference - #self.stepsTableWidget.clear() - self.stepsTableWidget.clearContents() - - def resizeTable(self): - # resize first column to ~80% - table = self.stepsTableWidget - FIRST_COLUMN_PERCENT = 0.70 - width = table.width() - #logger.debug('populate table. width=%s' % width) - table.horizontalHeader().resizeSection(0, width * FIRST_COLUMN_PERCENT) - - def set_item_icon(self, img=ICON_CHECKMARK, current=True): - """ - mark the last item - as done - """ - # setting cell widget. - # see note on StepsTableWidget about plans to - # change this for a better solution. - if not hasattr(self, 'steps'): - return - index = len(self.steps) - table = self.stepsTableWidget - _index = index - 1 if current else index - 2 - table.setCellWidget( - _index, - ProgressStep.DONE, - ImgWidget(img=img)) - table.update() - - def set_failed_icon(self): - self.set_item_icon(img=ICON_FAILED, current=True) - - def set_checking_icon(self): - self.set_item_icon(img=ICON_WAITING, current=True) - - def set_checked_icon(self, current=True): - self.set_item_icon(current=current) - - def add_status_line(self, message): - """ - adds a new status line - and mark the next-to-last item - as done - """ - index = len(self.steps) - step = ProgressStep(message, False, index=index) - self.steps.addStep(step) - self.populateStepsTable() - self.set_checking_icon() - self.set_checked_icon(current=False) - - # Sets/unsets done flag - # for isComplete checks - - def set_done(self): - self.done = True - self.completeChanged.emit() - - def set_undone(self): - self.done = False - self.completeChanged.emit() - - def is_done(self): - return self.done - - # convenience for going back and forth - # in the wizard pages. - - def go_back(self): - self.wizard().back() - - def go_next(self): - self.wizard().next() - - -""" -We will use one base class for the intermediate pages -and another one for the in-page validations, both sharing the creation -of the tablewidgets. -The logic of this split comes from where I was trying to solve -the ui update using signals, but now that it's working well with -queues I could join them again. -""" - -import Queue -from functools import partial - - -class InlineValidationPage(QtGui.QWizardPage, WithStepsMixIn): - - def __init__(self, parent=None): - super(InlineValidationPage, self).__init__(parent) - self.setupStepsProcessingQueue() - self.done = False - - # slot - - @QtCore.pyqtSlot() - def showStepsFrame(self): - self.valFrame.show() - self.update() - - # progress frame - - def setupValidationFrame(self): - qframe = QtGui.QFrame - valFrame = qframe() - valFrame.setFrameStyle(qframe.NoFrame) - valframeLayout = QtGui.QVBoxLayout() - zeros = (0, 0, 0, 0) - valframeLayout.setContentsMargins(*zeros) - - valframeLayout.addWidget(self.stepsTableWidget) - valFrame.setLayout(valframeLayout) - self.valFrame = valFrame - - -class ValidationPage(QtGui.QWizardPage, WithStepsMixIn): - """ - class to be used as an intermediate - between two pages in a wizard. - shows feedback to the user and goes back if errors, - goes forward if ok. - initializePage triggers a one shot timer - that calls do_checks. - Derived classes should implement - _do_checks and - _do_validation - """ - - # signals - stepChanged = QtCore.pyqtSignal([str, int]) - - def __init__(self, parent=None): - super(ValidationPage, self).__init__(parent) - self.setupSteps() - #self.connect_step_status() - - layout = QtGui.QVBoxLayout() - self.progress = QtGui.QProgressBar(self) - layout.addWidget(self.progress) - layout.addWidget(self.stepsTableWidget) - - self.setLayout(layout) - self.layout = layout - - self.timer = QtCore.QTimer() - self.done = False - - self.setupStepsProcessingQueue() - - def isComplete(self): - return self.is_done() - - ######################## - - def show_progress(self): - self.progress.show() - self.stepsTableWidget.show() - - def hide_progress(self): - self.progress.hide() - self.stepsTableWidget.hide() - - # pagewizard methods. - # if overriden, child classes should call super. - - def initializePage(self): - self.clean_errors() - self.clean_wizard_errors() - self.steps.removeAllSteps() - self.clearTable() - self.resizeTable() - self.timer.singleShot(0, self.do_checks) diff --git a/src/leap/gui/statuspanel.py b/src/leap/gui/statuspanel.py new file mode 100644 index 00000000..3e5a5093 --- /dev/null +++ b/src/leap/gui/statuspanel.py @@ -0,0 +1,279 @@ +# -*- coding: utf-8 -*- +# statuspanel.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +""" +Status Panel widget implementation +""" +import logging + +from functools import partial +from PySide import QtCore, QtGui + +from ui_statuspanel import Ui_StatusPanel +from leap.services.eip.vpnprocess import VPNManager +from leap.platform_init import IS_WIN, IS_LINUX +from leap.common.check import leap_assert_type + +logger = logging.getLogger(__name__) + + +class StatusPanelWidget(QtGui.QWidget): + """ + Status widget that displays the current state of the LEAP services + """ + + start_eip = QtCore.Signal() + stop_eip = QtCore.Signal() + + def __init__(self, parent=None): + QtGui.QWidget.__init__(self, parent) + + self._systray = None + self._action_eip_status = None + + self.ui = Ui_StatusPanel() + self.ui.setupUi(self) + + self.ui.btnEipStartStop.setEnabled(False) + self.ui.btnEipStartStop.clicked.connect( + self.start_eip) + + self.hide_status_box() + + # Set the EIP status icons + self.CONNECTING_ICON = None + self.CONNECTED_ICON = None + self.ERROR_ICON = None + self.CONNECTING_ICON_TRAY = None + self.CONNECTED_ICON_TRAY = None + self.ERROR_ICON_TRAY = None + self._set_eip_icons() + + def _set_eip_icons(self): + """ + Sets the EIP status icons for the main window and for the tray + + MAC : dark icons + LINUX : dark icons in window, light icons in tray + WIN : light icons + """ + EIP_ICONS = EIP_ICONS_TRAY = ( + ":/images/conn_connecting-light.png", + ":/images/conn_connected-light.png", + ":/images/conn_error-light.png") + + if IS_LINUX: + EIP_ICONS_TRAY = ( + ":/images/conn_connecting.png", + ":/images/conn_connected.png", + ":/images/conn_error.png") + elif IS_WIN: + EIP_ICONS = EIP_ICONS_TRAY = ( + ":/images/conn_connecting.png", + ":/images/conn_connected.png", + ":/images/conn_error.png") + + self.CONNECTING_ICON = QtGui.QPixmap(EIP_ICONS[0]) + self.CONNECTED_ICON = QtGui.QPixmap(EIP_ICONS[1]) + self.ERROR_ICON = QtGui.QPixmap(EIP_ICONS[2]) + + self.CONNECTING_ICON_TRAY = QtGui.QPixmap(EIP_ICONS_TRAY[0]) + self.CONNECTED_ICON_TRAY = QtGui.QPixmap(EIP_ICONS_TRAY[1]) + self.ERROR_ICON_TRAY = QtGui.QPixmap(EIP_ICONS_TRAY[2]) + + def set_systray(self, systray): + """ + Sets the systray object to use. + + :param systray: Systray object + :type systray: QtGui.QSystemTrayIcon + """ + leap_assert_type(systray, QtGui.QSystemTrayIcon) + self._systray = systray + + def set_action_eip_status(self, action_eip_status): + """ + Sets the action_eip_status to use. + + :param action_eip_status: action_eip_status to be used + :type action_eip_status: QtGui.QAction + """ + leap_assert_type(action_eip_status, QtGui.QAction) + self._action_eip_status = action_eip_status + + def set_global_status(self, status, error=False): + """ + Sets the global status label. + + :param status: status message + :type status: str or unicode + :param error: if the status is an erroneous one, then set this + to True + :type error: bool + """ + leap_assert_type(error, bool) + if error: + status = "<font color='red'><b>%s</b></font>" % (status,) + self.ui.lblGlobalStatus.setText(status) + self.ui.globalStatusBox.show() + + def hide_status_box(self): + """ + Hide global status box. + """ + self.ui.globalStatusBox.hide() + + def set_eip_status(self, status, error=False): + """ + Sets the status label at the VPN stage to status + + :param status: status message + :type status: str or unicode + :param error: if the status is an erroneous one, then set this + to True + :type error: bool + """ + leap_assert_type(error, bool) + + self._systray.setToolTip(status) + if error: + status = "<font color='red'>%s</font>" % (status,) + self.ui.lblEIPStatus.setText(status) + + def set_startstop_enabled(self, value): + """ + Enable or disable btnEipStartStop based on value + + :param value: True for enabled, False otherwise + :type value: bool + """ + leap_assert_type(value, bool) + self.ui.btnEipStartStop.setEnabled(value) + + def eip_pre_up(self): + """ + Triggered when the app activates eip. + Hides the status box and disables the start/stop button. + """ + self.hide_status_box() + self.set_startstop_enabled(False) + + def eip_started(self): + """ + Sets the state of the widget to how it should look after EIP + has started + """ + self.ui.btnEipStartStop.setText(self.tr("Turn OFF")) + self.ui.btnEipStartStop.disconnect(self) + self.ui.btnEipStartStop.clicked.connect( + self.stop_eip) + + def eip_stopped(self): + """ + Sets the state of the widget to how it should look after EIP + has stopped + """ + self.ui.btnEipStartStop.setText(self.tr("Turn ON")) + self.ui.btnEipStartStop.disconnect(self) + self.ui.btnEipStartStop.clicked.connect( + self.start_eip) + + def set_icon(self, icon): + """ + Sets the icon to display for EIP + + :param icon: icon to display + :type icon: QPixmap + """ + self.ui.lblVPNStatusIcon.setPixmap(icon) + + def update_vpn_status(self, data): + """ + SLOT + TRIGGER: VPN.status_changed + + Updates the download/upload labels based on the data provided + by the VPN thread + """ + upload = float(data[VPNManager.TUNTAP_WRITE_KEY] or "0") + upload = upload / 1000.0 + upload_str = "%12.2f Kb" % (upload,) + self.ui.lblUpload.setText(upload_str) + download = float(data[VPNManager.TUNTAP_READ_KEY] or "0") + download = download / 1000.0 + download_str = "%12.2f Kb" % (download,) + self.ui.lblDownload.setText(download_str) + + def update_vpn_state(self, data): + """ + SLOT + TRIGGER: VPN.state_changed + + Updates the displayed VPN state based on the data provided by + the VPN thread + """ + status = data[VPNManager.STATUS_STEP_KEY] + self.set_eip_status_icon(status) + if status == "CONNECTED": + self.set_eip_status(self.tr("ON")) + # Only now we can properly enable the button. + self.set_startstop_enabled(True) + elif status == "AUTH": + self.set_eip_status(self.tr("Authenticating...")) + elif status == "GET_CONFIG": + self.set_eip_status(self.tr("Retrieving configuration...")) + elif status == "WAIT": + self.set_eip_status(self.tr("Waiting to start...")) + elif status == "ASSIGN_IP": + self.set_eip_status(self.tr("Assigning IP")) + elif status == "ALREADYRUNNING": + # Put the following calls in Qt's event queue, otherwise + # the UI won't update properly + QtCore.QTimer.singleShot(0, self.stop_eip) + QtCore.QTimer.singleShot(0, partial(self.set_global_status, + self.tr("Unable to start VPN, " + "it's already " + "running."))) + else: + self.set_eip_status(status) + + def set_eip_status_icon(self, status): + """ + Given a status step from the VPN thread, set the icon properly + + :param status: status step + :type status: str + """ + selected_pixmap = self.ERROR_ICON + selected_pixmap_tray = self.ERROR_ICON_TRAY + tray_message = self.tr("Encryption is OFF") + if status in ("WAIT", "AUTH", "GET_CONFIG", + "RECONNECTING", "ASSIGN_IP"): + selected_pixmap = self.CONNECTING_ICON + selected_pixmap_tray = self.CONNECTING_ICON_TRAY + tray_message = self.tr("Turning ON") + elif status in ("CONNECTED"): + tray_message = self.tr("Encryption is ON") + selected_pixmap = self.CONNECTED_ICON + selected_pixmap_tray = self.CONNECTED_ICON_TRAY + + self.set_icon(selected_pixmap) + self._systray.setIcon(QtGui.QIcon(selected_pixmap_tray)) + self._action_eip_status.setText(tray_message) + + def set_provider(self, provider): + self.ui.lblProvider.setText(provider) diff --git a/src/leap/gui/styles.py b/src/leap/gui/styles.py deleted file mode 100644 index b482922e..00000000 --- a/src/leap/gui/styles.py +++ /dev/null @@ -1,16 +0,0 @@ -GreenLineEdit = "QLabel {color: green; font-weight: bold}" -ErrorLabelStyleSheet = """QLabel { color: red; font-weight: bold }""" -ErrorLineEdit = """QLineEdit { border: 1px solid red; }""" - - -# XXX this is bad. -# and you should feel bad for it. -# The original style has a sort of box color -# white/beige left-top/right-bottom or something like -# that. - -RegularLineEdit = """ -QLineEdit { - border: 1px solid black; -} -""" diff --git a/src/leap/gui/tests/integration/fake_user_signup.py b/src/leap/gui/tests/integration/fake_user_signup.py deleted file mode 100644 index 78873749..00000000 --- a/src/leap/gui/tests/integration/fake_user_signup.py +++ /dev/null @@ -1,84 +0,0 @@ -""" -simple server to test registration and -authentication - -To test: - -curl -d login=python_test_user -d password_salt=54321\ - -d password_verifier=12341234 \ - http://localhost:8000/users.json - -""" -from BaseHTTPServer import HTTPServer -from BaseHTTPServer import BaseHTTPRequestHandler -import cgi -import json -import urlparse - -HOST = "localhost" -PORT = 8000 - -LOGIN_ERROR = """{"errors":{"login":["has already been taken"]}}""" - -from leap.base.tests.test_providers import EXPECTED_DEFAULT_CONFIG - - -class request_handler(BaseHTTPRequestHandler): - responses = { - '/': ['ok\n'], - '/users.json': ['ok\n'], - '/timeout': ['ok\n'], - '/provider.json': ['%s\n' % json.dumps(EXPECTED_DEFAULT_CONFIG)] - } - - def do_GET(self): - path = urlparse.urlparse(self.path) - message = '\n'.join( - self.responses.get( - path.path, None)) - self.send_response(200) - self.end_headers() - self.wfile.write(message) - - def do_POST(self): - form = cgi.FieldStorage( - fp=self.rfile, - headers=self.headers, - environ={'REQUEST_METHOD': 'POST', - 'CONTENT_TYPE': self.headers['Content-Type'], - }) - data = dict( - (key, form[key].value) for key in form.keys()) - path = urlparse.urlparse(self.path) - message = '\n'.join( - self.responses.get( - path.path, '')) - - login = data.get('login', None) - #password_salt = data.get('password_salt', None) - #password_verifier = data.get('password_verifier', None) - - if path.geturl() == "/timeout": - print 'timeout' - self.send_response(200) - self.end_headers() - self.wfile.write(message) - import time - time.sleep(10) - return - - ok = True if (login == "python_test_user") else False - if ok: - self.send_response(200) - self.end_headers() - self.wfile.write(message) - - else: - self.send_response(500) - self.end_headers() - self.wfile.write(LOGIN_ERROR) - - -if __name__ == "__main__": - server = HTTPServer((HOST, PORT), request_handler) - server.serve_forever() diff --git a/src/leap/gui/tests/test_firstrun_login.py b/src/leap/gui/tests/test_firstrun_login.py deleted file mode 100644 index 6c45b8ef..00000000 --- a/src/leap/gui/tests/test_firstrun_login.py +++ /dev/null @@ -1,212 +0,0 @@ -import sys -import unittest - -import mock - -from leap.testing import qunittest -#from leap.testing import pyqt - -from PyQt4 import QtGui -#from PyQt4 import QtCore -#import PyQt4.QtCore # some weirdness with mock module - -from PyQt4.QtTest import QTest -from PyQt4.QtCore import Qt - -from leap.gui import firstrun - -try: - from collections import OrderedDict -except ImportError: - # We must be in 2.6 - from leap.util.dicts import OrderedDict - - -class TestPage(firstrun.login.LogInPage): - pass - - -class LogInPageLogicTestCase(qunittest.TestCase): - - # XXX can spy on signal connections - __name__ = "register user page logic tests" - - def setUp(self): - self.app = QtGui.QApplication(sys.argv) - QtGui.qApp = self.app - self.page = TestPage(None) - self.page.wizard = mock.MagicMock() - - def tearDown(self): - QtGui.qApp = None - self.app = None - self.page = None - - def test__do_checks(self): - eq = self.assertEqual - - self.page.userNameLineEdit.setText('testuser@domain') - self.page.userPasswordLineEdit.setText('testpassword') - - # fake register process - with mock.patch('leap.base.auth.LeapSRPRegister') as mockAuth: - mockSignup = mock.MagicMock() - - reqMockup = mock.Mock() - # XXX should inject bad json to get error - reqMockup.content = '{"errors": null}' - mockSignup.register_user.return_value = (True, reqMockup) - mockAuth.return_value = mockSignup - checks = [x for x in self.page._do_checks()] - - eq(len(checks), 4) - labels = [str(x) for (x, y), z in checks] - eq(labels, ['head_sentinel', - 'Resolving domain name', - 'Validating credentials', - 'end_sentinel']) - progress = [y for (x, y), z in checks] - eq(progress, [0, 20, 60, 100]) - - # normal run, ie, no exceptions - - checkfuns = [z for (x, y), z in checks] - checkusername, resolvedomain, valcreds = checkfuns[:-1] - - self.assertTrue(checkusername()) - #self.mocknetchecker.check_name_resolution.assert_called_with( - #'test_provider1') - - self.assertTrue(resolvedomain()) - #self.mockpcertchecker.is_https_working.assert_called_with( - #"https://test_provider1", verify=True) - - self.assertTrue(valcreds()) - - # XXX missing: inject failing exceptions - # XXX TODO make it break - - -class RegisterUserPageUITestCase(qunittest.TestCase): - - # XXX can spy on signal connections - __name__ = "Register User Page UI tests" - - def setUp(self): - self.app = QtGui.QApplication(sys.argv) - QtGui.qApp = self.app - - self.pagename = "signup" - pages = OrderedDict(( - (self.pagename, TestPage), - ('providersetupvalidation', - firstrun.connect.ConnectionPage))) - self.wizard = firstrun.wizard.FirstRunWizard(None, pages_dict=pages) - self.page = self.wizard.page(self.wizard.get_page_index(self.pagename)) - - self.page.do_checks = mock.Mock() - - # wizard would do this for us - self.page.initializePage() - - def tearDown(self): - QtGui.qApp = None - self.app = None - self.wizard = None - - # XXX refactor out - def fill_field(self, field, text): - """ - fills a field (line edit) that is passed along - :param field: the qLineEdit - :param text: the text to be filled - :type field: QLineEdit widget - :type text: str - """ - keyp = QTest.keyPress - field.setFocus(True) - for c in text: - keyp(field, c) - self.assertEqual(field.text(), text) - - def del_field(self, field): - """ - deletes entried text in - field line edit - :param field: the QLineEdit - :type field: QLineEdit widget - """ - keyp = QTest.keyPress - for c in range(len(field.text())): - keyp(field, Qt.Key_Backspace) - self.assertEqual(field.text(), "") - - def test_buttons_disabled_until_textentry(self): - # it's a commit button this time - nextbutton = self.wizard.button(QtGui.QWizard.CommitButton) - - self.assertFalse(nextbutton.isEnabled()) - - f_username = self.page.userNameLineEdit - f_password = self.page.userPasswordLineEdit - - self.fill_field(f_username, "testuser") - self.fill_field(f_password, "testpassword") - - # commit should be enabled - # XXX Need a workaround here - # because the isComplete is not being evaluated... - # (no event loop running??) - #import ipdb;ipdb.set_trace() - #self.assertTrue(nextbutton.isEnabled()) - self.assertTrue(self.page.isComplete()) - - self.del_field(f_username) - self.del_field(f_password) - - # after rm fields commit button - # should be disabled again - #self.assertFalse(nextbutton.isEnabled()) - self.assertFalse(self.page.isComplete()) - - def test_validate_page(self): - self.assertFalse(self.page.validatePage()) - # XXX TODO MOAR CASES... - # add errors, False - # change done, False - # not done, do_checks called - # click confirm, True - # done and do_confirm, True - - def test_next_id(self): - self.assertEqual(self.page.nextId(), 1) - - def test_paint_event(self): - self.page.populateErrors = mock.Mock() - self.page.paintEvent(None) - self.page.populateErrors.assert_called_with() - - def test_validation_ready(self): - f_username = self.page.userNameLineEdit - f_password = self.page.userPasswordLineEdit - - self.fill_field(f_username, "testuser") - self.fill_field(f_password, "testpassword") - - self.page.done = True - self.page.on_checks_validation_ready() - self.assertFalse(f_username.isEnabled()) - self.assertFalse(f_password.isEnabled()) - - self.assertEqual(self.page.validationMsg.text(), - "Credentials validated.") - self.assertEqual(self.page.do_confirm_next, True) - - def test_regex(self): - # XXX enter invalid username with key presses - # check text is not updated - pass - - -if __name__ == "__main__": - unittest.main() diff --git a/src/leap/gui/tests/test_firstrun_providerselect.py b/src/leap/gui/tests/test_firstrun_providerselect.py deleted file mode 100644 index 18d89010..00000000 --- a/src/leap/gui/tests/test_firstrun_providerselect.py +++ /dev/null @@ -1,203 +0,0 @@ -import sys -import unittest - -import mock - -from leap.testing import qunittest -#from leap.testing import pyqt - -from PyQt4 import QtGui -#from PyQt4 import QtCore -#import PyQt4.QtCore # some weirdness with mock module - -from PyQt4.QtTest import QTest -from PyQt4.QtCore import Qt - -from leap.gui import firstrun - -try: - from collections import OrderedDict -except ImportError: - # We must be in 2.6 - from leap.util.dicts import OrderedDict - - -class TestPage(firstrun.providerselect.SelectProviderPage): - pass - - -class SelectProviderPageLogicTestCase(qunittest.TestCase): - - # XXX can spy on signal connections - - def setUp(self): - self.app = QtGui.QApplication(sys.argv) - QtGui.qApp = self.app - self.page = TestPage(None) - self.page.wizard = mock.MagicMock() - - mocknetchecker = mock.Mock() - self.page.wizard().netchecker.return_value = mocknetchecker - self.mocknetchecker = mocknetchecker - - mockpcertchecker = mock.Mock() - self.page.wizard().providercertchecker.return_value = mockpcertchecker - self.mockpcertchecker = mockpcertchecker - - mockeipconfchecker = mock.Mock() - self.page.wizard().eipconfigchecker.return_value = mockeipconfchecker - self.mockeipconfchecker = mockeipconfchecker - - def tearDown(self): - QtGui.qApp = None - self.app = None - self.page = None - - def test__do_checks(self): - eq = self.assertEqual - - self.page.providerNameEdit.setText('test_provider1') - - checks = [x for x in self.page._do_checks()] - eq(len(checks), 5) - labels = [str(x) for (x, y), z in checks] - eq(labels, ['head_sentinel', - 'Checking if it is a valid provider', - 'Checking for a secure connection', - 'Getting info from the provider', - 'end_sentinel']) - progress = [y for (x, y), z in checks] - eq(progress, [0, 20, 40, 80, 100]) - - # normal run, ie, no exceptions - - checkfuns = [z for (x, y), z in checks] - namecheck, httpscheck, fetchinfo = checkfuns[1:-1] - - self.assertTrue(namecheck()) - self.mocknetchecker.check_name_resolution.assert_called_with( - 'test_provider1') - - self.assertTrue(httpscheck()) - self.mockpcertchecker.is_https_working.assert_called_with( - "https://test_provider1", verify=True) - - self.assertTrue(fetchinfo()) - self.mockeipconfchecker.fetch_definition.assert_called_with( - domain="test_provider1") - - # XXX missing: inject failing exceptions - # XXX TODO make it break - - -class SelectProviderPageUITestCase(qunittest.TestCase): - - # XXX can spy on signal connections - __name__ = "Select Provider Page UI tests" - - def setUp(self): - self.app = QtGui.QApplication(sys.argv) - QtGui.qApp = self.app - - self.pagename = "providerselection" - pages = OrderedDict(( - (self.pagename, TestPage), - ('providerinfo', - firstrun.providerinfo.ProviderInfoPage))) - self.wizard = firstrun.wizard.FirstRunWizard(None, pages_dict=pages) - self.page = self.wizard.page(self.wizard.get_page_index(self.pagename)) - - self.page.do_checks = mock.Mock() - - # wizard would do this for us - self.page.initializePage() - - def tearDown(self): - QtGui.qApp = None - self.app = None - self.wizard = None - - def fill_provider(self): - """ - fills provider line edit - """ - keyp = QTest.keyPress - pedit = self.page.providerNameEdit - pedit.setFocus(True) - for c in "testprovider": - keyp(pedit, c) - self.assertEqual(pedit.text(), "testprovider") - - def del_provider(self): - """ - deletes entried provider in - line edit - """ - keyp = QTest.keyPress - pedit = self.page.providerNameEdit - for c in range(len("testprovider")): - keyp(pedit, Qt.Key_Backspace) - self.assertEqual(pedit.text(), "") - - def test_buttons_disabled_until_textentry(self): - nextbutton = self.wizard.button(QtGui.QWizard.NextButton) - checkbutton = self.page.providerCheckButton - - self.assertFalse(nextbutton.isEnabled()) - self.assertFalse(checkbutton.isEnabled()) - - self.fill_provider() - # checkbutton should be enabled - self.assertTrue(checkbutton.isEnabled()) - self.assertFalse(nextbutton.isEnabled()) - - self.del_provider() - # after rm provider checkbutton disabled again - self.assertFalse(checkbutton.isEnabled()) - self.assertFalse(nextbutton.isEnabled()) - - def test_check_button_triggers_tests(self): - checkbutton = self.page.providerCheckButton - self.assertFalse(checkbutton.isEnabled()) - self.assertFalse(self.page.do_checks.called) - - self.fill_provider() - - self.assertTrue(checkbutton.isEnabled()) - mclick = QTest.mouseClick - # click! - mclick(checkbutton, Qt.LeftButton) - self.waitFor(seconds=0.1) - self.assertTrue(self.page.do_checks.called) - - # XXX - # can play with different side_effects for do_checks mock... - # so we can see what happens with errors and so on - - def test_page_completed_after_checks(self): - nextbutton = self.wizard.button(QtGui.QWizard.NextButton) - self.assertFalse(nextbutton.isEnabled()) - - self.assertFalse(self.page.isComplete()) - self.fill_provider() - # simulate checks done - self.page.done = True - self.page.on_checks_validation_ready() - self.assertTrue(self.page.isComplete()) - # cannot test for nexbutton enabled - # cause it's the the wizard loop - # that would do that I think - - def test_validate_page(self): - self.assertTrue(self.page.validatePage()) - - def test_next_id(self): - self.assertEqual(self.page.nextId(), 1) - - def test_paint_event(self): - self.page.populateErrors = mock.Mock() - self.page.paintEvent(None) - self.page.populateErrors.assert_called_with() - -if __name__ == "__main__": - unittest.main() diff --git a/src/leap/gui/tests/test_firstrun_register.py b/src/leap/gui/tests/test_firstrun_register.py deleted file mode 100644 index 9d62f808..00000000 --- a/src/leap/gui/tests/test_firstrun_register.py +++ /dev/null @@ -1,244 +0,0 @@ -import sys -import unittest - -import mock - -from leap.testing import qunittest -#from leap.testing import pyqt - -from PyQt4 import QtGui -#from PyQt4 import QtCore -#import PyQt4.QtCore # some weirdness with mock module - -from PyQt4.QtTest import QTest -from PyQt4.QtCore import Qt - -from leap.gui import firstrun - -try: - from collections import OrderedDict -except ImportError: - # We must be in 2.6 - from leap.util.dicts import OrderedDict - - -class TestPage(firstrun.register.RegisterUserPage): - - def field(self, field): - if field == "provider_domain": - return "testprovider" - - -class RegisterUserPageLogicTestCase(qunittest.TestCase): - - # XXX can spy on signal connections - __name__ = "register user page logic tests" - - def setUp(self): - self.app = QtGui.QApplication(sys.argv) - QtGui.qApp = self.app - self.page = TestPage(None) - self.page.wizard = mock.MagicMock() - - #mocknetchecker = mock.Mock() - #self.page.wizard().netchecker.return_value = mocknetchecker - #self.mocknetchecker = mocknetchecker -# - #mockpcertchecker = mock.Mock() - #self.page.wizard().providercertchecker.return_value = mockpcertchecker - #self.mockpcertchecker = mockpcertchecker -# - #mockeipconfchecker = mock.Mock() - #self.page.wizard().eipconfigchecker.return_value = mockeipconfchecker - #self.mockeipconfchecker = mockeipconfchecker - - def tearDown(self): - QtGui.qApp = None - self.app = None - self.page = None - - def test__do_checks(self): - eq = self.assertEqual - - self.page.userNameLineEdit.setText('testuser') - self.page.userPasswordLineEdit.setText('testpassword') - self.page.userPassword2LineEdit.setText('testpassword') - - # fake register process - with mock.patch('leap.base.auth.LeapSRPRegister') as mockAuth: - mockSignup = mock.MagicMock() - - reqMockup = mock.Mock() - # XXX should inject bad json to get error - reqMockup.content = '{"errors": null}' - mockSignup.register_user.return_value = (True, reqMockup) - mockAuth.return_value = mockSignup - checks = [x for x in self.page._do_checks()] - - eq(len(checks), 3) - labels = [str(x) for (x, y), z in checks] - eq(labels, ['head_sentinel', - 'Registering username', - 'end_sentinel']) - progress = [y for (x, y), z in checks] - eq(progress, [0, 40, 100]) - - # normal run, ie, no exceptions - - checkfuns = [z for (x, y), z in checks] - passcheck, register = checkfuns[:-1] - - self.assertTrue(passcheck()) - #self.mocknetchecker.check_name_resolution.assert_called_with( - #'test_provider1') - - self.assertTrue(register()) - #self.mockpcertchecker.is_https_working.assert_called_with( - #"https://test_provider1", verify=True) - - # XXX missing: inject failing exceptions - # XXX TODO make it break - - -class RegisterUserPageUITestCase(qunittest.TestCase): - - # XXX can spy on signal connections - __name__ = "Register User Page UI tests" - - def setUp(self): - self.app = QtGui.QApplication(sys.argv) - QtGui.qApp = self.app - - self.pagename = "signup" - pages = OrderedDict(( - (self.pagename, TestPage), - ('connect', - firstrun.connect.ConnectionPage))) - self.wizard = firstrun.wizard.FirstRunWizard(None, pages_dict=pages) - self.page = self.wizard.page(self.wizard.get_page_index(self.pagename)) - - self.page.do_checks = mock.Mock() - - # wizard would do this for us - self.page.initializePage() - - def tearDown(self): - QtGui.qApp = None - self.app = None - self.wizard = None - - def fill_field(self, field, text): - """ - fills a field (line edit) that is passed along - :param field: the qLineEdit - :param text: the text to be filled - :type field: QLineEdit widget - :type text: str - """ - keyp = QTest.keyPress - field.setFocus(True) - for c in text: - keyp(field, c) - self.assertEqual(field.text(), text) - - def del_field(self, field): - """ - deletes entried text in - field line edit - :param field: the QLineEdit - :type field: QLineEdit widget - """ - keyp = QTest.keyPress - for c in range(len(field.text())): - keyp(field, Qt.Key_Backspace) - self.assertEqual(field.text(), "") - - def test_buttons_disabled_until_textentry(self): - # it's a commit button this time - nextbutton = self.wizard.button(QtGui.QWizard.CommitButton) - - self.assertFalse(nextbutton.isEnabled()) - - f_username = self.page.userNameLineEdit - f_password = self.page.userPasswordLineEdit - f_passwor2 = self.page.userPassword2LineEdit - - self.fill_field(f_username, "testuser") - self.fill_field(f_password, "testpassword") - self.fill_field(f_passwor2, "testpassword") - - # commit should be enabled - # XXX Need a workaround here - # because the isComplete is not being evaluated... - # (no event loop running??) - #import ipdb;ipdb.set_trace() - #self.assertTrue(nextbutton.isEnabled()) - self.assertTrue(self.page.isComplete()) - - self.del_field(f_username) - self.del_field(f_password) - self.del_field(f_passwor2) - - # after rm fields commit button - # should be disabled again - #self.assertFalse(nextbutton.isEnabled()) - self.assertFalse(self.page.isComplete()) - - @unittest.skip - def test_check_button_triggers_tests(self): - checkbutton = self.page.providerCheckButton - self.assertFalse(checkbutton.isEnabled()) - self.assertFalse(self.page.do_checks.called) - - self.fill_provider() - - self.assertTrue(checkbutton.isEnabled()) - mclick = QTest.mouseClick - # click! - mclick(checkbutton, Qt.LeftButton) - self.waitFor(seconds=0.1) - self.assertTrue(self.page.do_checks.called) - - # XXX - # can play with different side_effects for do_checks mock... - # so we can see what happens with errors and so on - - def test_validate_page(self): - self.assertFalse(self.page.validatePage()) - # XXX TODO MOAR CASES... - # add errors, False - # change done, False - # not done, do_checks called - # click confirm, True - # done and do_confirm, True - - def test_next_id(self): - self.assertEqual(self.page.nextId(), 1) - - def test_paint_event(self): - self.page.populateErrors = mock.Mock() - self.page.paintEvent(None) - self.page.populateErrors.assert_called_with() - - def test_validation_ready(self): - f_username = self.page.userNameLineEdit - f_password = self.page.userPasswordLineEdit - f_passwor2 = self.page.userPassword2LineEdit - - self.fill_field(f_username, "testuser") - self.fill_field(f_password, "testpassword") - self.fill_field(f_passwor2, "testpassword") - - self.page.done = True - self.page.on_checks_validation_ready() - self.assertFalse(f_username.isEnabled()) - self.assertFalse(f_password.isEnabled()) - self.assertFalse(f_passwor2.isEnabled()) - - self.assertEqual(self.page.validationMsg.text(), - "Registration succeeded!") - self.assertEqual(self.page.do_confirm_next, True) - - -if __name__ == "__main__": - unittest.main() diff --git a/src/leap/gui/tests/test_firstrun_wizard.py b/src/leap/gui/tests/test_firstrun_wizard.py deleted file mode 100644 index 395604d3..00000000 --- a/src/leap/gui/tests/test_firstrun_wizard.py +++ /dev/null @@ -1,137 +0,0 @@ -import sys -import unittest - -import mock - -from leap.testing import qunittest -from leap.testing import pyqt - -from PyQt4 import QtGui -#from PyQt4 import QtCore -import PyQt4.QtCore # some weirdness with mock module - -from PyQt4.QtTest import QTest -#from PyQt4.QtCore import Qt - -from leap.gui import firstrun - - -class TestWizard(firstrun.wizard.FirstRunWizard): - pass - - -PAGES_DICT = dict(( - ('intro', firstrun.intro.IntroPage), - ('providerselection', - firstrun.providerselect.SelectProviderPage), - ('login', firstrun.login.LogInPage), - ('providerinfo', firstrun.providerinfo.ProviderInfoPage), - ('providersetupvalidation', - firstrun.providersetup.ProviderSetupValidationPage), - ('signup', firstrun.register.RegisterUserPage), - ('connect', - firstrun.connect.ConnectionPage), - ('lastpage', firstrun.last.LastPage) -)) - - -mockQSettings = mock.MagicMock() -mockQSettings().setValue.return_value = True - -#PyQt4.QtCore.QSettings = mockQSettings - - -class FirstRunWizardTestCase(qunittest.TestCase): - - # XXX can spy on signal connections - - def setUp(self): - self.app = QtGui.QApplication(sys.argv) - QtGui.qApp = self.app - self.wizard = TestWizard(None) - - def tearDown(self): - QtGui.qApp = None - self.app = None - self.wizard = None - - def test_defaults(self): - self.assertEqual(self.wizard.pages_dict, PAGES_DICT) - - @mock.patch('PyQt4.QtCore.QSettings', mockQSettings) - def test_accept(self): - """ - test the main accept method - that gets called when user has gone - thru all the wizard and click on finish button - """ - - self.wizard.success_cb = mock.Mock() - self.wizard.success_cb.return_value = True - - # dummy values; we inject them in the field - # mocks (where wizard gets them) and then - # we check that they are passed to QSettings.setValue - field_returns = ["testuser", "1234", "testprovider", True] - - def field_side_effects(*args): - return field_returns.pop(0) - - self.wizard.field = mock.Mock(side_effect=field_side_effects) - self.wizard.get_random_str = mock.Mock() - RANDOMSTR = "thisisarandomstringTM" - self.wizard.get_random_str.return_value = RANDOMSTR - - # mocked settings (see decorator on this method) - mqs = PyQt4.QtCore.QSettings - - # go! call accept... - self.wizard.accept() - - # did settings().setValue get called with the proper - # arguments? - call = mock.call - calls = [call("FirstRunWizardDone", True), - call("provider_domain", "testprovider"), - call("remember_user_and_pass", True), - call("username", "testuser@testprovider"), - call("testprovider_seed", RANDOMSTR)] - mqs().setValue.assert_has_calls(calls, any_order=True) - - # assert success callback is success oh boy - self.wizard.success_cb.assert_called_with() - - def test_random_str(self): - r = self.wizard.get_random_str(42) - self.assertTrue(len(r) == 42) - - def test_page_index(self): - """ - we test both the get_page_index function - and the correct ordering of names - """ - # remember it's implemented as an ordered dict - - pagenames = ('intro', 'providerselection', 'login', 'providerinfo', - 'providersetupvalidation', 'signup', 'connect', - 'lastpage') - eq = self.assertEqual - w = self.wizard - for index, name in enumerate(pagenames): - eq(w.get_page_index(name), index) - - def test_validation_errors(self): - """ - tests getters and setters for validation errors - """ - page = "testpage" - eq = self.assertEqual - w = self.wizard - eq(w.get_validation_error(page), None) - w.set_validation_error(page, "error") - eq(w.get_validation_error(page), "error") - w.clean_validation_error(page) - eq(w.get_validation_error(page), None) - -if __name__ == "__main__": - unittest.main() diff --git a/src/leap/gui/tests/test_mainwindow_rc.py b/src/leap/gui/tests/test_mainwindow_rc.py deleted file mode 100644 index 5004b0ac..00000000 --- a/src/leap/gui/tests/test_mainwindow_rc.py +++ /dev/null @@ -1,32 +0,0 @@ -import unittest -import hashlib - -try: - import sip - sip.setapi('QVariant', 2) -except ValueError: - pass - -from leap.gui import mainwindow_rc - -# I have to admit that there's something -# perverse in testing this. -# Even though, I still think that it _is_ a good idea -# to put a check to avoid non-updated resources files. - -# so, if you came here because an updated resource -# did break a test, what you have to do is getting -# the md5 hash of your qt_resource_data and change it here. - -# annoying? yep. try making a script for that :P - - -class MainWindowResourcesTest(unittest.TestCase): - - def test_mainwindow_resources_hash(self): - self.assertEqual( - hashlib.md5(mainwindow_rc.qt_resource_data).hexdigest(), - 'ff331dc5ab50df1572b4f5c5a2691ce5') - -if __name__ == "__main__": - unittest.main() diff --git a/src/leap/gui/tests/test_progress.py b/src/leap/gui/tests/test_progress.py deleted file mode 100644 index 1f9f9e38..00000000 --- a/src/leap/gui/tests/test_progress.py +++ /dev/null @@ -1,449 +0,0 @@ -from collections import namedtuple -import sys -import unittest -import Queue - -import mock - -from leap.testing import qunittest -from leap.testing import pyqt - -from PyQt4 import QtGui -from PyQt4 import QtCore -from PyQt4.QtTest import QTest -from PyQt4.QtCore import Qt - -from leap.gui import progress - - -class ProgressStepTestCase(unittest.TestCase): - - def test_step_attrs(self): - ps = progress.ProgressStep - step = ps('test', False, 1) - # instance - self.assertEqual(step.index, 1) - self.assertEqual(step.name, "test") - self.assertEqual(step.done, False) - step = ps('test2', True, 2) - self.assertEqual(step.index, 2) - self.assertEqual(step.name, "test2") - self.assertEqual(step.done, True) - - # class methods and attrs - self.assertEqual(ps.columns(), ('name', 'done')) - self.assertEqual(ps.NAME, 0) - self.assertEqual(ps.DONE, 1) - - -class ProgressStepContainerTestCase(unittest.TestCase): - def setUp(self): - self.psc = progress.ProgressStepContainer() - - def addSteps(self, number): - Step = progress.ProgressStep - for n in range(number): - self.psc.addStep(Step("%s" % n, False, n)) - - def test_attrs(self): - self.assertEqual(self.psc.columns, - ('name', 'done')) - - def test_add_steps(self): - Step = progress.ProgressStep - self.assertTrue(len(self.psc) == 0) - self.psc.addStep(Step('one', False, 0)) - self.assertTrue(len(self.psc) == 1) - self.psc.addStep(Step('two', False, 1)) - self.assertTrue(len(self.psc) == 2) - - def test_del_all_steps(self): - self.assertTrue(len(self.psc) == 0) - self.addSteps(5) - self.assertTrue(len(self.psc) == 5) - self.psc.removeAllSteps() - self.assertTrue(len(self.psc) == 0) - - def test_del_step(self): - Step = progress.ProgressStep - self.addSteps(5) - self.assertTrue(len(self.psc) == 5) - self.psc.removeStep(self.psc.step(4)) - self.assertTrue(len(self.psc) == 4) - self.psc.removeStep(self.psc.step(4)) - self.psc.removeStep(Step('none', False, 5)) - self.psc.removeStep(self.psc.step(4)) - - def test_iter(self): - self.addSteps(10) - self.assertEqual( - [x.index for x in self.psc], - [x for x in range(10)]) - - -class StepsTableWidgetTestCase(unittest.TestCase): - - def setUp(self): - self.app = QtGui.QApplication(sys.argv) - QtGui.qApp = self.app - self.stw = progress.StepsTableWidget() - - def tearDown(self): - QtGui.qApp = None - self.app = None - - def test_defaults(self): - self.assertTrue(isinstance(self.stw, QtGui.QTableWidget)) - self.assertEqual(self.stw.focusPolicy(), 0) - - -class TestWithStepsClass(QtGui.QWidget, progress.WithStepsMixIn): - - def __init__(self, parent=None): - super(TestWithStepsClass, self).__init__(parent=parent) - self.setupStepsProcessingQueue() - self.statuses = [] - self.current_page = "testpage" - - def onStepStatusChanged(self, *args): - """ - blank out this gui method - that will add status lines - """ - self.statuses.append(args) - - -class WithStepsMixInTestCase(qunittest.TestCase): - - TIMER_WAIT = 2 * progress.WithStepsMixIn.STEPS_TIMER_MS / 1000.0 - - # XXX can spy on signal connections - - def setUp(self): - self.app = QtGui.QApplication(sys.argv) - QtGui.qApp = self.app - self.stepy = TestWithStepsClass() - #self.connects = [] - #pyqt.enableSignalDebugging( - #connectCall=lambda *args: self.connects.append(args)) - #self.assertEqual(self.connects, []) - #self.stepy.stepscheck_timer.timeout.disconnect( - #self.stepy.processStepsQueue) - - def tearDown(self): - QtGui.qApp = None - self.app = None - - def test_has_queue(self): - s = self.stepy - self.assertTrue(hasattr(s, 'steps_queue')) - self.assertTrue(isinstance(s.steps_queue, Queue.Queue)) - self.assertTrue(isinstance(s.stepscheck_timer, QtCore.QTimer)) - - def test_do_checks_delegation(self): - s = self.stepy - - _do_checks = mock.Mock() - _do_checks.return_value = ( - (("test", 0), lambda: None), - (("test", 0), lambda: None)) - s._do_checks = _do_checks - s.do_checks() - self.waitFor(seconds=self.TIMER_WAIT) - _do_checks.assert_called_with() - self.assertEqual(len(s.statuses), 2) - - # test that a failed test interrupts the run - - s.statuses = [] - _do_checks = mock.Mock() - _do_checks.return_value = ( - (("test", 0), lambda: None), - (("test", 0), lambda: False), - (("test", 0), lambda: None)) - s._do_checks = _do_checks - s.do_checks() - self.waitFor(seconds=self.TIMER_WAIT) - _do_checks.assert_called_with() - self.assertEqual(len(s.statuses), 2) - - def test_process_queue(self): - s = self.stepy - q = s.steps_queue - s.set_failed_icon = mock.MagicMock() - with self.assertRaises(AssertionError): - q.put('foo') - self.waitFor(seconds=self.TIMER_WAIT) - s.set_failed_icon.assert_called_with() - q.put("failed") - self.waitFor(seconds=self.TIMER_WAIT) - s.set_failed_icon.assert_called_with() - - def test_on_checks_validation_ready_called(self): - s = self.stepy - s.on_checks_validation_ready = mock.MagicMock() - - _do_checks = mock.Mock() - _do_checks.return_value = ( - (("test", 0), lambda: None),) - s._do_checks = _do_checks - s.do_checks() - - self.waitFor(seconds=self.TIMER_WAIT) - s.on_checks_validation_ready.assert_called_with() - - def test_fail(self): - s = self.stepy - - s.wizard = mock.Mock() - wizard = s.wizard.return_value - wizard.set_validation_error.return_value = True - s.completeChanged = mock.Mock() - s.completeChanged.emit.return_value = True - - self.assertFalse(s.fail(err="foo")) - self.waitFor(seconds=self.TIMER_WAIT) - wizard.set_validation_error.assert_called_with('testpage', 'foo') - s.completeChanged.emit.assert_called_with() - - # with no args - s.wizard = mock.Mock() - wizard = s.wizard.return_value - wizard.set_validation_error.return_value = True - s.completeChanged = mock.Mock() - s.completeChanged.emit.return_value = True - - self.assertFalse(s.fail()) - self.waitFor(seconds=self.TIMER_WAIT) - with self.assertRaises(AssertionError): - wizard.set_validation_error.assert_called_with() - s.completeChanged.emit.assert_called_with() - - def test_done(self): - s = self.stepy - s.done = False - - s.completeChanged = mock.Mock() - s.completeChanged.emit.return_value = True - - self.assertFalse(s.is_done()) - s.set_done() - self.assertTrue(s.is_done()) - s.completeChanged.emit.assert_called_with() - - s.completeChanged = mock.Mock() - s.completeChanged.emit.return_value = True - s.set_undone() - self.assertFalse(s.is_done()) - - def test_back_and_next(self): - s = self.stepy - s.wizard = mock.Mock() - wizard = s.wizard.return_value - wizard.back.return_value = True - wizard.next.return_value = True - s.go_back() - wizard.back.assert_called_with() - s.go_next() - wizard.next.assert_called_with() - - def test_on_step_statuschanged_slot(self): - s = self.stepy - s.onStepStatusChanged = progress.WithStepsMixIn.onStepStatusChanged - s.add_status_line = mock.Mock() - s.set_checked_icon = mock.Mock() - s.progress = mock.Mock() - s.progress.setValue.return_value = True - s.progress.update.return_value = True - - s.onStepStatusChanged(s, "end_sentinel") - s.set_checked_icon.assert_called_with() - - s.onStepStatusChanged(s, "foo") - s.add_status_line.assert_called_with("foo") - - s.onStepStatusChanged(s, "bar", 42) - s.progress.setValue.assert_called_with(42) - s.progress.update.assert_called_with() - - def test_steps_and_errors(self): - s = self.stepy - s.setupSteps() - self.assertTrue(isinstance(s.steps, progress.ProgressStepContainer)) - self.assertEqual(s.errors, {}) - s.set_error('fooerror', 'barerror') - self.assertEqual(s.errors, {'fooerror': 'barerror'}) - s.set_error('2', 42) - self.assertEqual(s.errors, {'fooerror': 'barerror', '2': 42}) - fe = s.pop_first_error() - self.assertEqual(fe, ('fooerror', 'barerror')) - self.assertEqual(s.errors, {'2': 42}) - s.clean_errors() - self.assertEqual(s.errors, {}) - - def test_launch_chechs_slot(self): - s = self.stepy - s.do_checks = mock.Mock() - s.launch_checks() - s.do_checks.assert_called_with() - - def test_clean_wizard_errors(self): - s = self.stepy - s.wizard = mock.Mock() - wizard = s.wizard.return_value - wizard.set_validation_error.return_value = True - s.clean_wizard_errors(pagename="foopage") - wizard.set_validation_error.assert_called_with("foopage", None) - - def test_clear_table(self): - s = self.stepy - s.stepsTableWidget = mock.Mock() - s.stepsTableWidget.clearContents.return_value = True - s.clearTable() - s.stepsTableWidget.clearContents.assert_called_with() - - def test_populate_steps_table(self): - s = self.stepy - Step = namedtuple('Step', ['name', 'done']) - - class Steps(object): - columns = ("name", "done") - _items = (Step('step1', False), Step('step2', False)) - - def __len__(self): - return 2 - - def __iter__(self): - for i in self._items: - yield i - - s.steps = Steps() - - s.stepsTableWidget = mock.Mock() - s.stepsTableWidget.setItem.return_value = True - s.resizeTable = mock.Mock() - s.update = mock.Mock() - s.populateStepsTable() - s.update.assert_called_with() - s.resizeTable.assert_called_with() - - # assert stepsTableWidget.setItem called ... - # we do not want to get into the actual - # <QTableWidgetItem object at 0x92a565c> - call_list = s.stepsTableWidget.setItem.call_args_list - indexes = [(y, z) for y, z, xx in [x[0] for x in call_list]] - self.assertEqual(indexes, - [(0, 0), (0, 1), (1, 0), (1, 1)]) - - def test_add_status_line(self): - s = self.stepy - s.steps = progress.ProgressStepContainer() - s.stepsTableWidget = mock.Mock() - s.stepsTableWidget.width.return_value = 100 - s.set_item = mock.Mock() - s.set_item_icon = mock.Mock() - s.add_status_line("new status") - s.set_item_icon.assert_called_with(current=False) - - def test_set_item_icon(self): - s = self.stepy - s.steps = progress.ProgressStepContainer() - s.stepsTableWidget = mock.Mock() - s.stepsTableWidget.setCellWidget.return_value = True - s.stepsTableWidget.width.return_value = 100 - #s.set_item = mock.Mock() - #s.set_item_icon = mock.Mock() - s.add_status_line("new status") - s.add_status_line("new 2 status") - s.add_status_line("new 3 status") - call_list = s.stepsTableWidget.setCellWidget.call_args_list - indexes = [(y, z) for y, z, xx in [x[0] for x in call_list]] - self.assertEqual( - indexes, - [(0, 1), (-1, 1), (1, 1), (0, 1), (2, 1), (1, 1)]) - - -class TestInlineValidationPage(progress.InlineValidationPage): - pass - - -class InlineValidationPageTestCase(unittest.TestCase): - - def setUp(self): - self.app = QtGui.QApplication(sys.argv) - QtGui.qApp = self.app - self.page = TestInlineValidationPage() - - def tearDown(self): - QtGui.qApp = None - self.app = None - - def test_defaults(self): - self.assertFalse(self.page.done) - # if setupProcessingQueue was called - self.assertTrue(isinstance(self.page.stepscheck_timer, QtCore.QTimer)) - self.assertTrue(isinstance(self.page.steps_queue, Queue.Queue)) - - def test_validation_frame(self): - # test frame creation - self.page.stepsTableWidget = progress.StepsTableWidget( - parent=self.page) - self.page.setupValidationFrame() - self.assertTrue(isinstance(self.page.valFrame, QtGui.QFrame)) - - # test show steps calls frame.show - self.page.valFrame = mock.Mock() - self.page.valFrame.show.return_value = True - self.page.showStepsFrame() - self.page.valFrame.show.assert_called_with() - - -class TestValidationPage(progress.ValidationPage): - pass - - -class ValidationPageTestCase(unittest.TestCase): - - def setUp(self): - self.app = QtGui.QApplication(sys.argv) - QtGui.qApp = self.app - self.page = TestValidationPage() - - def tearDown(self): - QtGui.qApp = None - self.app = None - - def test_defaults(self): - self.assertFalse(self.page.done) - # if setupProcessingQueue was called - self.assertTrue(isinstance(self.page.timer, QtCore.QTimer)) - self.assertTrue(isinstance(self.page.stepscheck_timer, QtCore.QTimer)) - self.assertTrue(isinstance(self.page.steps_queue, Queue.Queue)) - - def test_is_complete(self): - self.assertFalse(self.page.isComplete()) - self.page.done = True - self.assertTrue(self.page.isComplete()) - self.page.done = False - self.assertFalse(self.page.isComplete()) - - def test_show_hide_progress(self): - p = self.page - p.progress = mock.Mock() - p.progress.show.return_code = True - p.show_progress() - p.progress.show.assert_called_with() - p.progress.hide.return_code = True - p.hide_progress() - p.progress.hide.assert_called_with() - - def test_initialize_page(self): - p = self.page - p.timer = mock.Mock() - p.timer.singleShot.return_code = True - p.initializePage() - p.timer.singleShot.assert_called_with(0, p.do_checks) - - -if __name__ == "__main__": - unittest.main() diff --git a/src/leap/gui/tests/test_threads.py b/src/leap/gui/tests/test_threads.py deleted file mode 100644 index 06c19606..00000000 --- a/src/leap/gui/tests/test_threads.py +++ /dev/null @@ -1,27 +0,0 @@ -import unittest - -import mock -from leap.gui import threads - - -class FunThreadTestCase(unittest.TestCase): - - def setUp(self): - self.fun = mock.MagicMock() - self.fun.return_value = "foo" - self.t = threads.FunThread(fun=self.fun) - - def test_thread(self): - self.t.begin() - self.t.wait() - self.fun.assert_called() - del self.t - - def test_run(self): - # this is called by PyQt - self.t.run() - del self.t - self.fun.assert_called() - -if __name__ == "__main__": - unittest.main() diff --git a/src/leap/gui/threads.py b/src/leap/gui/threads.py deleted file mode 100644 index 8aad8866..00000000 --- a/src/leap/gui/threads.py +++ /dev/null @@ -1,21 +0,0 @@ -from PyQt4 import QtCore - - -class FunThread(QtCore.QThread): - - def __init__(self, fun=None, parent=None): - - QtCore.QThread.__init__(self, parent) - self.exiting = False - self.fun = fun - - def __del__(self): - self.exiting = True - self.wait() - - def run(self): - if self.fun: - self.fun() - - def begin(self): - self.start() diff --git a/src/leap/gui/twisted_main.py b/src/leap/gui/twisted_main.py new file mode 100644 index 00000000..c7add3ee --- /dev/null +++ b/src/leap/gui/twisted_main.py @@ -0,0 +1,60 @@ +# -*- coding: utf-8 -*- +# twisted_main.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +""" +Main functions for integration of twisted reactor +""" +import logging + +from twisted.internet import error + +# Resist the temptation of putting the import reactor here, +# it will raise an "reactor already imported" error. + +logger = logging.getLogger(__name__) + + +def start(app): + """ + Start the mainloop. + + :param app: the main qt QApplication instance. + :type app: QtCore.QApplication + """ + from twisted.internet import reactor + logger.debug('starting twisted reactor') + + # this seems to be troublesome under some + # unidentified settings. + #reactor.run() + + reactor.runReturn() + app.exec_() + + +def quit(app): + """ + Stop the mainloop. + + :param app: the main qt QApplication instance. + :type app: QtCore.QApplication + """ + from twisted.internet import reactor + logger.debug('stopping twisted reactor') + try: + reactor.stop() + except error.ReactorNotRunning: + logger.debug('reactor not running') diff --git a/src/leap/gui/ui/loggerwindow.ui b/src/leap/gui/ui/loggerwindow.ui new file mode 100644 index 00000000..28325cdf --- /dev/null +++ b/src/leap/gui/ui/loggerwindow.ui @@ -0,0 +1,155 @@ +<?xml version="1.0" encoding="UTF-8"?> +<ui version="4.0"> + <class>LoggerWindow</class> + <widget class="QWidget" name="LoggerWindow"> + <property name="geometry"> + <rect> + <x>0</x> + <y>0</y> + <width>648</width> + <height>469</height> + </rect> + </property> + <property name="windowTitle"> + <string>Logs</string> + </property> + <property name="windowIcon"> + <iconset resource="../../../../data/resources/mainwindow.qrc"> + <normaloff>:/images/leap-color-big.png</normaloff>:/images/leap-color-big.png</iconset> + </property> + <layout class="QGridLayout" name="gridLayout"> + <item row="2" column="0" colspan="2"> + <widget class="QTextBrowser" name="txtLogHistory"/> + </item> + <item row="0" column="0" colspan="2"> + <layout class="QHBoxLayout" name="horizontalLayout_2"> + <item> + <widget class="QPushButton" name="btnDebug"> + <property name="text"> + <string>Debug</string> + </property> + <property name="icon"> + <iconset resource="../../../../data/resources/loggerwindow.qrc"> + <normaloff>:/images/oxygen-icons/script-error.png</normaloff>:/images/oxygen-icons/script-error.png</iconset> + </property> + <property name="checkable"> + <bool>true</bool> + </property> + <property name="checked"> + <bool>true</bool> + </property> + <property name="flat"> + <bool>true</bool> + </property> + </widget> + </item> + <item> + <widget class="QPushButton" name="btnInfo"> + <property name="text"> + <string>Info</string> + </property> + <property name="icon"> + <iconset resource="../../../../data/resources/loggerwindow.qrc"> + <normaloff>:/images/oxygen-icons/dialog-information.png</normaloff>:/images/oxygen-icons/dialog-information.png</iconset> + </property> + <property name="checkable"> + <bool>true</bool> + </property> + <property name="checked"> + <bool>true</bool> + </property> + <property name="flat"> + <bool>true</bool> + </property> + </widget> + </item> + <item> + <widget class="QPushButton" name="btnWarning"> + <property name="text"> + <string>Warning</string> + </property> + <property name="icon"> + <iconset resource="../../../../data/resources/loggerwindow.qrc"> + <normaloff>:/images/oxygen-icons/dialog-warning.png</normaloff>:/images/oxygen-icons/dialog-warning.png</iconset> + </property> + <property name="checkable"> + <bool>true</bool> + </property> + <property name="checked"> + <bool>true</bool> + </property> + <property name="flat"> + <bool>true</bool> + </property> + </widget> + </item> + <item> + <widget class="QPushButton" name="btnError"> + <property name="text"> + <string>Error</string> + </property> + <property name="icon"> + <iconset resource="../../../../data/resources/loggerwindow.qrc"> + <normaloff>:/images/oxygen-icons/dialog-error.png</normaloff>:/images/oxygen-icons/dialog-error.png</iconset> + </property> + <property name="checkable"> + <bool>true</bool> + </property> + <property name="checked"> + <bool>true</bool> + </property> + <property name="flat"> + <bool>true</bool> + </property> + </widget> + </item> + <item> + <widget class="QPushButton" name="btnCritical"> + <property name="text"> + <string>Critical</string> + </property> + <property name="icon"> + <iconset resource="../../../../data/resources/loggerwindow.qrc"> + <normaloff>:/images/oxygen-icons/edit-bomb.png</normaloff>:/images/oxygen-icons/edit-bomb.png</iconset> + </property> + <property name="checkable"> + <bool>true</bool> + </property> + <property name="checked"> + <bool>true</bool> + </property> + <property name="flat"> + <bool>true</bool> + </property> + </widget> + </item> + <item> + <widget class="QPushButton" name="btnSave"> + <property name="text"> + <string>Save to file</string> + </property> + <property name="icon"> + <iconset resource="../../../../data/resources/loggerwindow.qrc"> + <normaloff>:/images/oxygen-icons/document-save-as.png</normaloff>:/images/oxygen-icons/document-save-as.png</iconset> + </property> + </widget> + </item> + </layout> + </item> + </layout> + </widget> + <tabstops> + <tabstop>btnDebug</tabstop> + <tabstop>btnInfo</tabstop> + <tabstop>btnWarning</tabstop> + <tabstop>btnError</tabstop> + <tabstop>btnCritical</tabstop> + <tabstop>btnSave</tabstop> + <tabstop>txtLogHistory</tabstop> + </tabstops> + <resources> + <include location="../../../../data/resources/loggerwindow.qrc"/> + <include location="../../../../data/resources/mainwindow.qrc"/> + </resources> + <connections/> +</ui> diff --git a/src/leap/gui/ui/login.ui b/src/leap/gui/ui/login.ui new file mode 100644 index 00000000..88c9ef44 --- /dev/null +++ b/src/leap/gui/ui/login.ui @@ -0,0 +1,129 @@ +<?xml version="1.0" encoding="UTF-8"?> +<ui version="4.0"> + <class>LoginWidget</class> + <widget class="QWidget" name="LoginWidget"> + <property name="geometry"> + <rect> + <x>0</x> + <y>0</y> + <width>356</width> + <height>219</height> + </rect> + </property> + <property name="windowTitle"> + <string>Form</string> + </property> + <layout class="QGridLayout" name="gridLayout"> + <item row="5" column="2"> + <spacer name="horizontalSpacer"> + <property name="orientation"> + <enum>Qt::Horizontal</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>40</width> + <height>20</height> + </size> + </property> + </spacer> + </item> + <item row="1" column="1" colspan="2"> + <widget class="QComboBox" name="cmbProviders"/> + </item> + <item row="5" column="0"> + <spacer name="horizontalSpacer_2"> + <property name="orientation"> + <enum>Qt::Horizontal</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>40</width> + <height>20</height> + </size> + </property> + </spacer> + </item> + <item row="6" column="1"> + <widget class="QPushButton" name="btnCreateAccount"> + <property name="text"> + <string>Create a new account</string> + </property> + </widget> + </item> + <item row="1" column="0"> + <widget class="QLabel" name="label_4"> + <property name="text"> + <string><b>Provider:</b></string> + </property> + <property name="alignment"> + <set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set> + </property> + </widget> + </item> + <item row="3" column="1" colspan="2"> + <widget class="QLineEdit" name="lnPassword"> + <property name="inputMask"> + <string/> + </property> + </widget> + </item> + <item row="2" column="1" colspan="2"> + <widget class="QLineEdit" name="lnUser"/> + </item> + <item row="4" column="1" colspan="2"> + <widget class="QCheckBox" name="chkRemember"> + <property name="text"> + <string>Remember username and password</string> + </property> + </widget> + </item> + <item row="2" column="0"> + <widget class="QLabel" name="label_2"> + <property name="text"> + <string><b>Username:</b></string> + </property> + <property name="alignment"> + <set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set> + </property> + </widget> + </item> + <item row="3" column="0"> + <widget class="QLabel" name="label_3"> + <property name="text"> + <string><b>Password:</b></string> + </property> + <property name="alignment"> + <set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set> + </property> + </widget> + </item> + <item row="5" column="1"> + <widget class="QPushButton" name="btnLogin"> + <property name="text"> + <string>Log In</string> + </property> + </widget> + </item> + <item row="0" column="0" colspan="3"> + <widget class="QLabel" name="lblStatus"> + <property name="text"> + <string/> + </property> + <property name="alignment"> + <set>Qt::AlignCenter</set> + </property> + </widget> + </item> + </layout> + </widget> + <tabstops> + <tabstop>cmbProviders</tabstop> + <tabstop>lnUser</tabstop> + <tabstop>lnPassword</tabstop> + <tabstop>chkRemember</tabstop> + <tabstop>btnLogin</tabstop> + <tabstop>btnCreateAccount</tabstop> + </tabstops> + <resources/> + <connections/> +</ui> diff --git a/src/leap/gui/ui/mainwindow.ui b/src/leap/gui/ui/mainwindow.ui new file mode 100644 index 00000000..58827fe0 --- /dev/null +++ b/src/leap/gui/ui/mainwindow.ui @@ -0,0 +1,315 @@ +<?xml version="1.0" encoding="UTF-8"?> +<ui version="4.0"> + <class>MainWindow</class> + <widget class="QMainWindow" name="MainWindow"> + <property name="geometry"> + <rect> + <x>0</x> + <y>0</y> + <width>429</width> + <height>579</height> + </rect> + </property> + <property name="windowTitle"> + <string>LEAP</string> + </property> + <property name="windowIcon"> + <iconset resource="../../../../data/resources/mainwindow.qrc"> + <normaloff>:/images/leap-color-big.png</normaloff>:/images/leap-color-big.png</iconset> + </property> + <property name="inputMethodHints"> + <set>Qt::ImhHiddenText</set> + </property> + <property name="iconSize"> + <size> + <width>128</width> + <height>128</height> + </size> + </property> + <widget class="QWidget" name="centralwidget"> + <layout class="QGridLayout" name="gridLayout"> + <item row="0" column="0" colspan="5"> + <layout class="QGridLayout" name="gridLayout_4"> + <item row="2" column="0"> + <spacer name="horizontalSpacer_8"> + <property name="orientation"> + <enum>Qt::Horizontal</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>40</width> + <height>20</height> + </size> + </property> + </spacer> + </item> + <item row="1" column="1"> + <spacer name="horizontalSpacer_7"> + <property name="orientation"> + <enum>Qt::Horizontal</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>40</width> + <height>0</height> + </size> + </property> + </spacer> + </item> + <item row="2" column="1"> + <widget class="QLabel" name="lblNewUpdates"> + <property name="text"> + <string>There are new updates available, please restart.</string> + </property> + <property name="alignment"> + <set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set> + </property> + </widget> + </item> + <item row="2" column="2"> + <widget class="QPushButton" name="btnMore"> + <property name="sizePolicy"> + <sizepolicy hsizetype="Preferred" vsizetype="Fixed"> + <horstretch>0</horstretch> + <verstretch>0</verstretch> + </sizepolicy> + </property> + <property name="text"> + <string>More...</string> + </property> + <property name="flat"> + <bool>true</bool> + </property> + </widget> + </item> + <item row="2" column="3"> + <spacer name="horizontalSpacer_9"> + <property name="orientation"> + <enum>Qt::Horizontal</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>40</width> + <height>20</height> + </size> + </property> + </spacer> + </item> + </layout> + </item> + <item row="6" column="2"> + <spacer name="verticalSpacer"> + <property name="orientation"> + <enum>Qt::Vertical</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>20</width> + <height>40</height> + </size> + </property> + </spacer> + </item> + <item row="10" column="0" colspan="5"> + <widget class="QStackedWidget" name="stackedWidget"> + <property name="currentIndex"> + <number>1</number> + </property> + <widget class="QWidget" name="loginPage"> + <layout class="QGridLayout" name="gridLayout_2"> + <item row="0" column="1"> + <layout class="QHBoxLayout" name="loginLayout"/> + </item> + <item row="0" column="2"> + <spacer name="horizontalSpacer_4"> + <property name="orientation"> + <enum>Qt::Horizontal</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>40</width> + <height>20</height> + </size> + </property> + </spacer> + </item> + <item row="0" column="0"> + <spacer name="horizontalSpacer_3"> + <property name="orientation"> + <enum>Qt::Horizontal</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>40</width> + <height>20</height> + </size> + </property> + </spacer> + </item> + </layout> + </widget> + <widget class="QWidget" name="page_2"> + <layout class="QGridLayout" name="gridLayout_3"> + <item row="0" column="0"> + <layout class="QVBoxLayout" name="statusLayout"/> + </item> + </layout> + </widget> + </widget> + </item> + <item row="7" column="2"> + <widget class="QLabel" name="label"> + <property name="autoFillBackground"> + <bool>false</bool> + </property> + <property name="text"> + <string/> + </property> + <property name="pixmap"> + <pixmap resource="../../../../data/resources/mainwindow.qrc">:/images/leap-color-big.png</pixmap> + </property> + <property name="alignment"> + <set>Qt::AlignCenter</set> + </property> + </widget> + </item> + <item row="7" column="3" colspan="2"> + <spacer name="horizontalSpacer_2"> + <property name="orientation"> + <enum>Qt::Horizontal</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>40</width> + <height>20</height> + </size> + </property> + </spacer> + </item> + <item row="17" column="2"> + <spacer name="verticalSpacer_2"> + <property name="orientation"> + <enum>Qt::Vertical</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>20</width> + <height>40</height> + </size> + </property> + </spacer> + </item> + <item row="7" column="0" colspan="2"> + <spacer name="horizontalSpacer"> + <property name="orientation"> + <enum>Qt::Horizontal</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>40</width> + <height>20</height> + </size> + </property> + </spacer> + </item> + <item row="18" column="2"> + <layout class="QHBoxLayout" name="horizontalLayout"> + <item> + <spacer name="horizontalSpacer_10"> + <property name="orientation"> + <enum>Qt::Horizontal</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>40</width> + <height>20</height> + </size> + </property> + </spacer> + </item> + <item> + <widget class="QPushButton" name="btnShowLog"> + <property name="text"> + <string>Show Log</string> + </property> + <property name="checkable"> + <bool>true</bool> + </property> + <property name="checked"> + <bool>false</bool> + </property> + <property name="flat"> + <bool>true</bool> + </property> + </widget> + </item> + </layout> + </item> + </layout> + </widget> + <widget class="QMenuBar" name="menubar"> + <property name="geometry"> + <rect> + <x>0</x> + <y>0</y> + <width>429</width> + <height>25</height> + </rect> + </property> + <widget class="QMenu" name="menuSession"> + <property name="title"> + <string>&Session</string> + </property> + <addaction name="action_sign_out"/> + <addaction name="separator"/> + <addaction name="action_quit"/> + </widget> + <widget class="QMenu" name="menuHelp"> + <property name="title"> + <string>Help</string> + </property> + <addaction name="action_help"/> + <addaction name="separator"/> + <addaction name="action_about_leap"/> + </widget> + <addaction name="menuSession"/> + <addaction name="menuHelp"/> + </widget> + <widget class="QStatusBar" name="statusbar"/> + <action name="action_sign_out"> + <property name="text"> + <string>&Sign out</string> + </property> + </action> + <action name="action_quit"> + <property name="text"> + <string>&Quit</string> + </property> + </action> + <action name="action_about_leap"> + <property name="text"> + <string>About &LEAP</string> + </property> + </action> + <action name="action_help"> + <property name="text"> + <string>&Help</string> + </property> + </action> + <action name="action_wizard"> + <property name="text"> + <string>&Wizard</string> + </property> + </action> + <action name="action_show_logs"> + <property name="text"> + <string>Show &logs</string> + </property> + </action> + </widget> + <resources> + <include location="../../../../data/resources/mainwindow.qrc"/> + <include location="../../../../data/resources/locale.qrc"/> + </resources> + <connections/> +</ui> diff --git a/src/leap/gui/ui/statuspanel.ui b/src/leap/gui/ui/statuspanel.ui new file mode 100644 index 00000000..1a2c77ad --- /dev/null +++ b/src/leap/gui/ui/statuspanel.ui @@ -0,0 +1,244 @@ +<?xml version="1.0" encoding="UTF-8"?> +<ui version="4.0"> + <class>StatusPanel</class> + <widget class="QWidget" name="StatusPanel"> + <property name="geometry"> + <rect> + <x>0</x> + <y>0</y> + <width>542</width> + <height>477</height> + </rect> + </property> + <property name="windowTitle"> + <string>Form</string> + </property> + <layout class="QVBoxLayout" name="verticalLayout"> + <item> + <widget class="QLabel" name="lblProvider"> + <property name="styleSheet"> + <string notr="true">font: bold;</string> + </property> + <property name="text"> + <string>user@domain.org</string> + </property> + <property name="wordWrap"> + <bool>true</bool> + </property> + </widget> + </item> + <item> + <widget class="QWidget" name="status_rows" native="true"> + <property name="enabled"> + <bool>true</bool> + </property> + <property name="styleSheet"> + <string notr="true"/> + </property> + <layout class="QGridLayout" name="gridLayout"> + <item row="0" column="1"> + <layout class="QHBoxLayout" name="eip_controls"> + <item> + <widget class="QLabel" name="label"> + <property name="text"> + <string>Encrypted Internet: </string> + </property> + </widget> + </item> + <item> + <widget class="QLabel" name="lblEIPStatus"> + <property name="styleSheet"> + <string notr="true">font: bold;</string> + </property> + <property name="text"> + <string>Off</string> + </property> + <property name="textFormat"> + <enum>Qt::AutoText</enum> + </property> + <property name="alignment"> + <set>Qt::AlignCenter</set> + </property> + <property name="wordWrap"> + <bool>false</bool> + </property> + </widget> + </item> + <item> + <spacer name="horizontalSpacer"> + <property name="orientation"> + <enum>Qt::Horizontal</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>40</width> + <height>20</height> + </size> + </property> + </spacer> + </item> + <item> + <widget class="QPushButton" name="btnEipStartStop"> + <property name="text"> + <string>Turn On</string> + </property> + </widget> + </item> + </layout> + </item> + <item row="2" column="0"> + <spacer name="verticalSpacer_2"> + <property name="orientation"> + <enum>Qt::Vertical</enum> + </property> + <property name="sizeType"> + <enum>QSizePolicy::Preferred</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>0</width> + <height>11</height> + </size> + </property> + </spacer> + </item> + <item row="0" column="0" rowspan="2"> + <widget class="QLabel" name="lblVPNStatusIcon"> + <property name="maximumSize"> + <size> + <width>64</width> + <height>64</height> + </size> + </property> + <property name="text"> + <string/> + </property> + <property name="pixmap"> + <pixmap resource="../../../../data/resources/icons.qrc">:/images/light/64/network-eip-down.png</pixmap> + </property> + <property name="alignment"> + <set>Qt::AlignCenter</set> + </property> + </widget> + </item> + <item row="1" column="1"> + <layout class="QHBoxLayout" name="eip_bandwidth"> + <property name="spacing"> + <number>4</number> + </property> + <property name="sizeConstraint"> + <enum>QLayout::SetDefaultConstraint</enum> + </property> + <item> + <widget class="QLabel" name="label_5"> + <property name="text"> + <string/> + </property> + <property name="pixmap"> + <pixmap resource="../../../../data/resources/icons.qrc">:/images/light/16/down-arrow.png</pixmap> + </property> + </widget> + </item> + <item> + <widget class="QLabel" name="lblUpload"> + <property name="text"> + <string>0.0 Kb</string> + </property> + </widget> + </item> + <item> + <spacer name="horizontalSpacer_3"> + <property name="orientation"> + <enum>Qt::Horizontal</enum> + </property> + <property name="sizeType"> + <enum>QSizePolicy::Fixed</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>20</width> + <height>20</height> + </size> + </property> + </spacer> + </item> + <item> + <widget class="QLabel" name="label_7"> + <property name="text"> + <string/> + </property> + <property name="pixmap"> + <pixmap resource="../../../../data/resources/icons.qrc">:/images/light/16/up-arrow.png</pixmap> + </property> + </widget> + </item> + <item> + <widget class="QLabel" name="lblDownload"> + <property name="text"> + <string>0.0 Kb</string> + </property> + </widget> + </item> + <item> + <spacer name="horizontalSpacer_2"> + <property name="orientation"> + <enum>Qt::Horizontal</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>40</width> + <height>20</height> + </size> + </property> + </spacer> + </item> + </layout> + </item> + <item row="3" column="0" colspan="2"> + <widget class="QGroupBox" name="globalStatusBox"> + <property name="enabled"> + <bool>false</bool> + </property> + <layout class="QGridLayout" name="gridLayout_2"> + <item row="0" column="0"> + <widget class="QLabel" name="lblGlobalStatus"> + <property name="enabled"> + <bool>false</bool> + </property> + <property name="text"> + <string>...</string> + </property> + <property name="wordWrap"> + <bool>true</bool> + </property> + </widget> + </item> + </layout> + </widget> + </item> + </layout> + </widget> + </item> + <item> + <spacer name="verticalSpacer"> + <property name="orientation"> + <enum>Qt::Vertical</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>20</width> + <height>40</height> + </size> + </property> + </spacer> + </item> + </layout> + <zorder>lblProvider</zorder> + <zorder>status_rows</zorder> + <zorder>globalStatusBox</zorder> + </widget> + <resources> + <include location="../../../../data/resources/icons.qrc"/> + </resources> + <connections/> +</ui> diff --git a/src/leap/gui/ui/wizard.ui b/src/leap/gui/ui/wizard.ui new file mode 100644 index 00000000..4b9cab1c --- /dev/null +++ b/src/leap/gui/ui/wizard.ui @@ -0,0 +1,846 @@ +<?xml version="1.0" encoding="UTF-8"?> +<ui version="4.0"> + <class>Wizard</class> + <widget class="QWizard" name="Wizard"> + <property name="geometry"> + <rect> + <x>0</x> + <y>0</y> + <width>536</width> + <height>452</height> + </rect> + </property> + <property name="windowTitle"> + <string>LEAP First run</string> + </property> + <property name="windowIcon"> + <iconset resource="../../../../data/resources/mainwindow.qrc"> + <normaloff>:/images/leap-color-big.png</normaloff>:/images/leap-color-big.png</iconset> + </property> + <property name="modal"> + <bool>true</bool> + </property> + <property name="wizardStyle"> + <enum>QWizard::ModernStyle</enum> + </property> + <property name="options"> + <set>QWizard::IndependentPages</set> + </property> + <widget class="QWizardPage" name="introduction_page"> + <property name="title"> + <string>Welcome</string> + </property> + <property name="subTitle"> + <string>This is the LEAP Client first run wizard</string> + </property> + <attribute name="pageId"> + <string notr="true">0</string> + </attribute> + <layout class="QGridLayout" name="gridLayout"> + <item row="3" column="0"> + <widget class="QRadioButton" name="rdoLogin"> + <property name="text"> + <string>Log In with my credentials</string> + </property> + </widget> + </item> + <item row="0" column="0"> + <widget class="QLabel" name="label_3"> + <property name="text"> + <string><html><head/><body><p>Now we will guide you through some configuration that is needed before you can connect for the first time.</p><p>If you ever need to modify these options again, you can find the wizard in the <span style=" font-style:italic;">'Settings'</span> menu from the main window.</p><p>Do you want to <span style=" font-weight:600;">sign up</span> for a new account, or <span style=" font-weight:600;">log in</span> with an already existing username?</p></body></html></string> + </property> + <property name="textFormat"> + <enum>Qt::RichText</enum> + </property> + <property name="wordWrap"> + <bool>true</bool> + </property> + </widget> + </item> + <item row="2" column="0"> + <widget class="QRadioButton" name="rdoRegister"> + <property name="text"> + <string>Sign up for a new account</string> + </property> + <property name="checked"> + <bool>true</bool> + </property> + </widget> + </item> + <item row="1" column="0"> + <spacer name="verticalSpacer_11"> + <property name="orientation"> + <enum>Qt::Vertical</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>20</width> + <height>40</height> + </size> + </property> + </spacer> + </item> + <item row="4" column="0"> + <spacer name="verticalSpacer_12"> + <property name="orientation"> + <enum>Qt::Vertical</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>20</width> + <height>40</height> + </size> + </property> + </spacer> + </item> + </layout> + </widget> + <widget class="WizardPage" name="select_provider_page"> + <property name="title"> + <string>Provider selection</string> + </property> + <property name="subTitle"> + <string>Please enter the domain of the provider you want to use for your connection</string> + </property> + <attribute name="pageId"> + <string notr="true">1</string> + </attribute> + <layout class="QGridLayout" name="gridLayout_2"> + <item row="0" column="1"> + <spacer name="verticalSpacer"> + <property name="orientation"> + <enum>Qt::Vertical</enum> + </property> + <property name="sizeType"> + <enum>QSizePolicy::Fixed</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>20</width> + <height>60</height> + </size> + </property> + </spacer> + </item> + <item row="1" column="1"> + <widget class="QLineEdit" name="lnProvider"/> + </item> + <item row="1" column="2"> + <widget class="QPushButton" name="btnCheck"> + <property name="text"> + <string>Check</string> + </property> + </widget> + </item> + <item row="3" column="1"> + <spacer name="verticalSpacer_2"> + <property name="orientation"> + <enum>Qt::Vertical</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>20</width> + <height>40</height> + </size> + </property> + </spacer> + </item> + <item row="1" column="0"> + <widget class="QLabel" name="label"> + <property name="text"> + <string>https://</string> + </property> + <property name="alignment"> + <set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set> + </property> + </widget> + </item> + <item row="4" column="0" colspan="3"> + <widget class="QGroupBox" name="grpCheckProvider"> + <property name="title"> + <string>Checking for a valid provider</string> + </property> + <layout class="QGridLayout" name="gridLayout_3"> + <item row="3" column="0"> + <widget class="QLabel" name="label_5"> + <property name="text"> + <string>Getting provider information</string> + </property> + </widget> + </item> + <item row="2" column="0"> + <widget class="QLabel" name="label_4"> + <property name="text"> + <string>Can we stablish a secure connection?</string> + </property> + </widget> + </item> + <item row="3" column="1"> + <widget class="QLabel" name="lblProviderInfo"> + <property name="sizePolicy"> + <sizepolicy hsizetype="Fixed" vsizetype="Fixed"> + <horstretch>0</horstretch> + <verstretch>0</verstretch> + </sizepolicy> + </property> + <property name="minimumSize"> + <size> + <width>24</width> + <height>24</height> + </size> + </property> + <property name="text"> + <string/> + </property> + <property name="pixmap"> + <pixmap resource="../../../../data/resources/mainwindow.qrc">:/images/Emblem-question.png</pixmap> + </property> + </widget> + </item> + <item row="2" column="1"> + <widget class="QLabel" name="lblHTTPS"> + <property name="sizePolicy"> + <sizepolicy hsizetype="Fixed" vsizetype="Fixed"> + <horstretch>0</horstretch> + <verstretch>0</verstretch> + </sizepolicy> + </property> + <property name="minimumSize"> + <size> + <width>24</width> + <height>24</height> + </size> + </property> + <property name="text"> + <string/> + </property> + <property name="pixmap"> + <pixmap resource="../../../../data/resources/mainwindow.qrc">:/images/Emblem-question.png</pixmap> + </property> + </widget> + </item> + <item row="1" column="1"> + <widget class="QLabel" name="lblNameResolution"> + <property name="sizePolicy"> + <sizepolicy hsizetype="Fixed" vsizetype="Fixed"> + <horstretch>0</horstretch> + <verstretch>0</verstretch> + </sizepolicy> + </property> + <property name="minimumSize"> + <size> + <width>24</width> + <height>24</height> + </size> + </property> + <property name="text"> + <string/> + </property> + <property name="pixmap"> + <pixmap resource="../../../../data/resources/mainwindow.qrc">:/images/Emblem-question.png</pixmap> + </property> + </widget> + </item> + <item row="1" column="0"> + <widget class="QLabel" name="label_2"> + <property name="text"> + <string>Can we reach this provider?</string> + </property> + </widget> + </item> + <item row="0" column="0"> + <spacer name="horizontalSpacer"> + <property name="orientation"> + <enum>Qt::Horizontal</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>40</width> + <height>0</height> + </size> + </property> + </spacer> + </item> + </layout> + </widget> + </item> + <item row="2" column="1" colspan="2"> + <widget class="QLabel" name="lblProviderSelectStatus"> + <property name="text"> + <string/> + </property> + </widget> + </item> + </layout> + </widget> + <widget class="QWizardPage" name="provider_info_page"> + <property name="title"> + <string>Provider Information</string> + </property> + <property name="subTitle"> + <string>Description of services offered by this provider</string> + </property> + <attribute name="pageId"> + <string notr="true">2</string> + </attribute> + <layout class="QGridLayout" name="gridLayout_4"> + <item row="1" column="0" colspan="2"> + <widget class="QLabel" name="lblProviderName"> + <property name="text"> + <string>Name</string> + </property> + </widget> + </item> + <item row="6" column="1"> + <spacer name="verticalSpacer_15"> + <property name="orientation"> + <enum>Qt::Vertical</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>20</width> + <height>40</height> + </size> + </property> + </spacer> + </item> + <item row="3" column="1" colspan="2"> + <widget class="QLabel" name="lblProviderDesc"> + <property name="minimumSize"> + <size> + <width>0</width> + <height>0</height> + </size> + </property> + <property name="baseSize"> + <size> + <width>200</width> + <height>0</height> + </size> + </property> + <property name="text"> + <string>Desc</string> + </property> + <property name="wordWrap"> + <bool>true</bool> + </property> + </widget> + </item> + <item row="4" column="0"> + <widget class="QLabel" name="lblServ"> + <property name="text"> + <string><b>Services offered:</b></string> + </property> + <property name="alignment"> + <set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set> + </property> + </widget> + </item> + <item row="4" column="1"> + <widget class="QLabel" name="lblServicesOffered"> + <property name="text"> + <string>services</string> + </property> + </widget> + </item> + <item row="4" column="2"> + <spacer name="horizontalSpacer_6"> + <property name="orientation"> + <enum>Qt::Horizontal</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>40</width> + <height>20</height> + </size> + </property> + </spacer> + </item> + <item row="5" column="0"> + <widget class="QLabel" name="label_12"> + <property name="text"> + <string><b>Enrollment policy:</b></string> + </property> + <property name="alignment"> + <set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set> + </property> + </widget> + </item> + <item row="5" column="1"> + <widget class="QLabel" name="lblProviderPolicy"> + <property name="text"> + <string>policy</string> + </property> + </widget> + </item> + <item row="0" column="1"> + <spacer name="verticalSpacer_5"> + <property name="orientation"> + <enum>Qt::Vertical</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>20</width> + <height>40</height> + </size> + </property> + </spacer> + </item> + <item row="2" column="0"> + <widget class="QLabel" name="label_6"> + <property name="text"> + <string><b>URL:</b></string> + </property> + <property name="alignment"> + <set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set> + </property> + </widget> + </item> + <item row="2" column="1" colspan="2"> + <widget class="QLabel" name="lblProviderURL"> + <property name="text"> + <string>URL</string> + </property> + </widget> + </item> + <item row="3" column="0"> + <widget class="QLabel" name="label_7"> + <property name="text"> + <string><b>Description:</b></string> + </property> + <property name="alignment"> + <set>Qt::AlignRight|Qt::AlignTop|Qt::AlignTrailing</set> + </property> + </widget> + </item> + </layout> + </widget> + <widget class="WizardPage" name="setup_provider_page"> + <property name="title"> + <string>Provider setup</string> + </property> + <property name="subTitle"> + <string>Gathering configuration options for this provider</string> + </property> + <attribute name="pageId"> + <string notr="true">3</string> + </attribute> + <layout class="QVBoxLayout" name="verticalLayout"> + <item> + <spacer name="verticalSpacer_3"> + <property name="orientation"> + <enum>Qt::Vertical</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>20</width> + <height>60</height> + </size> + </property> + </spacer> + </item> + <item> + <widget class="QLabel" name="lblSetupProviderExpl"> + <property name="text"> + <string>We are downloading some bits that we need to establish a secure connection with the provider for the first time.</string> + </property> + <property name="wordWrap"> + <bool>true</bool> + </property> + </widget> + </item> + <item> + <spacer name="verticalSpacer_6"> + <property name="orientation"> + <enum>Qt::Vertical</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>20</width> + <height>40</height> + </size> + </property> + </spacer> + </item> + <item> + <widget class="QGroupBox" name="groupBox_2"> + <property name="title"> + <string>Setting up provider</string> + </property> + <layout class="QGridLayout" name="gridLayout_6"> + <item row="2" column="1"> + <widget class="QLabel" name="lblCheckCaFpr"> + <property name="sizePolicy"> + <sizepolicy hsizetype="Fixed" vsizetype="Fixed"> + <horstretch>0</horstretch> + <verstretch>0</verstretch> + </sizepolicy> + </property> + <property name="minimumSize"> + <size> + <width>24</width> + <height>24</height> + </size> + </property> + <property name="text"> + <string/> + </property> + <property name="pixmap"> + <pixmap resource="../../../../data/resources/mainwindow.qrc">:/images/Emblem-question.png</pixmap> + </property> + </widget> + </item> + <item row="1" column="1"> + <widget class="QLabel" name="lblDownloadCaCert"> + <property name="sizePolicy"> + <sizepolicy hsizetype="Fixed" vsizetype="Fixed"> + <horstretch>0</horstretch> + <verstretch>0</verstretch> + </sizepolicy> + </property> + <property name="minimumSize"> + <size> + <width>24</width> + <height>24</height> + </size> + </property> + <property name="text"> + <string/> + </property> + <property name="pixmap"> + <pixmap resource="../../../../data/resources/mainwindow.qrc">:/images/Emblem-question.png</pixmap> + </property> + </widget> + </item> + <item row="1" column="0"> + <widget class="QLabel" name="label_9"> + <property name="text"> + <string>Getting info from the Certificate Authority</string> + </property> + </widget> + </item> + <item row="2" column="0"> + <widget class="QLabel" name="label_10"> + <property name="text"> + <string>Do we trust this Certificate Authority?</string> + </property> + </widget> + </item> + <item row="3" column="0"> + <widget class="QLabel" name="label_11"> + <property name="text"> + <string>Establishing a trust relationship with this provider</string> + </property> + </widget> + </item> + <item row="3" column="1"> + <widget class="QLabel" name="lblCheckApiCert"> + <property name="sizePolicy"> + <sizepolicy hsizetype="Fixed" vsizetype="Fixed"> + <horstretch>0</horstretch> + <verstretch>0</verstretch> + </sizepolicy> + </property> + <property name="minimumSize"> + <size> + <width>24</width> + <height>24</height> + </size> + </property> + <property name="text"> + <string/> + </property> + <property name="pixmap"> + <pixmap resource="../../../../data/resources/mainwindow.qrc">:/images/Emblem-question.png</pixmap> + </property> + </widget> + </item> + <item row="0" column="0"> + <spacer name="horizontalSpacer_2"> + <property name="orientation"> + <enum>Qt::Horizontal</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>40</width> + <height>0</height> + </size> + </property> + </spacer> + </item> + </layout> + </widget> + </item> + <item> + <spacer name="verticalSpacer_8"> + <property name="orientation"> + <enum>Qt::Vertical</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>20</width> + <height>40</height> + </size> + </property> + </spacer> + </item> + </layout> + </widget> + <widget class="WizardPage" name="register_user_page"> + <property name="title"> + <string>Register new user</string> + </property> + <property name="subTitle"> + <string>Register a new user with provider</string> + </property> + <attribute name="pageId"> + <string notr="true">4</string> + </attribute> + <layout class="QGridLayout" name="gridLayout_7"> + <property name="sizeConstraint"> + <enum>QLayout::SetDefaultConstraint</enum> + </property> + <property name="leftMargin"> + <number>4</number> + </property> + <item row="3" column="0"> + <widget class="QLabel" name="label_16"> + <property name="text"> + <string><b>Password:</b></string> + </property> + <property name="alignment"> + <set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set> + </property> + </widget> + </item> + <item row="3" column="1" colspan="2"> + <widget class="QLineEdit" name="lblPassword"/> + </item> + <item row="4" column="1" colspan="2"> + <widget class="QLineEdit" name="lblPassword2"/> + </item> + <item row="2" column="1" colspan="2"> + <widget class="QLineEdit" name="lblUser"/> + </item> + <item row="4" column="0"> + <widget class="QLabel" name="label_17"> + <property name="text"> + <string><b>Re-enter password:</b></string> + </property> + <property name="alignment"> + <set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set> + </property> + </widget> + </item> + <item row="6" column="1"> + <widget class="QPushButton" name="btnRegister"> + <property name="text"> + <string>Register</string> + </property> + </widget> + </item> + <item row="0" column="1"> + <spacer name="verticalSpacer_4"> + <property name="orientation"> + <enum>Qt::Vertical</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>20</width> + <height>60</height> + </size> + </property> + </spacer> + </item> + <item row="7" column="1"> + <spacer name="verticalSpacer_7"> + <property name="orientation"> + <enum>Qt::Vertical</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>20</width> + <height>40</height> + </size> + </property> + </spacer> + </item> + <item row="2" column="0"> + <widget class="QLabel" name="label_15"> + <property name="text"> + <string><b>User:</b></string> + </property> + <property name="alignment"> + <set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set> + </property> + </widget> + </item> + <item row="5" column="1" colspan="2"> + <widget class="QCheckBox" name="chkRemember"> + <property name="enabled"> + <bool>false</bool> + </property> + <property name="text"> + <string>Remember my username and password</string> + </property> + </widget> + </item> + <item row="1" column="1" colspan="2"> + <widget class="QLabel" name="lblRegisterStatus"> + <property name="text"> + <string/> + </property> + <property name="textFormat"> + <enum>Qt::AutoText</enum> + </property> + <property name="alignment"> + <set>Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter</set> + </property> + <property name="wordWrap"> + <bool>true</bool> + </property> + </widget> + </item> + </layout> + </widget> + <widget class="QWizardPage" name="service_selection"> + <property name="title"> + <string>Service selection</string> + </property> + <property name="subTitle"> + <string>Please select the services you would like to have</string> + </property> + <attribute name="pageId"> + <string notr="true">5</string> + </attribute> + <layout class="QGridLayout" name="gridLayout_8"> + <item row="0" column="0"> + <widget class="QGroupBox" name="grpServices"> + <property name="title"> + <string notr="true">Services by PROVIDER</string> + </property> + <layout class="QGridLayout" name="gridLayout_9"> + <item row="0" column="0"> + <layout class="QVBoxLayout" name="serviceListLayout"/> + </item> + </layout> + </widget> + </item> + </layout> + </widget> + <widget class="QWizardPage" name="finish_page"> + <property name="title"> + <string>Congratulations!</string> + </property> + <property name="subTitle"> + <string>You have successfully configured the LEAP Client.</string> + </property> + <attribute name="pageId"> + <string notr="true">6</string> + </attribute> + <layout class="QGridLayout" name="gridLayout_10"> + <item row="1" column="0"> + <spacer name="horizontalSpacer_4"> + <property name="orientation"> + <enum>Qt::Horizontal</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>40</width> + <height>20</height> + </size> + </property> + </spacer> + </item> + <item row="0" column="1"> + <spacer name="verticalSpacer_9"> + <property name="orientation"> + <enum>Qt::Vertical</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>20</width> + <height>40</height> + </size> + </property> + </spacer> + </item> + <item row="1" column="1"> + <widget class="QLabel" name="label_23"> + <property name="text"> + <string/> + </property> + <property name="pixmap"> + <pixmap resource="../../../../data/resources/mainwindow.qrc">:/images/leap-color-big.png</pixmap> + </property> + </widget> + </item> + <item row="1" column="2"> + <widget class="QLabel" name="label_25"> + <property name="sizePolicy"> + <sizepolicy hsizetype="Fixed" vsizetype="Fixed"> + <horstretch>0</horstretch> + <verstretch>0</verstretch> + </sizepolicy> + </property> + <property name="text"> + <string/> + </property> + <property name="pixmap"> + <pixmap resource="../../../../data/resources/mainwindow.qrc">:/images/Globe.png</pixmap> + </property> + </widget> + </item> + <item row="3" column="1"> + <spacer name="verticalSpacer_10"> + <property name="orientation"> + <enum>Qt::Vertical</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>20</width> + <height>40</height> + </size> + </property> + </spacer> + </item> + <item row="1" column="3"> + <spacer name="horizontalSpacer_5"> + <property name="orientation"> + <enum>Qt::Horizontal</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>40</width> + <height>20</height> + </size> + </property> + </spacer> + </item> + </layout> + </widget> + </widget> + <customwidgets> + <customwidget> + <class>WizardPage</class> + <extends>QWizardPage</extends> + <header>wizardpage.h</header> + <container>1</container> + </customwidget> + </customwidgets> + <tabstops> + <tabstop>lblUser</tabstop> + <tabstop>lblPassword</tabstop> + <tabstop>lblPassword2</tabstop> + <tabstop>btnRegister</tabstop> + <tabstop>rdoRegister</tabstop> + <tabstop>rdoLogin</tabstop> + <tabstop>lnProvider</tabstop> + <tabstop>btnCheck</tabstop> + </tabstops> + <resources> + <include location="../../../../data/resources/mainwindow.qrc"/> + <include location="../../../../data/resources/locale.qrc"/> + </resources> + <connections/> +</ui> diff --git a/src/leap/gui/utils.py b/src/leap/gui/utils.py deleted file mode 100644 index f91ac3ef..00000000 --- a/src/leap/gui/utils.py +++ /dev/null @@ -1,34 +0,0 @@ -""" -utility functions to work with gui objects -""" -from PyQt4 import QtCore - - -def layout_widgets(layout): - """ - return a generator with all widgets in a layout - """ - return (layout.itemAt(i) for i in range(layout.count())) - - -DELAY_MSECS = 50 - - -def delay(obj, method_str=None, call_args=None): - """ - Triggers a function or slot with a small delay. - this is a mainly a hack to get responsiveness in the ui - in cases in which the event loop freezes and the task - is not heavy enough to setup a processing queue. - """ - if callable(obj) and not method_str: - fun = lambda: obj() - - if method_str: - invoke = QtCore.QMetaObject.invokeMethod - if call_args: - fun = lambda: invoke(obj, method_str, call_args) - else: - fun = lambda: invoke(obj, method_str) - - QtCore.QTimer().singleShot(DELAY_MSECS, fun) diff --git a/src/leap/gui/wizard.py b/src/leap/gui/wizard.py new file mode 100644 index 00000000..b29250c8 --- /dev/null +++ b/src/leap/gui/wizard.py @@ -0,0 +1,620 @@ +# -*- coding: utf-8 -*- +# wizard.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +""" +First run wizard +""" +import os +import logging +import json + +from PySide import QtCore, QtGui +from functools import partial +from twisted.internet import threads + +from ui_wizard import Ui_Wizard +from leap.config.providerconfig import ProviderConfig +from leap.crypto.srpregister import SRPRegister +from leap.util.privilege_policies import is_missing_policy_permissions +from leap.util.request_helpers import get_content +from leap.util.keyring_helpers import has_keyring +from leap.services.eip.providerbootstrapper import ProviderBootstrapper +from leap.services import get_supported + +logger = logging.getLogger(__name__) + + +class Wizard(QtGui.QWizard): + """ + First run wizard to register a user and setup a provider + """ + + INTRO_PAGE = 0 + SELECT_PROVIDER_PAGE = 1 + PRESENT_PROVIDER_PAGE = 2 + SETUP_PROVIDER_PAGE = 3 + REGISTER_USER_PAGE = 4 + SERVICES_PAGE = 5 + FINISH_PAGE = 6 + + WEAK_PASSWORDS = ("123456", "qweasd", "qwerty", + "password") + + BARE_USERNAME_REGEX = r"^[A-Za-z\d_]+$" + + def __init__(self, standalone=False, bypass_checks=False): + """ + Constructor for the main Wizard. + + :param standalone: If True, the application is running as standalone + and the wizard should display some messages according to this. + :type standalone: bool + :param bypass_checks: Set to true if the app should bypass + first round of checks for CA certificates at bootstrap + :type bypass_checks: bool + """ + QtGui.QWizard.__init__(self) + + self.standalone = standalone + + self.ui = Ui_Wizard() + self.ui.setupUi(self) + + self.setPixmap(QtGui.QWizard.LogoPixmap, + QtGui.QPixmap(":/images/leap-color-small.png")) + + self.QUESTION_ICON = QtGui.QPixmap(":/images/Emblem-question.png") + self.ERROR_ICON = QtGui.QPixmap(":/images/Dialog-error.png") + self.OK_ICON = QtGui.QPixmap(":/images/Dialog-accept.png") + + # Correspondence for services and their name to display + EIP_LABEL = self.tr("Encrypted Internet") + MX_LABEL = self.tr("Encrypted Mail") + + if self._is_need_eip_password_warning(): + EIP_LABEL += " " + self.tr( + "(will need admin password to start)") + + self.SERVICE_DISPLAY = [ + EIP_LABEL, + MX_LABEL + ] + self.SERVICE_CONFIG = [ + "openvpn", + "mx" + ] + + self._selected_services = set() + self._shown_services = set() + + self._show_register = False + + self.ui.grpCheckProvider.setVisible(False) + self.ui.btnCheck.clicked.connect(self._check_provider) + self.ui.lnProvider.returnPressed.connect(self._check_provider) + + self._provider_bootstrapper = ProviderBootstrapper(bypass_checks) + self._provider_bootstrapper.name_resolution.connect( + self._name_resolution) + self._provider_bootstrapper.https_connection.connect( + self._https_connection) + self._provider_bootstrapper.download_provider_info.connect( + self._download_provider_info) + + self._provider_bootstrapper.download_ca_cert.connect( + self._download_ca_cert) + self._provider_bootstrapper.check_ca_fingerprint.connect( + self._check_ca_fingerprint) + self._provider_bootstrapper.check_api_certificate.connect( + self._check_api_certificate) + + self._domain = None + self._provider_config = ProviderConfig() + + self.currentIdChanged.connect(self._current_id_changed) + + self.ui.lblPassword.setEchoMode(QtGui.QLineEdit.Password) + self.ui.lblPassword2.setEchoMode(QtGui.QLineEdit.Password) + + self.ui.lnProvider.textChanged.connect( + self._enable_check) + + self.ui.lblUser.returnPressed.connect( + self._focus_password) + self.ui.lblPassword.returnPressed.connect( + self._focus_second_password) + self.ui.lblPassword2.returnPressed.connect( + self._register) + self.ui.btnRegister.clicked.connect( + self._register) + + usernameRe = QtCore.QRegExp(self.BARE_USERNAME_REGEX) + self.ui.lblUser.setValidator( + QtGui.QRegExpValidator(usernameRe, self)) + + self.page(self.REGISTER_USER_PAGE).setCommitPage(True) + + self._username = None + self._password = None + + self.page(self.REGISTER_USER_PAGE).setButtonText( + QtGui.QWizard.CommitButton, self.tr("&Next >")) + self.page(self.FINISH_PAGE).setButtonText( + QtGui.QWizard.FinishButton, self.tr("Connect")) + + # XXX: Temporary removal for enrollment policy + # https://leap.se/code/issues/2922 + self.ui.label_12.setVisible(False) + self.ui.lblProviderPolicy.setVisible(False) + + def get_domain(self): + return self._domain + + def get_username(self): + return self._username + + def get_password(self): + return self._password + + def get_remember(self): + return has_keyring() and self.ui.chkRemember.isChecked() + + def get_services(self): + return self._selected_services + + def _enable_check(self, text): + self.ui.btnCheck.setEnabled(len(self.ui.lnProvider.text()) != 0) + self._reset_provider_check() + + def _focus_password(self): + """ + Focuses at the password lineedit for the registration page + """ + self.ui.lblPassword.setFocus() + + def _focus_second_password(self): + """ + Focuses at the second password lineedit for the registration page + """ + self.ui.lblPassword2.setFocus() + + def _basic_password_checks(self, username, password, password2): + """ + Performs basic password checks to avoid really easy passwords. + + :param username: username provided at the registrarion form + :type username: str + :param password: password from the registration form + :type password: str + :param password2: second password from the registration form + :type password: str + + :return: returns True if all the checks pass, False otherwise + :rtype: bool + """ + message = None + + if message is None and password != password2: + message = self.tr("Passwords don't match") + + if message is None and len(password) < 6: + message = self.tr("Password too short") + + if message is None and password in self.WEAK_PASSWORDS: + message = self.tr("Password too easy") + + if message is None and username == password: + message = self.tr("Password equal to username") + + if message is not None: + self._set_register_status(message, error=True) + self._focus_password() + return False + + return True + + def _register(self): + """ + Performs the registration based on the values provided in the form + """ + self.ui.btnRegister.setEnabled(False) + + username = self.ui.lblUser.text() + password = self.ui.lblPassword.text() + password2 = self.ui.lblPassword2.text() + + if self._basic_password_checks(username, password, password2): + register = SRPRegister(provider_config=self._provider_config) + register.registration_finished.connect( + self._registration_finished) + + threads.deferToThread( + partial(register.register_user, + username.encode("utf8"), + password.encode("utf8"))) + + self._username = username + self._password = password + self._set_register_status(self.tr("Starting registration...")) + else: + self.ui.btnRegister.setEnabled(True) + + def _set_registration_fields_visibility(self, visible): + """ + This method hides the username and password labels and inputboxes. + + :param visible: sets the visibility of the widgets + True: widgets are visible or False: are not + :type visible: bool + """ + # username and password inputs + self.ui.lblUser.setVisible(visible) + self.ui.lblPassword.setVisible(visible) + self.ui.lblPassword2.setVisible(visible) + + # username and password labels + self.ui.label_15.setVisible(visible) + self.ui.label_16.setVisible(visible) + self.ui.label_17.setVisible(visible) + + # register button + self.ui.btnRegister.setVisible(visible) + + def _registration_finished(self, ok, req): + if ok: + user_domain = self._username + "@" + self._domain + message = "<font color='green'><h3>" + message += self.tr("User %s successfully registered.") % ( + user_domain, ) + message += "</h3></font>" + self._set_register_status(message) + + self.ui.lblPassword2.clearFocus() + self._set_registration_fields_visibility(False) + + # Allow the user to remember his password + if has_keyring(): + self.ui.chkRemember.setVisible(True) + self.ui.chkRemember.setEnabled(True) + + self.page(self.REGISTER_USER_PAGE).set_completed() + self.button(QtGui.QWizard.BackButton).setEnabled(False) + else: + old_username = self._username + self._username = None + self._password = None + error_msg = self.tr("Unknown error") + try: + content, _ = get_content(req) + json_content = json.loads(content) + error_msg = json_content.get("errors").get("login")[0] + if not error_msg.istitle(): + error_msg = "%s %s" % (old_username, error_msg) + self._set_register_status(error_msg, error=True) + except: + logger.error("Unknown error: %r" % (req.content,)) + self.ui.btnRegister.setEnabled(True) + + def _set_register_status(self, status, error=False): + """ + Sets the status label in the registration page to status + + :param status: status message to display, can be HTML + :type status: str + """ + if error: + status = "<font color='red'><b>%s</b></font>" % (status,) + self.ui.lblRegisterStatus.setText(status) + + def _reset_provider_check(self): + """ + Resets the UI for checking a provider. Also resets the domain + in this object. + """ + self.ui.lblNameResolution.setPixmap(None) + self.ui.lblHTTPS.setPixmap(None) + self.ui.lblProviderInfo.setPixmap(None) + self.ui.lblProviderSelectStatus.setText("") + self._domain = None + self.button(QtGui.QWizard.NextButton).setEnabled(False) + self.page(self.SELECT_PROVIDER_PAGE).set_completed(False) + + def _reset_provider_setup(self): + """ + Resets the UI for setting up a provider. + """ + self.ui.lblDownloadCaCert.setPixmap(None) + self.ui.lblCheckCaFpr.setPixmap(None) + self.ui.lblCheckApiCert.setPixmap(None) + + def _check_provider(self): + """ + SLOT + TRIGGERS: + self.ui.btnCheck.clicked + self.ui.lnProvider.returnPressed + + Starts the checks for a given provider + """ + if len(self.ui.lnProvider.text()) == 0: + return + + self.ui.grpCheckProvider.setVisible(True) + self.ui.btnCheck.setEnabled(False) + self.ui.lnProvider.setEnabled(False) + self.button(QtGui.QWizard.BackButton).clearFocus() + self._domain = self.ui.lnProvider.text() + + self.ui.lblNameResolution.setPixmap(self.QUESTION_ICON) + self._provider_bootstrapper.run_provider_select_checks( + self._domain) + + def _complete_task(self, data, label, complete=False, complete_page=-1): + """ + Checks a task and completes a page if specified + + :param data: data as it comes from the bootstrapper thread for + a specific check + :type data: dict + :param label: label that displays the status icon for a + specific check that corresponds to the data + :type label: QtGui.QLabel + :param complete: if True, it completes the page specified, + which must be of type WizardPage + :type complete: bool + :param complete_page: page id to complete + :type complete_page: int + """ + passed = data[self._provider_bootstrapper.PASSED_KEY] + error = data[self._provider_bootstrapper.ERROR_KEY] + if passed: + label.setPixmap(self.OK_ICON) + if complete: + self.page(complete_page).set_completed() + self.button(QtGui.QWizard.NextButton).setFocus() + else: + label.setPixmap(self.ERROR_ICON) + logger.error(error) + + def _name_resolution(self, data): + """ + SLOT + TRIGGER: self._provider_bootstrapper.name_resolution + + Sets the status for the name resolution check + """ + self._complete_task(data, self.ui.lblNameResolution) + status = "" + passed = data[self._provider_bootstrapper.PASSED_KEY] + if not passed: + status = self.tr("<font color='red'><b>Non-existent " + "provider</b></font>") + else: + self.ui.lblHTTPS.setPixmap(self.QUESTION_ICON) + self.ui.lblProviderSelectStatus.setText(status) + self.ui.btnCheck.setEnabled(not passed) + self.ui.lnProvider.setEnabled(not passed) + + def _https_connection(self, data): + """ + SLOT + TRIGGER: self._provider_bootstrapper.https_connection + + Sets the status for the https connection check + """ + self._complete_task(data, self.ui.lblHTTPS) + status = "" + passed = data[self._provider_bootstrapper.PASSED_KEY] + if not passed: + status = self.tr("<font color='red'><b>%s</b></font>") \ + % (data[self._provider_bootstrapper.ERROR_KEY]) + self.ui.lblProviderSelectStatus.setText(status) + else: + self.ui.lblProviderInfo.setPixmap(self.QUESTION_ICON) + self.ui.btnCheck.setEnabled(not passed) + self.ui.lnProvider.setEnabled(not passed) + + def _download_provider_info(self, data): + """ + SLOT + TRIGGER: self._provider_bootstrapper.download_provider_info + + Sets the status for the provider information download + check. Since this check is the last of this set, it also + completes the page if passed + """ + if self._provider_config.load(os.path.join("leap", + "providers", + self._domain, + "provider.json")): + self._complete_task(data, self.ui.lblProviderInfo, + True, self.SELECT_PROVIDER_PAGE) + else: + new_data = { + self._provider_bootstrapper.PASSED_KEY: False, + self._provider_bootstrapper.ERROR_KEY: + self.tr("Unable to load provider configuration") + } + self._complete_task(new_data, self.ui.lblProviderInfo) + + status = "" + if not data[self._provider_bootstrapper.PASSED_KEY]: + status = self.tr("<font color='red'><b>Not a valid provider" + "</b></font>") + self.ui.lblProviderSelectStatus.setText(status) + self.ui.btnCheck.setEnabled(True) + self.ui.lnProvider.setEnabled(True) + + def _download_ca_cert(self, data): + """ + SLOT + TRIGGER: self._provider_bootstrapper.download_ca_cert + + Sets the status for the download of the CA certificate check + """ + self._complete_task(data, self.ui.lblDownloadCaCert) + passed = data[self._provider_bootstrapper.PASSED_KEY] + if passed: + self.ui.lblCheckCaFpr.setPixmap(self.QUESTION_ICON) + + def _check_ca_fingerprint(self, data): + """ + SLOT + TRIGGER: self._provider_bootstrapper.check_ca_fingerprint + + Sets the status for the CA fingerprint check + """ + self._complete_task(data, self.ui.lblCheckCaFpr) + passed = data[self._provider_bootstrapper.PASSED_KEY] + if passed: + self.ui.lblCheckApiCert.setPixmap(self.QUESTION_ICON) + + def _check_api_certificate(self, data): + """ + SLOT + TRIGGER: self._provider_bootstrapper.check_api_certificate + + Sets the status for the API certificate check. Also finishes + the provider bootstrapper thread since it's not needed anymore + from this point on, unless the whole check chain is restarted + """ + self._complete_task(data, self.ui.lblCheckApiCert, + True, self.SETUP_PROVIDER_PAGE) + + def _service_selection_changed(self, service, state): + """ + SLOT + TRIGGER: service_checkbox.stateChanged + Adds the service to the state if the state is checked, removes + it otherwise + + :param service: service to handle + :type service: str + :param state: state of the checkbox + :type state: int + """ + if state == QtCore.Qt.Checked: + self._selected_services = \ + self._selected_services.union(set([service])) + else: + self._selected_services = \ + self._selected_services.difference(set([service])) + + def _populate_services(self): + """ + Loads the services that the provider provides into the UI for + the user to enable or disable. + """ + self.ui.grpServices.setTitle( + self.tr("Services by %s") % + (self._provider_config.get_name(),)) + + services = get_supported( + self._provider_config.get_services()) + + for service in services: + try: + if service not in self._shown_services: + checkbox = QtGui.QCheckBox(self) + service_index = self.SERVICE_CONFIG.index(service) + checkbox.setText(self.SERVICE_DISPLAY[service_index]) + self.ui.serviceListLayout.addWidget(checkbox) + checkbox.stateChanged.connect( + partial(self._service_selection_changed, service)) + checkbox.setChecked(True) + self._shown_services.add(service) + except ValueError: + logger.error( + self.tr("Something went wrong while trying to " + "load service %s" % (service,))) + + def _current_id_changed(self, pageId): + """ + SLOT + TRIGGER: self.currentIdChanged + + Prepares the pages when they appear + """ + if pageId == self.SELECT_PROVIDER_PAGE: + self._reset_provider_check() + self._enable_check("") + + if pageId == self.SETUP_PROVIDER_PAGE: + self._reset_provider_setup() + self.page(pageId).setSubTitle(self.tr("Gathering configuration " + "options for %s") % + (self._provider_config + .get_name(),)) + self.ui.lblDownloadCaCert.setPixmap(self.QUESTION_ICON) + self._provider_bootstrapper.\ + run_provider_setup_checks(self._provider_config) + + if pageId == self.PRESENT_PROVIDER_PAGE: + self.page(pageId).setSubTitle(self.tr("Description of services " + "offered by %s") % + (self._provider_config + .get_name(),)) + + lang = QtCore.QLocale.system().name() + self.ui.lblProviderName.setText( + "<b>%s</b>" % + (self._provider_config.get_name(lang=lang),)) + self.ui.lblProviderURL.setText( + "https://%s" % (self._provider_config.get_domain(),)) + self.ui.lblProviderDesc.setText( + "<i>%s</i>" % + (self._provider_config.get_description(lang=lang),)) + + self.ui.lblServicesOffered.setText(self._provider_config + .get_services_string()) + self.ui.lblProviderPolicy.setText(self._provider_config + .get_enrollment_policy()) + + if pageId == self.REGISTER_USER_PAGE: + self.page(pageId).setSubTitle(self.tr("Register a new user with " + "%s") % + (self._provider_config + .get_name(),)) + self.ui.chkRemember.setVisible(False) + + if pageId == self.SERVICES_PAGE: + self._populate_services() + + def _is_need_eip_password_warning(self): + """ + Returns True if we need to add a warning about eip needing + administrative permissions to start. That can be either + because we are running in standalone mode, or because we could + not find the needed privilege escalation mechanisms being operative. + """ + return self.standalone or is_missing_policy_permissions() + + def nextId(self): + """ + Sets the next page id for the wizard based on wether the user + wants to register a new identity or uses an existing one + """ + if self.currentPage() == self.page(self.INTRO_PAGE): + self._show_register = self.ui.rdoRegister.isChecked() + + if self.currentPage() == self.page(self.SETUP_PROVIDER_PAGE): + if self._show_register: + return self.REGISTER_USER_PAGE + else: + return self.SERVICES_PAGE + + return QtGui.QWizard.nextId(self) diff --git a/src/leap/gui/wizardpage.py b/src/leap/gui/wizardpage.py new file mode 100644 index 00000000..b2a00028 --- /dev/null +++ b/src/leap/gui/wizardpage.py @@ -0,0 +1,40 @@ +# -*- coding: utf-8 -*- +# wizardpage.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +from PySide import QtGui + + +class WizardPage(QtGui.QWizardPage): + """ + Simple wizard page helper + """ + + def __init__(self): + QtGui.QWizardPage.__init__(self) + self._completed = False + + def set_completed(self, val=True): + self._completed = val + if val: + self.completeChanged.emit() + + def isComplete(self): + return self._completed + + def cleanupPage(self): + self._completed = False + QtGui.QWizardPage.cleanupPage(self) diff --git a/src/leap/keymanager/__init__.py b/src/leap/keymanager/__init__.py new file mode 100644 index 00000000..38e23d0e --- /dev/null +++ b/src/leap/keymanager/__init__.py @@ -0,0 +1,341 @@ +# -*- coding: utf-8 -*- +# __init__.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + + +""" +Key Manager is a Nicknym agent for LEAP client. +""" + +import requests + +try: + import simplejson as json +except ImportError: + import json # noqa + +from leap.common.check import leap_assert +from leap.keymanager.errors import ( + KeyNotFound, + NoPasswordGiven, +) +from leap.keymanager.keys import ( + build_key_from_dict, + KEYMANAGER_KEY_TAG, + TAGS_PRIVATE_INDEX, +) +from leap.keymanager.openpgp import ( + OpenPGPKey, + OpenPGPScheme, +) + + +# +# The Key Manager +# + +class KeyManager(object): + + # + # server's key storage constants + # + + OPENPGP_KEY = 'openpgp' + PUBKEY_KEY = "user[public_key]" + + def __init__(self, address, nickserver_uri, soledad, session_id=None, + ca_cert_path=None, api_uri=None, api_version=None, uid=None): + """ + Initialize a Key Manager for user's C{address} with provider's + nickserver reachable in C{url}. + + :param address: The address of the user of this Key Manager. + :type address: str + :param url: The URL of the nickserver. + :type url: str + :param soledad: A Soledad instance for local storage of keys. + :type soledad: leap.soledad.Soledad + :param session_id: The session ID for interacting with the webapp API. + :type session_id: str + :param ca_cert_path: The path to the CA certificate. + :type ca_cert_path: str + :param api_uri: The URI of the webapp API. + :type api_uri: str + :param api_version: The version of the webapp API. + :type api_version: str + :param uid: The users' UID. + :type uid: str + """ + self._address = address + self._nickserver_uri = nickserver_uri + self._soledad = soledad + self._session_id = session_id + self.ca_cert_path = ca_cert_path + self.api_uri = api_uri + self.api_version = api_version + self.uid = uid + # a dict to map key types to their handlers + self._wrapper_map = { + OpenPGPKey: OpenPGPScheme(soledad), + # other types of key will be added to this mapper. + } + # the following are used to perform https requests + self._fetcher = requests + self._session = self._fetcher.session() + + # + # utilities + # + + def _key_class_from_type(self, ktype): + """ + Return key class from string representation of key type. + """ + return filter( + lambda klass: str(klass) == ktype, + self._wrapper_map).pop() + + def _get(self, uri, data=None): + """ + Send a GET request to C{uri} containing C{data}. + + :param uri: The URI of the request. + :type uri: str + :param data: The body of the request. + :type data: dict, str or file + + :return: The response to the request. + :rtype: requests.Response + """ + leap_assert( + self._ca_cert_path is not None, + 'We need the CA certificate path!') + res = self._fetcher.get(uri, data=data, verify=self._ca_cert_path) + # assert that the response is valid + res.raise_for_status() + leap_assert( + res.headers['content-type'].startswith('application/json'), + 'Content-type is not JSON.') + return res + + def _put(self, uri, data=None): + """ + Send a PUT request to C{uri} containing C{data}. + + The request will be sent using the configured CA certificate path to + verify the server certificate and the configured session id for + authentication. + + :param uri: The URI of the request. + :type uri: str + :param data: The body of the request. + :type data: dict, str or file + + :return: The response to the request. + :rtype: requests.Response + """ + leap_assert( + self._ca_cert_path is not None, + 'We need the CA certificate path!') + leap_assert( + self._session_id is not None, + 'We need a session_id to interact with webapp!') + res = self._fetcher.put( + uri, data=data, verify=self._ca_cert_path, + cookies={'_session_id': self._session_id}) + # assert that the response is valid + res.raise_for_status() + return res + + def _fetch_keys_from_server(self, address): + """ + Fetch keys bound to C{address} from nickserver and insert them in + local database. + + :param address: The address bound to the keys. + :type address: str + + @raise KeyNotFound: If the key was not found on nickserver. + """ + # request keys from the nickserver + server_keys = self._get( + self._nickserver_uri, {'address': address}).json() + # insert keys in local database + if self.OPENPGP_KEY in server_keys: + self._wrapper_map[OpenPGPKey].put_ascii_key( + server_keys['openpgp']) + + # + # key management + # + + def send_key(self, ktype): + """ + Send user's key of type C{ktype} to provider. + + Public key bound to user's is sent to provider, which will sign it and + replace any prior keys for the same address in its database. + + If C{send_private} is True, then the private key is encrypted with + C{password} and sent to server in the same request, together with a + hash string of user's address and password. The encrypted private key + will be saved in the server in a way it is publicly retrievable + through the hash string. + + :param ktype: The type of the key. + :type ktype: KeyType + + @raise KeyNotFound: If the key was not found in local database. + """ + leap_assert( + ktype is OpenPGPKey, + 'For now we only know how to send OpenPGP public keys.') + # prepare the public key bound to address + pubkey = self.get_key( + self._address, ktype, private=False, fetch_remote=False) + data = { + self.PUBKEY_KEY: pubkey.key_data + } + uri = "%s/%s/users/%s.json" % ( + self._api_uri, + self._api_version, + self._uid) + self._put(uri, data) + + def get_key(self, address, ktype, private=False, fetch_remote=True): + """ + Return a key of type C{ktype} bound to C{address}. + + First, search for the key in local storage. If it is not available, + then try to fetch from nickserver. + + :param address: The address bound to the key. + :type address: str + :param ktype: The type of the key. + :type ktype: KeyType + :param private: Look for a private key instead of a public one? + :type private: bool + + :return: A key of type C{ktype} bound to C{address}. + :rtype: EncryptionKey + @raise KeyNotFound: If the key was not found both locally and in + keyserver. + """ + leap_assert( + ktype in self._wrapper_map, + 'Unkown key type: %s.' % str(ktype)) + try: + # return key if it exists in local database + return self._wrapper_map[ktype].get_key(address, private=private) + except KeyNotFound: + # we will only try to fetch a key from nickserver if fetch_remote + # is True and the key is not private. + if fetch_remote is False or private is True: + raise + self._fetch_keys_from_server(address) + return self._wrapper_map[ktype].get_key(address, private=False) + + def get_all_keys_in_local_db(self, private=False): + """ + Return all keys stored in local database. + + :return: A list with all keys in local db. + :rtype: list + """ + return map( + lambda doc: build_key_from_dict( + self._key_class_from_type(doc.content['type']), + doc.content['address'], + doc.content), + self._soledad.get_from_index( + TAGS_PRIVATE_INDEX, + KEYMANAGER_KEY_TAG, + '1' if private else '0')) + + def refresh_keys(self): + """ + Fetch keys from nickserver and update them locally. + """ + addresses = set(map( + lambda doc: doc.address, + self.get_all_keys_in_local_db(private=False))) + for address in addresses: + # do not attempt to refresh our own key + if address == self._address: + continue + self._fetch_keys_from_server(address) + + def gen_key(self, ktype): + """ + Generate a key of type C{ktype} bound to the user's address. + + :param ktype: The type of the key. + :type ktype: KeyType + + :return: The generated key. + :rtype: EncryptionKey + """ + return self._wrapper_map[ktype].gen_key(self._address) + + # + # Setters/getters + # + + def _get_session_id(self): + return self._session_id + + def _set_session_id(self, session_id): + self._session_id = session_id + + session_id = property( + _get_session_id, _set_session_id, doc='The session id.') + + def _get_ca_cert_path(self): + return self._ca_cert_path + + def _set_ca_cert_path(self, ca_cert_path): + self._ca_cert_path = ca_cert_path + + ca_cert_path = property( + _get_ca_cert_path, _set_ca_cert_path, + doc='The path to the CA certificate.') + + def _get_api_uri(self): + return self._api_uri + + def _set_api_uri(self, api_uri): + self._api_uri = api_uri + + api_uri = property( + _get_api_uri, _set_api_uri, doc='The webapp API URI.') + + def _get_api_version(self): + return self._api_version + + def _set_api_version(self, api_version): + self._api_version = api_version + + api_version = property( + _get_api_version, _set_api_version, doc='The webapp API version.') + + def _get_uid(self): + return self._uid + + def _set_uid(self, uid): + self._uid = uid + + uid = property( + _get_uid, _set_uid, doc='The uid of the user.') diff --git a/src/leap/keymanager/errors.py b/src/leap/keymanager/errors.py new file mode 100644 index 00000000..89949d29 --- /dev/null +++ b/src/leap/keymanager/errors.py @@ -0,0 +1,86 @@ +# -*- coding: utf-8 -*- +# errors.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + + +""" +Errors and exceptions used by the Key Manager. +""" + + +class KeyNotFound(Exception): + """ + Raised when key was no found on keyserver. + """ + pass + + +class KeyAlreadyExists(Exception): + """ + Raised when attempted to create a key that already exists. + """ + pass + + +class KeyAttributesDiffer(Exception): + """ + Raised when trying to delete a key but the stored key differs from the key + passed to the delete_key() method. + """ + pass + + +class NoPasswordGiven(Exception): + """ + Raised when trying to perform some action that needs a password without + providing one. + """ + pass + + +class InvalidSignature(Exception): + """ + Raised when signature could not be verified. + """ + pass + + +class EncryptionFailed(Exception): + """ + Raised upon failures of encryption. + """ + pass + + +class DecryptionFailed(Exception): + """ + Raised upon failures of decryption. + """ + pass + + +class EncryptionDecryptionFailed(Exception): + """ + Raised upon failures of encryption/decryption. + """ + pass + + +class SignFailed(Exception): + """ + Raised when failed to sign. + """ + pass diff --git a/src/leap/keymanager/gpg.py b/src/leap/keymanager/gpg.py new file mode 100644 index 00000000..15c1d9f6 --- /dev/null +++ b/src/leap/keymanager/gpg.py @@ -0,0 +1,397 @@ +# -*- coding: utf-8 -*- +# gpgwrapper.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + + +""" +A GPG wrapper used to handle OpenPGP keys. + +This is a temporary class that will be superseded by the a revised version of +python-gnupg. +""" + + +import os +import gnupg +import re +from gnupg import ( + logger, + _is_sequence, + _make_binary_stream, +) + + +class ListPackets(): + """ + Handle status messages for --list-packets. + """ + + def __init__(self, gpg): + """ + Initialize the packet listing handling class. + + :param gpg: GPG object instance. + :type gpg: gnupg.GPG + """ + self.gpg = gpg + self.nodata = None + self.key = None + self.need_passphrase = None + self.need_passphrase_sym = None + self.userid_hint = None + + def handle_status(self, key, value): + """ + Handle one line of the --list-packets status message. + + :param key: The status message key. + :type key: str + :param value: The status message value. + :type value: str + """ + # TODO: write tests for handle_status + if key == 'NODATA': + self.nodata = True + if key == 'ENC_TO': + # This will only capture keys in our keyring. In the future we + # may want to include multiple unknown keys in this list. + self.key, _, _ = value.split() + if key == 'NEED_PASSPHRASE': + self.need_passphrase = True + if key == 'NEED_PASSPHRASE_SYM': + self.need_passphrase_sym = True + if key == 'USERID_HINT': + self.userid_hint = value.strip().split() + + +class GPGWrapper(gnupg.GPG): + """ + This is a temporary class for handling GPG requests, and should be + replaced by a more general class used throughout the project. + """ + + GNUPG_HOME = os.environ['HOME'] + "/.config/leap/gnupg" + GNUPG_BINARY = "/usr/bin/gpg" # this has to be changed based on OS + + def __init__(self, gpgbinary=GNUPG_BINARY, gnupghome=GNUPG_HOME, + verbose=False, use_agent=False, keyring=None, options=None): + """ + Initialize a GnuPG process wrapper. + + :param gpgbinary: Name for GnuPG binary executable. + :type gpgbinary: C{str} + :param gpghome: Full pathname to directory containing the public and + private keyrings. + :type gpghome: C{str} + :param keyring: Name of alternative keyring file to use. If specified, + the default keyring is not used. + :param verbose: Should some verbose info be output? + :type verbose: bool + :param use_agent: Should pass `--use-agent` to GPG binary? + :type use_agent: bool + :param keyring: Path for the keyring to use. + :type keyring: str + @options: A list of additional options to pass to the GPG binary. + :type options: list + + @raise: RuntimeError with explanation message if there is a problem + invoking gpg. + """ + gnupg.GPG.__init__(self, gnupghome=gnupghome, gpgbinary=gpgbinary, + verbose=verbose, use_agent=use_agent, + keyring=keyring, options=options) + self.result_map['list-packets'] = ListPackets + + def find_key_by_email(self, email, secret=False): + """ + Find user's key based on their email. + + :param email: Email address of key being searched for. + :type email: str + :param secret: Should we search for a secret key? + :type secret: bool + + :return: The fingerprint of the found key. + :rtype: str + """ + for key in self.list_keys(secret=secret): + for uid in key['uids']: + if re.search(email, uid): + return key + raise LookupError("GnuPG public key for email %s not found!" % email) + + def find_key_by_subkey(self, subkey, secret=False): + """ + Find user's key based on a subkey fingerprint. + + :param email: Subkey fingerprint of the key being searched for. + :type email: str + :param secret: Should we search for a secret key? + :type secret: bool + + :return: The fingerprint of the found key. + :rtype: str + """ + for key in self.list_keys(secret=secret): + for sub in key['subkeys']: + if sub[0] == subkey: + return key + raise LookupError( + "GnuPG public key for subkey %s not found!" % subkey) + + def find_key_by_keyid(self, keyid, secret=False): + """ + Find user's key based on the key ID. + + :param email: The key ID of the key being searched for. + :type email: str + :param secret: Should we search for a secret key? + :type secret: bool + + :return: The fingerprint of the found key. + :rtype: str + """ + for key in self.list_keys(secret=secret): + if keyid == key['keyid']: + return key + raise LookupError( + "GnuPG public key for keyid %s not found!" % keyid) + + def find_key_by_fingerprint(self, fingerprint, secret=False): + """ + Find user's key based on the key fingerprint. + + :param email: The fingerprint of the key being searched for. + :type email: str + :param secret: Should we search for a secret key? + :type secret: bool + + :return: The fingerprint of the found key. + :rtype: str + """ + for key in self.list_keys(secret=secret): + if fingerprint == key['fingerprint']: + return key + raise LookupError( + "GnuPG public key for fingerprint %s not found!" % fingerprint) + + def encrypt(self, data, recipient, sign=None, always_trust=True, + passphrase=None, symmetric=False): + """ + Encrypt data using GPG. + + :param data: The data to be encrypted. + :type data: str + :param recipient: The address of the public key to be used. + :type recipient: str + :param sign: Should the encrypted content be signed? + :type sign: bool + :param always_trust: Skip key validation and assume that used keys + are always fully trusted? + :type always_trust: bool + :param passphrase: The passphrase to be used if symmetric encryption + is desired. + :type passphrase: str + :param symmetric: Should we encrypt to a password? + :type symmetric: bool + + :return: An object with encrypted result in the `data` field. + :rtype: gnupg.Crypt + """ + # TODO: devise a way so we don't need to "always trust". + return gnupg.GPG.encrypt(self, data, recipient, sign=sign, + always_trust=always_trust, + passphrase=passphrase, + symmetric=symmetric, + cipher_algo='AES256') + + def decrypt(self, data, always_trust=True, passphrase=None): + """ + Decrypt data using GPG. + + :param data: The data to be decrypted. + :type data: str + :param always_trust: Skip key validation and assume that used keys + are always fully trusted? + :type always_trust: bool + :param passphrase: The passphrase to be used if symmetric encryption + is desired. + :type passphrase: str + + :return: An object with decrypted result in the `data` field. + :rtype: gnupg.Crypt + """ + # TODO: devise a way so we don't need to "always trust". + return gnupg.GPG.decrypt(self, data, always_trust=always_trust, + passphrase=passphrase) + + def send_keys(self, keyserver, *keyids): + """ + Send keys to a keyserver + + :param keyserver: The keyserver to send the keys to. + :type keyserver: str + :param keyids: The key ids to send. + :type keyids: list + + :return: A list of keys sent to server. + :rtype: gnupg.ListKeys + """ + # TODO: write tests for this. + # TODO: write a SendKeys class to handle status for this. + result = self.result_map['list'](self) + gnupg.logger.debug('send_keys: %r', keyids) + data = gnupg._make_binary_stream("", self.encoding) + args = ['--keyserver', keyserver, '--send-keys'] + args.extend(keyids) + self._handle_io(args, data, result, binary=True) + gnupg.logger.debug('send_keys result: %r', result.__dict__) + data.close() + return result + + def encrypt_file(self, file, recipients, sign=None, + always_trust=False, passphrase=None, + armor=True, output=None, symmetric=False, + cipher_algo=None): + """ + Encrypt the message read from the file-like object 'file'. + + :param file: The file to be encrypted. + :type data: file + :param recipient: The address of the public key to be used. + :type recipient: str + :param sign: Should the encrypted content be signed? + :type sign: bool + :param always_trust: Skip key validation and assume that used keys + are always fully trusted? + :type always_trust: bool + :param passphrase: The passphrase to be used if symmetric encryption + is desired. + :type passphrase: str + :param armor: Create ASCII armored output? + :type armor: bool + :param output: Path of file to write results in. + :type output: str + :param symmetric: Should we encrypt to a password? + :type symmetric: bool + :param cipher_algo: Algorithm to use. + :type cipher_algo: str + + :return: An object with encrypted result in the `data` field. + :rtype: gnupg.Crypt + """ + args = ['--encrypt'] + if symmetric: + args = ['--symmetric'] + if cipher_algo: + args.append('--cipher-algo %s' % cipher_algo) + else: + args = ['--encrypt'] + if not _is_sequence(recipients): + recipients = (recipients,) + for recipient in recipients: + args.append('--recipient "%s"' % recipient) + if armor: # create ascii-armored output - set to False for binary + args.append('--armor') + if output: # write the output to a file with the specified name + if os.path.exists(output): + os.remove(output) # to avoid overwrite confirmation message + args.append('--output "%s"' % output) + if sign: + args.append('--sign --default-key "%s"' % sign) + if always_trust: + args.append("--always-trust") + result = self.result_map['crypt'](self) + self._handle_io(args, file, result, passphrase=passphrase, binary=True) + logger.debug('encrypt result: %r', result.data) + return result + + def list_packets(self, data): + """ + List the sequence of packets. + + :param data: The data to extract packets from. + :type data: str + + :return: An object with packet info. + :rtype ListPackets + """ + args = ["--list-packets"] + result = self.result_map['list-packets'](self) + self._handle_io( + args, + _make_binary_stream(data, self.encoding), + result, + ) + return result + + def encrypted_to(self, data): + """ + Return the key to which data is encrypted to. + + :param data: The data to be examined. + :type data: str + + :return: The fingerprint of the key to which data is encrypted to. + :rtype: str + """ + # TODO: make this support multiple keys. + result = self.list_packets(data) + if not result.key: + raise LookupError( + "Content is not encrypted to a GnuPG key!") + try: + return self.find_key_by_keyid(result.key) + except: + return self.find_key_by_subkey(result.key) + + def is_encrypted_sym(self, data): + """ + Say whether some chunk of data is encrypted to a symmetric key. + + :param data: The data to be examined. + :type data: str + + :return: Whether data is encrypted to a symmetric key. + :rtype: bool + """ + result = self.list_packets(data) + return bool(result.need_passphrase_sym) + + def is_encrypted_asym(self, data): + """ + Say whether some chunk of data is encrypted to a private key. + + :param data: The data to be examined. + :type data: str + + :return: Whether data is encrypted to a private key. + :rtype: bool + """ + result = self.list_packets(data) + return bool(result.key) + + def is_encrypted(self, data): + """ + Say whether some chunk of data is encrypted to a key. + + :param data: The data to be examined. + :type data: str + + :return: Whether data is encrypted to a key. + :rtype: bool + """ + return self.is_encrypted_asym(data) or self.is_encrypted_sym(data) diff --git a/src/leap/keymanager/keys.py b/src/leap/keymanager/keys.py new file mode 100644 index 00000000..44bd587b --- /dev/null +++ b/src/leap/keymanager/keys.py @@ -0,0 +1,285 @@ +# -*- coding: utf-8 -*- +# keys.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + + +""" +Abstact key type and encryption scheme representations. +""" + + +try: + import simplejson as json +except ImportError: + import json # noqa +import re + + +from abc import ABCMeta, abstractmethod +from leap.common.check import leap_assert + + +# +# Dictionary keys used for storing cryptographic keys. +# + +KEY_ADDRESS_KEY = 'address' +KEY_TYPE_KEY = 'type' +KEY_ID_KEY = 'key_id' +KEY_FINGERPRINT_KEY = 'fingerprint' +KEY_DATA_KEY = 'key_data' +KEY_PRIVATE_KEY = 'private' +KEY_LENGTH_KEY = 'length' +KEY_EXPIRY_DATE_KEY = 'expiry_date' +KEY_FIRST_SEEN_AT_KEY = 'first_seen_at' +KEY_LAST_AUDITED_AT_KEY = 'last_audited_at' +KEY_VALIDATION_KEY = 'validation' +KEY_TAGS_KEY = 'tags' + + +# +# Key storage constants +# + +KEYMANAGER_KEY_TAG = 'keymanager-key' + + +# +# key indexing constants. +# + +TAGS_PRIVATE_INDEX = 'by-tags-private' +TAGS_ADDRESS_PRIVATE_INDEX = 'by-tags-address-private' +INDEXES = { + TAGS_PRIVATE_INDEX: [ + KEY_TAGS_KEY, + 'bool(%s)' % KEY_PRIVATE_KEY, + ], + TAGS_ADDRESS_PRIVATE_INDEX: [ + KEY_TAGS_KEY, + KEY_ADDRESS_KEY, + 'bool(%s)' % KEY_PRIVATE_KEY, + ] +} + + +# +# Key handling utilities +# + +def is_address(address): + """ + Return whether the given C{address} is in the form user@provider. + + :param address: The address to be tested. + :type address: str + :return: Whether C{address} is in the form user@provider. + :rtype: bool + """ + return bool(re.match('[\w.-]+@[\w.-]+', address)) + + +def build_key_from_dict(kClass, address, kdict): + """ + Build an C{kClass} key bound to C{address} based on info in C{kdict}. + + :param address: The address bound to the key. + :type address: str + :param kdict: Dictionary with key data. + :type kdict: dict + :return: An instance of the key. + :rtype: C{kClass} + """ + leap_assert( + address == kdict[KEY_ADDRESS_KEY], + 'Wrong address in key data.') + return kClass( + address, + key_id=kdict[KEY_ID_KEY], + fingerprint=kdict[KEY_FINGERPRINT_KEY], + key_data=kdict[KEY_DATA_KEY], + private=kdict[KEY_PRIVATE_KEY], + length=kdict[KEY_LENGTH_KEY], + expiry_date=kdict[KEY_EXPIRY_DATE_KEY], + first_seen_at=kdict[KEY_FIRST_SEEN_AT_KEY], + last_audited_at=kdict[KEY_LAST_AUDITED_AT_KEY], + validation=kdict[KEY_VALIDATION_KEY], # TODO: verify for validation. + ) + + +# +# Abstraction for encryption keys +# + +class EncryptionKey(object): + """ + Abstract class for encryption keys. + + A key is "validated" if the nicknym agent has bound the user address to a + public key. Nicknym supports three different levels of key validation: + + * Level 3 - path trusted: A path of cryptographic signatures can be traced + from a trusted key to the key under evaluation. By default, only the + provider key from the user's provider is a "trusted key". + * level 2 - provider signed: The key has been signed by a provider key for + the same domain, but the provider key is not validated using a trust + path (i.e. it is only registered) + * level 1 - registered: The key has been encountered and saved, it has no + signatures (that are meaningful to the nicknym agent). + """ + + __metaclass__ = ABCMeta + + def __init__(self, address, key_id=None, fingerprint=None, + key_data=None, private=None, length=None, expiry_date=None, + validation=None, first_seen_at=None, last_audited_at=None): + self.address = address + self.key_id = key_id + self.fingerprint = fingerprint + self.key_data = key_data + self.private = private + self.length = length + self.expiry_date = expiry_date + self.validation = validation + self.first_seen_at = first_seen_at + self.last_audited_at = last_audited_at + + def get_json(self): + """ + Return a JSON string describing this key. + + :return: The JSON string describing this key. + :rtype: str + """ + return json.dumps({ + KEY_ADDRESS_KEY: self.address, + KEY_TYPE_KEY: str(self.__class__), + KEY_ID_KEY: self.key_id, + KEY_FINGERPRINT_KEY: self.fingerprint, + KEY_DATA_KEY: self.key_data, + KEY_PRIVATE_KEY: self.private, + KEY_LENGTH_KEY: self.length, + KEY_EXPIRY_DATE_KEY: self.expiry_date, + KEY_VALIDATION_KEY: self.validation, + KEY_FIRST_SEEN_AT_KEY: self.first_seen_at, + KEY_LAST_AUDITED_AT_KEY: self.last_audited_at, + KEY_TAGS_KEY: [KEYMANAGER_KEY_TAG], + }) + + def __repr__(self): + """ + Representation of this class + """ + return u"<%s 0x%s (%s - %s)>" % ( + self.__class__.__name__, + self.key_id, + self.address, + "priv" if self.private else "publ") + + +# +# Encryption schemes +# + +class EncryptionScheme(object): + """ + Abstract class for Encryption Schemes. + + A wrapper for a certain encryption schemes should know how to get and put + keys in local storage using Soledad, how to generate new keys and how to + find out about possibly encrypted content. + """ + + __metaclass__ = ABCMeta + + def __init__(self, soledad): + """ + Initialize this Encryption Scheme. + + :param soledad: A Soledad instance for local storage of keys. + :type soledad: leap.soledad.Soledad + """ + self._soledad = soledad + self._init_indexes() + + def _init_indexes(self): + """ + Initialize the database indexes. + """ + # Ask the database for currently existing indexes. + db_indexes = dict(self._soledad.list_indexes()) + # Loop through the indexes we expect to find. + for name, expression in INDEXES.items(): + if name not in db_indexes: + # The index does not yet exist. + self._soledad.create_index(name, *expression) + continue + if expression == db_indexes[name]: + # The index exists and is up to date. + continue + # The index exists but the definition is not what expected, so we + # delete it and add the proper index expression. + self._soledad.delete_index(name) + self._soledad.create_index(name, *expression) + + @abstractmethod + def get_key(self, address, private=False): + """ + Get key from local storage. + + :param address: The address bound to the key. + :type address: str + :param private: Look for a private key instead of a public one? + :type private: bool + + :return: The key bound to C{address}. + :rtype: EncryptionKey + @raise KeyNotFound: If the key was not found on local storage. + """ + pass + + @abstractmethod + def put_key(self, key): + """ + Put a key in local storage. + + :param key: The key to be stored. + :type key: EncryptionKey + """ + pass + + @abstractmethod + def gen_key(self, address): + """ + Generate a new key. + + :param address: The address bound to the key. + :type address: str + + :return: The key bound to C{address}. + :rtype: EncryptionKey + """ + pass + + @abstractmethod + def delete_key(self, key): + """ + Remove C{key} from storage. + + :param key: The key to be removed. + :type key: EncryptionKey + """ + pass diff --git a/src/leap/keymanager/openpgp.py b/src/leap/keymanager/openpgp.py new file mode 100644 index 00000000..89323117 --- /dev/null +++ b/src/leap/keymanager/openpgp.py @@ -0,0 +1,636 @@ +# -*- coding: utf-8 -*- +# openpgp.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +""" +Infrastructure for using OpenPGP keys in Key Manager. +""" +import logging +import os +import re +import shutil +import tempfile + +from leap.common.check import leap_assert, leap_assert_type +from leap.keymanager import errors +from leap.keymanager.keys import ( + EncryptionKey, + EncryptionScheme, + is_address, + build_key_from_dict, + KEYMANAGER_KEY_TAG, + TAGS_ADDRESS_PRIVATE_INDEX, +) +from leap.keymanager.gpg import GPGWrapper + +logger = logging.getLogger(__name__) + + +# +# gpg wrapper and decorator +# + +def temporary_gpgwrapper(keys=None): + """ + Returns a unitary gpg wrapper that implements context manager + protocol. + + :param key_data: ASCII armored key data. + :type key_data: str + + :return: a GPGWrapper instance + :rtype: GPGWrapper + """ + # TODO do here checks on key_data + return TempGPGWrapper(keys=keys) + + +def with_temporary_gpg(fun): + """ + Decorator to add a temporary gpg wrapper as context + to gpg related functions. + + Decorated functions are expected to return a function whose only + argument is a gpgwrapper instance. + """ + def wrapped(*args, **kwargs): + """ + We extract the arguments passed to the wrapped function, + run the function and do validations. + We expect that the positional arguments are `data`, + and an optional `key`. + All the rest of arguments should be passed as named arguments + to allow for a correct unpacking. + """ + if len(args) == 2: + keys = args[1] if isinstance(args[1], OpenPGPKey) else None + else: + keys = None + + # sign/verify keys passed as arguments + sign = kwargs.get('sign', None) + if sign: + keys = [keys, sign] + + verify = kwargs.get('verify', None) + if verify: + keys = [keys, verify] + + # is the wrapped function sign or verify? + fun_name = fun.__name__ + is_sign_function = True if fun_name == "sign" else False + is_verify_function = True if fun_name == "verify" else False + + result = None + + with temporary_gpgwrapper(keys) as gpg: + result = fun(*args, **kwargs)(gpg) + + # TODO: cleanup a little bit the + # validation. maybe delegate to other + # auxiliary functions for clarity. + + ok = getattr(result, 'ok', None) + + stderr = getattr(result, 'stderr', None) + if stderr: + logger.debug("%s" % (stderr,)) + + if ok is False: + raise errors.EncryptionDecryptionFailed( + 'Failed to encrypt/decrypt in %s: %s' % ( + fun.__name__, + stderr)) + + if verify is not None: + # A verify key has been passed + if result.valid is False or \ + verify.fingerprint != result.pubkey_fingerprint: + raise errors.InvalidSignature( + 'Failed to verify signature with key %s: %s' % + (verify.key_id, stderr)) + + if is_sign_function: + # Specific validation for sign function + privkey = gpg.list_keys(secret=True).pop() + rfprint = result.fingerprint + kfprint = privkey['fingerprint'] + if result.fingerprint is None: + raise errors.SignFailed( + 'Failed to sign with key %s: %s' % + (privkey['keyid'], stderr)) + leap_assert( + result.fingerprint == kfprint, + 'Signature and private key fingerprints mismatch: ' + '%s != %s' % + (rfprint, kfprint)) + + if is_verify_function: + # Specific validation for verify function + pubkey = gpg.list_keys().pop() + valid = result.valid + rfprint = result.fingerprint + kfprint = pubkey['fingerprint'] + if valid is False or rfprint != kfprint: + raise errors.InvalidSignature( + 'Failed to verify signature ' + 'with key %s.' % pubkey['keyid']) + result = result.valid + + # ok, enough checks. let's return data if available + if hasattr(result, 'data'): + result = result.data + return result + return wrapped + + +class TempGPGWrapper(object): + """ + A context manager returning a temporary GPG wrapper keyring, which + contains exactly zero or one pubkeys, and zero or one privkeys. + + Temporary unitary keyrings allow the to use GPG's facilities for exactly + one key. This function creates an empty temporary keyring and imports + C{keys} if it is not None. + """ + def __init__(self, keys=None): + """ + :param keys: OpenPGP key, or list of. + :type keys: OpenPGPKey or list of OpenPGPKeys + """ + self._gpg = None + if not keys: + keys = list() + if not isinstance(keys, list): + keys = [keys] + self._keys = keys + for key in filter(None, keys): + leap_assert_type(key, OpenPGPKey) + + def __enter__(self): + """ + Calls the unitary gpgwrapper initializer + + :return: A GPG wrapper with a unitary keyring. + :rtype: gnupg.GPG + """ + self._build_keyring() + return self._gpg + + def __exit__(self, exc_type, exc_value, traceback): + """ + Ensures the gpgwrapper is properly destroyed. + """ + # TODO handle exceptions and log here + self._destroy_keyring() + + def _build_keyring(self): + """ + Create an empty GPG keyring and import C{keys} into it. + + :param keys: List of keys to add to the keyring. + :type keys: list of OpenPGPKey + + :return: A GPG wrapper with a unitary keyring. + :rtype: gnupg.GPG + """ + privkeys = [key for key in self._keys if key and key.private is True] + publkeys = [key for key in self._keys if key and key.private is False] + # here we filter out public keys that have a correspondent + # private key in the list because the private key_data by + # itself is enough to also have the public key in the keyring, + # and we want to count the keys afterwards. + + privaddrs = map(lambda privkey: privkey.address, privkeys) + publkeys = filter( + lambda pubkey: pubkey.address not in privaddrs, publkeys) + + listkeys = lambda: self._gpg.list_keys() + listsecretkeys = lambda: self._gpg.list_keys(secret=True) + + self._gpg = GPGWrapper(gnupghome=tempfile.mkdtemp()) + leap_assert(len(listkeys()) is 0, 'Keyring not empty.') + + # import keys into the keyring: + # concatenating ascii-armored keys, which is correctly + # understood by the GPGWrapper. + + self._gpg.import_keys("".join( + [x.key_data for x in publkeys + privkeys])) + + # assert the number of keys in the keyring + leap_assert( + len(listkeys()) == len(publkeys) + len(privkeys), + 'Wrong number of public keys in keyring: %d, should be %d)' % + (len(listkeys()), len(publkeys) + len(privkeys))) + leap_assert( + len(listsecretkeys()) == len(privkeys), + 'Wrong number of private keys in keyring: %d, should be %d)' % + (len(listsecretkeys()), len(privkeys))) + + def _destroy_keyring(self): + """ + Securely erase a unitary keyring. + """ + # TODO: implement some kind of wiping of data or a more + # secure way that + # does not write to disk. + + try: + for secret in [True, False]: + for key in self._gpg.list_keys(secret=secret): + self._gpg.delete_keys( + key['fingerprint'], + secret=secret) + leap_assert(len(self._gpg.list_keys()) is 0, 'Keyring not empty!') + + except: + raise + + finally: + leap_assert(self._gpg.gnupghome != os.path.expanduser('~/.gnupg'), + "watch out! Tried to remove default gnupg home!") + shutil.rmtree(self._gpg.gnupghome) + + +# +# API functions +# + +@with_temporary_gpg +def encrypt_asym(data, key, passphrase=None, sign=None): + """ + Encrypt C{data} using public @{key} and sign with C{sign} key. + + :param data: The data to be encrypted. + :type data: str + :param pubkey: The key used to encrypt. + :type pubkey: OpenPGPKey + :param sign: The key used for signing. + :type sign: OpenPGPKey + + :return: The encrypted data. + :rtype: str + """ + leap_assert_type(key, OpenPGPKey) + leap_assert(key.private is False, 'Key is not public.') + if sign is not None: + leap_assert_type(sign, OpenPGPKey) + leap_assert(sign.private is True) + + # Here we cannot assert for correctness of sig because the sig is in + # the ciphertext. + # result.ok - (bool) indicates if the operation succeeded + # result.data - (bool) contains the result of the operation + + return lambda gpg: gpg.encrypt( + data, key.fingerprint, + sign=sign.key_id if sign else None, + passphrase=passphrase, symmetric=False) + + +@with_temporary_gpg +def decrypt_asym(data, key, passphrase=None, verify=None): + """ + Decrypt C{data} using private @{key} and verify with C{verify} key. + + :param data: The data to be decrypted. + :type data: str + :param privkey: The key used to decrypt. + :type privkey: OpenPGPKey + :param verify: The key used to verify a signature. + :type verify: OpenPGPKey + + :return: The decrypted data. + :rtype: str + + @raise InvalidSignature: Raised if unable to verify the signature with + C{verify} key. + """ + leap_assert(key.private is True, 'Key is not private.') + if verify is not None: + leap_assert_type(verify, OpenPGPKey) + leap_assert(verify.private is False) + + return lambda gpg: gpg.decrypt( + data, passphrase=passphrase) + + +@with_temporary_gpg +def is_encrypted(data): + """ + Return whether C{data} was encrypted using OpenPGP. + + :param data: The data we want to know about. + :type data: str + + :return: Whether C{data} was encrypted using this wrapper. + :rtype: bool + """ + return lambda gpg: gpg.is_encrypted(data) + + +@with_temporary_gpg +def is_encrypted_asym(data): + """ + Return whether C{data} was asymmetrically encrypted using OpenPGP. + + :param data: The data we want to know about. + :type data: str + + :return: Whether C{data} was encrypted using this wrapper. + :rtype: bool + """ + return lambda gpg: gpg.is_encrypted_asym(data) + + +@with_temporary_gpg +def sign(data, privkey): + """ + Sign C{data} with C{privkey}. + + :param data: The data to be signed. + :type data: str + + :param privkey: The private key to be used to sign. + :type privkey: OpenPGPKey + + :return: The ascii-armored signed data. + :rtype: str + """ + leap_assert_type(privkey, OpenPGPKey) + leap_assert(privkey.private is True) + + # result.fingerprint - contains the fingerprint of the key used to + # sign. + return lambda gpg: gpg.sign(data, keyid=privkey.key_id) + + +@with_temporary_gpg +def verify(data, key): + """ + Verify signed C{data} with C{pubkey}. + + :param data: The data to be verified. + :type data: str + + :param pubkey: The public key to be used on verification. + :type pubkey: OpenPGPKey + + :return: The ascii-armored signed data. + :rtype: str + """ + leap_assert_type(key, OpenPGPKey) + leap_assert(key.private is False) + + return lambda gpg: gpg.verify(data) + + +# +# Helper functions +# + + +def _build_key_from_gpg(address, key, key_data): + """ + Build an OpenPGPKey for C{address} based on C{key} from + local gpg storage. + + ASCII armored GPG key data has to be queried independently in this + wrapper, so we receive it in C{key_data}. + + :param address: The address bound to the key. + :type address: str + :param key: Key obtained from GPG storage. + :type key: dict + :param key_data: Key data obtained from GPG storage. + :type key_data: str + :return: An instance of the key. + :rtype: OpenPGPKey + """ + return OpenPGPKey( + address, + key_id=key['keyid'], + fingerprint=key['fingerprint'], + key_data=key_data, + private=True if key['type'] == 'sec' else False, + length=key['length'], + expiry_date=key['expires'], + validation=None, # TODO: verify for validation. + ) + + +# +# The OpenPGP wrapper +# + +class OpenPGPKey(EncryptionKey): + """ + Base class for OpenPGP keys. + """ + + +class OpenPGPScheme(EncryptionScheme): + """ + A wrapper for OpenPGP keys. + """ + + def __init__(self, soledad): + """ + Initialize the OpenPGP wrapper. + + :param soledad: A Soledad instance for key storage. + :type soledad: leap.soledad.Soledad + """ + EncryptionScheme.__init__(self, soledad) + + def gen_key(self, address): + """ + Generate an OpenPGP keypair bound to C{address}. + + :param address: The address bound to the key. + :type address: str + :return: The key bound to C{address}. + :rtype: OpenPGPKey + @raise KeyAlreadyExists: If key already exists in local database. + """ + # make sure the key does not already exist + leap_assert(is_address(address), 'Not an user address: %s' % address) + try: + self.get_key(address) + raise errors.KeyAlreadyExists(address) + except errors.KeyNotFound: + pass + + def _gen_key(gpg): + params = gpg.gen_key_input( + key_type='RSA', + key_length=4096, + name_real=address, + name_email=address, + name_comment='Generated by LEAP Key Manager.') + gpg.gen_key(params) + pubkeys = gpg.list_keys() + # assert for new key characteristics + leap_assert( + len(pubkeys) is 1, # a unitary keyring! + 'Keyring has wrong number of keys: %d.' % len(pubkeys)) + key = gpg.list_keys(secret=True).pop() + leap_assert( + len(key['uids']) is 1, # with just one uid! + 'Wrong number of uids for key: %d.' % len(key['uids'])) + leap_assert( + re.match('.*<%s>$' % address, key['uids'][0]) is not None, + 'Key not correctly bound to address.') + # insert both public and private keys in storage + for secret in [True, False]: + key = gpg.list_keys(secret=secret).pop() + openpgp_key = _build_key_from_gpg( + address, key, + gpg.export_keys(key['fingerprint'], secret=secret)) + self.put_key(openpgp_key) + + with temporary_gpgwrapper() as gpg: + # TODO: inspect result, or use decorator + _gen_key(gpg) + + return self.get_key(address, private=True) + + def get_key(self, address, private=False): + """ + Get key bound to C{address} from local storage. + + :param address: The address bound to the key. + :type address: str + :param private: Look for a private key instead of a public one? + :type private: bool + + :return: The key bound to C{address}. + :rtype: OpenPGPKey + @raise KeyNotFound: If the key was not found on local storage. + """ + leap_assert(is_address(address), 'Not an user address: %s' % address) + doc = self._get_key_doc(address, private) + if doc is None: + raise errors.KeyNotFound(address) + return build_key_from_dict(OpenPGPKey, address, doc.content) + + def put_ascii_key(self, key_data): + """ + Put key contained in ascii-armored C{key_data} in local storage. + + :param key_data: The key data to be stored. + :type key_data: str + """ + leap_assert_type(key_data, str) + # TODO: add more checks for correct key data. + leap_assert(key_data is not None, 'Data does not represent a key.') + + def _put_ascii_key(gpg): + gpg.import_keys(key_data) + privkey = None + pubkey = None + + try: + privkey = gpg.list_keys(secret=True).pop() + except IndexError: + pass + pubkey = gpg.list_keys(secret=False).pop() # unitary keyring + # extract adress from first uid on key + match = re.match('.*<([\w.-]+@[\w.-]+)>.*', pubkey['uids'].pop()) + leap_assert(match is not None, 'No user address in key data.') + address = match.group(1) + if privkey is not None: + match = re.match( + '.*<([\w.-]+@[\w.-]+)>.*', privkey['uids'].pop()) + leap_assert(match is not None, 'No user address in key data.') + privaddress = match.group(1) + leap_assert( + address == privaddress, + 'Addresses in pub and priv key differ.') + leap_assert( + pubkey['fingerprint'] == privkey['fingerprint'], + 'Fingerprints for pub and priv key differ.') + # insert private key in storage + openpgp_privkey = _build_key_from_gpg( + address, privkey, + gpg.export_keys(privkey['fingerprint'], secret=True)) + self.put_key(openpgp_privkey) + # insert public key in storage + openpgp_pubkey = _build_key_from_gpg( + address, pubkey, + gpg.export_keys(pubkey['fingerprint'], secret=False)) + self.put_key(openpgp_pubkey) + + with temporary_gpgwrapper() as gpg: + # TODO: inspect result, or use decorator + _put_ascii_key(gpg) + + def put_key(self, key): + """ + Put C{key} in local storage. + + :param key: The key to be stored. + :type key: OpenPGPKey + """ + doc = self._get_key_doc(key.address, private=key.private) + if doc is None: + self._soledad.create_doc_from_json(key.get_json()) + else: + doc.set_json(key.get_json()) + self._soledad.put_doc(doc) + + def _get_key_doc(self, address, private=False): + """ + Get the document with a key (public, by default) bound to C{address}. + + If C{private} is True, looks for a private key instead of a public. + + :param address: The address bound to the key. + :type address: str + :param private: Whether to look for a private key. + :type private: bool + :return: The document with the key or None if it does not exist. + :rtype: leap.soledad.backends.leap_backend.LeapDocument + """ + doclist = self._soledad.get_from_index( + TAGS_ADDRESS_PRIVATE_INDEX, + KEYMANAGER_KEY_TAG, + address, + '1' if private else '0') + if len(doclist) is 0: + return None + leap_assert( + len(doclist) is 1, + 'Found more than one %s key for address!' % + 'private' if private else 'public') + return doclist.pop() + + def delete_key(self, key): + """ + Remove C{key} from storage. + + :param key: The key to be removed. + :type key: EncryptionKey + """ + leap_assert(key.__class__ is OpenPGPKey, 'Wrong key type.') + stored_key = self.get_key(key.address, private=key.private) + if stored_key is None: + raise errors.KeyNotFound(key) + if stored_key.__dict__ != key.__dict__: + raise errors.KeyAttributesDiffer(key) + doc = self._get_key_doc(key.address, key.private) + self._soledad.delete_doc(doc) diff --git a/src/leap/base/tests/__init__.py b/src/leap/keymanager/tests/__init__.py index e69de29b..e69de29b 100644 --- a/src/leap/base/tests/__init__.py +++ b/src/leap/keymanager/tests/__init__.py diff --git a/src/leap/keymanager/tests/test_keymanager.py b/src/leap/keymanager/tests/test_keymanager.py new file mode 100644 index 00000000..a36406a6 --- /dev/null +++ b/src/leap/keymanager/tests/test_keymanager.py @@ -0,0 +1,686 @@ +## -*- coding: utf-8 -*- +# test_keymanager.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + + +""" +Tests for the Key Manager. +""" + + +from mock import Mock +try: + import simplejson as json +except ImportError: + import json # noqa + + +from leap.common.testing.basetest import BaseLeapTest +from leap.soledad import Soledad +#from leap.soledad.crypto import SoledadCrypto + +from leap.keymanager import ( + KeyManager, + openpgp, + KeyNotFound, + NoPasswordGiven, + #TAGS_INDEX, + #TAGS_AND_PRIVATE_INDEX, +) +from leap.keymanager.openpgp import OpenPGPKey +from leap.keymanager.keys import ( + is_address, + build_key_from_dict, +) +from leap.keymanager import errors + + +ADDRESS = 'leap@leap.se' +ADDRESS_2 = 'anotheruser@leap.se' + + +class KeyManagerUtilTestCase(BaseLeapTest): + + def setUp(self): + pass + + def tearDown(self): + pass + + def test_is_address(self): + self.assertTrue( + is_address('user@leap.se'), + 'Incorrect address detection.') + self.assertFalse( + is_address('userleap.se'), + 'Incorrect address detection.') + self.assertFalse( + is_address('user@'), + 'Incorrect address detection.') + self.assertFalse( + is_address('@leap.se'), + 'Incorrect address detection.') + + def test_build_key_from_dict(self): + kdict = { + 'address': ADDRESS, + 'key_id': 'key_id', + 'fingerprint': 'fingerprint', + 'key_data': 'key_data', + 'private': 'private', + 'length': 'length', + 'expiry_date': 'expiry_date', + 'first_seen_at': 'first_seen_at', + 'last_audited_at': 'last_audited_at', + 'validation': 'validation', + } + key = build_key_from_dict(OpenPGPKey, ADDRESS, kdict) + self.assertEqual( + kdict['address'], key.address, + 'Wrong data in key.') + self.assertEqual( + kdict['key_id'], key.key_id, + 'Wrong data in key.') + self.assertEqual( + kdict['fingerprint'], key.fingerprint, + 'Wrong data in key.') + self.assertEqual( + kdict['key_data'], key.key_data, + 'Wrong data in key.') + self.assertEqual( + kdict['private'], key.private, + 'Wrong data in key.') + self.assertEqual( + kdict['length'], key.length, + 'Wrong data in key.') + self.assertEqual( + kdict['expiry_date'], key.expiry_date, + 'Wrong data in key.') + self.assertEqual( + kdict['first_seen_at'], key.first_seen_at, + 'Wrong data in key.') + self.assertEqual( + kdict['last_audited_at'], key.last_audited_at, + 'Wrong data in key.') + self.assertEqual( + kdict['validation'], key.validation, + 'Wrong data in key.') + + +class KeyManagerWithSoledadTestCase(BaseLeapTest): + + def setUp(self): + # mock key fetching and storing so Soledad doesn't fail when trying to + # reach the server. + Soledad._get_secrets_from_shared_db = Mock(return_value=None) + Soledad._put_secrets_in_shared_db = Mock(return_value=None) + + self._soledad = Soledad( + "leap@leap.se", + "123456", + self.tempdir + "/secret.gpg", + self.tempdir + "/soledad.u1db", + '', + None, + auth_token=None, + ) + + def tearDown(self): + km = self._key_manager() + for key in km.get_all_keys_in_local_db(): + km._wrapper_map[key.__class__].delete_key(key) + for key in km.get_all_keys_in_local_db(private=True): + km._wrapper_map[key.__class__].delete_key(key) + + def _key_manager(self, user=ADDRESS, url=''): + return KeyManager(user, url, self._soledad) + + +class OpenPGPCryptoTestCase(KeyManagerWithSoledadTestCase): + + def _test_openpgp_gen_key(self): + pgp = openpgp.OpenPGPScheme(self._soledad) + self.assertRaises(KeyNotFound, pgp.get_key, 'user@leap.se') + key = pgp.gen_key('user@leap.se') + self.assertIsInstance(key, openpgp.OpenPGPKey) + self.assertEqual( + 'user@leap.se', key.address, 'Wrong address bound to key.') + self.assertEqual( + '4096', key.length, 'Wrong key length.') + + def test_openpgp_put_delete_key(self): + pgp = openpgp.OpenPGPScheme(self._soledad) + self.assertRaises(KeyNotFound, pgp.get_key, ADDRESS) + pgp.put_ascii_key(PUBLIC_KEY) + key = pgp.get_key(ADDRESS, private=False) + pgp.delete_key(key) + self.assertRaises(KeyNotFound, pgp.get_key, ADDRESS) + + def test_openpgp_put_ascii_key(self): + pgp = openpgp.OpenPGPScheme(self._soledad) + self.assertRaises(KeyNotFound, pgp.get_key, ADDRESS) + pgp.put_ascii_key(PUBLIC_KEY) + key = pgp.get_key(ADDRESS, private=False) + self.assertIsInstance(key, openpgp.OpenPGPKey) + self.assertEqual( + ADDRESS, key.address, 'Wrong address bound to key.') + self.assertEqual( + '4096', key.length, 'Wrong key length.') + pgp.delete_key(key) + self.assertRaises(KeyNotFound, pgp.get_key, ADDRESS) + + def test_get_public_key(self): + pgp = openpgp.OpenPGPScheme(self._soledad) + self.assertRaises(KeyNotFound, pgp.get_key, ADDRESS) + pgp.put_ascii_key(PUBLIC_KEY) + self.assertRaises( + KeyNotFound, pgp.get_key, ADDRESS, private=True) + key = pgp.get_key(ADDRESS, private=False) + self.assertEqual(ADDRESS, key.address) + self.assertFalse(key.private) + self.assertEqual(KEY_FINGERPRINT, key.fingerprint) + pgp.delete_key(key) + self.assertRaises(KeyNotFound, pgp.get_key, ADDRESS) + + def test_openpgp_encrypt_decrypt_asym(self): + # encrypt + pgp = openpgp.OpenPGPScheme(self._soledad) + pgp.put_ascii_key(PUBLIC_KEY) + pubkey = pgp.get_key(ADDRESS, private=False) + cyphertext = openpgp.encrypt_asym('data', pubkey) + # assert + self.assertTrue(cyphertext is not None) + self.assertTrue(cyphertext != '') + self.assertTrue(cyphertext != 'data') + self.assertTrue(openpgp.is_encrypted_asym(cyphertext)) + self.assertTrue(openpgp.is_encrypted(cyphertext)) + # decrypt + self.assertRaises( + KeyNotFound, pgp.get_key, ADDRESS, private=True) + pgp.put_ascii_key(PRIVATE_KEY) + privkey = pgp.get_key(ADDRESS, private=True) + plaintext = openpgp.decrypt_asym(cyphertext, privkey) + pgp.delete_key(pubkey) + pgp.delete_key(privkey) + self.assertRaises( + KeyNotFound, pgp.get_key, ADDRESS, private=False) + self.assertRaises( + KeyNotFound, pgp.get_key, ADDRESS, private=True) + + def test_verify_with_private_raises(self): + pgp = openpgp.OpenPGPScheme(self._soledad) + pgp.put_ascii_key(PRIVATE_KEY) + data = 'data' + privkey = pgp.get_key(ADDRESS, private=True) + signed = openpgp.sign(data, privkey) + self.assertRaises( + AssertionError, + openpgp.verify, signed, privkey) + + def test_sign_with_public_raises(self): + pgp = openpgp.OpenPGPScheme(self._soledad) + pgp.put_ascii_key(PUBLIC_KEY) + data = 'data' + pubkey = pgp.get_key(ADDRESS, private=False) + self.assertRaises( + AssertionError, + openpgp.sign, data, pubkey) + + def test_verify_with_wrong_key_raises(self): + pgp = openpgp.OpenPGPScheme(self._soledad) + pgp.put_ascii_key(PRIVATE_KEY) + data = 'data' + privkey = pgp.get_key(ADDRESS, private=True) + signed = openpgp.sign(data, privkey) + pgp.put_ascii_key(PUBLIC_KEY_2) + wrongkey = pgp.get_key(ADDRESS_2) + self.assertRaises( + errors.InvalidSignature, + openpgp.verify, signed, wrongkey) + + def test_encrypt_asym_sign_with_public_raises(self): + pgp = openpgp.OpenPGPScheme(self._soledad) + pgp.put_ascii_key(PRIVATE_KEY) + data = 'data' + privkey = pgp.get_key(ADDRESS, private=True) + pubkey = pgp.get_key(ADDRESS, private=False) + self.assertRaises( + AssertionError, + openpgp.encrypt_asym, data, privkey, sign=pubkey) + + def test_decrypt_asym_verify_with_private_raises(self): + pgp = openpgp.OpenPGPScheme(self._soledad) + pgp.put_ascii_key(PRIVATE_KEY) + data = 'data' + privkey = pgp.get_key(ADDRESS, private=True) + pubkey = pgp.get_key(ADDRESS, private=False) + encrypted_and_signed = openpgp.encrypt_asym( + data, pubkey, sign=privkey) + self.assertRaises( + AssertionError, + openpgp.decrypt_asym, + encrypted_and_signed, privkey, verify=privkey) + + def test_decrypt_asym_verify_with_wrong_key_raises(self): + pgp = openpgp.OpenPGPScheme(self._soledad) + pgp.put_ascii_key(PRIVATE_KEY) + data = 'data' + privkey = pgp.get_key(ADDRESS, private=True) + pubkey = pgp.get_key(ADDRESS, private=False) + encrypted_and_signed = openpgp.encrypt_asym(data, pubkey, sign=privkey) + pgp.put_ascii_key(PUBLIC_KEY_2) + wrongkey = pgp.get_key(ADDRESS_2) + self.assertRaises( + errors.InvalidSignature, + openpgp.verify, encrypted_and_signed, wrongkey) + + def test_sign_verify(self): + pgp = openpgp.OpenPGPScheme(self._soledad) + pgp.put_ascii_key(PRIVATE_KEY) + data = 'data' + privkey = pgp.get_key(ADDRESS, private=True) + signed = openpgp.sign(data, privkey) + pubkey = pgp.get_key(ADDRESS, private=False) + self.assertTrue(openpgp.verify(signed, pubkey)) + + def test_encrypt_asym_sign_decrypt_verify(self): + pgp = openpgp.OpenPGPScheme(self._soledad) + pgp.put_ascii_key(PRIVATE_KEY) + pubkey = pgp.get_key(ADDRESS, private=False) + privkey = pgp.get_key(ADDRESS, private=True) + pgp.put_ascii_key(PRIVATE_KEY_2) + pubkey2 = pgp.get_key(ADDRESS_2, private=False) + privkey2 = pgp.get_key(ADDRESS_2, private=True) + data = 'data' + encrypted_and_signed = openpgp.encrypt_asym( + data, pubkey2, sign=privkey) + res = openpgp.decrypt_asym( + encrypted_and_signed, privkey2, verify=pubkey) + self.assertTrue(data, res) + + +class KeyManagerKeyManagementTestCase(KeyManagerWithSoledadTestCase): + + def test_get_all_keys_in_db(self): + km = self._key_manager() + km._wrapper_map[OpenPGPKey].put_ascii_key(PRIVATE_KEY) + # get public keys + keys = km.get_all_keys_in_local_db(False) + self.assertEqual(len(keys), 1, 'Wrong number of keys') + self.assertEqual(ADDRESS, keys[0].address) + self.assertFalse(keys[0].private) + # get private keys + keys = km.get_all_keys_in_local_db(True) + self.assertEqual(len(keys), 1, 'Wrong number of keys') + self.assertEqual(ADDRESS, keys[0].address) + self.assertTrue(keys[0].private) + + def test_get_public_key(self): + km = self._key_manager() + km._wrapper_map[OpenPGPKey].put_ascii_key(PRIVATE_KEY) + # get the key + key = km.get_key(ADDRESS, OpenPGPKey, private=False, + fetch_remote=False) + self.assertTrue(key is not None) + self.assertEqual(key.address, ADDRESS) + self.assertEqual( + key.fingerprint.lower(), KEY_FINGERPRINT.lower()) + self.assertFalse(key.private) + + def test_get_private_key(self): + km = self._key_manager() + km._wrapper_map[OpenPGPKey].put_ascii_key(PRIVATE_KEY) + # get the key + key = km.get_key(ADDRESS, OpenPGPKey, private=True, + fetch_remote=False) + self.assertTrue(key is not None) + self.assertEqual(key.address, ADDRESS) + self.assertEqual( + key.fingerprint.lower(), KEY_FINGERPRINT.lower()) + self.assertTrue(key.private) + + def test_send_key_raises_key_not_found(self): + km = self._key_manager() + self.assertRaises( + KeyNotFound, + km.send_key, OpenPGPKey) + + def test_send_key(self): + """ + Test that request is well formed when sending keys to server. + """ + km = self._key_manager() + km._wrapper_map[OpenPGPKey].put_ascii_key(PUBLIC_KEY) + km._fetcher.put = Mock() + # the following data will be used on the send + km.ca_cert_path = 'capath' + km.session_id = 'sessionid' + km.uid = 'myuid' + km.api_uri = 'apiuri' + km.api_version = 'apiver' + km.send_key(OpenPGPKey) + # setup expected args + data = { + km.PUBKEY_KEY: km.get_key(km._address, OpenPGPKey).key_data, + } + url = '%s/%s/users/%s.json' % ('apiuri', 'apiver', 'myuid') + km._fetcher.put.assert_called_once_with( + url, data=data, verify='capath', + cookies={'_session_id': 'sessionid'}, + ) + + def test__fetch_keys_from_server(self): + """ + Test that the request is well formed when fetching keys from server. + """ + km = self._key_manager(url='http://nickserver.domain') + + class Response(object): + status_code = 200 + headers = {'content-type': 'application/json'} + + def json(self): + return {'address': ADDRESS_2, 'openpgp': PUBLIC_KEY_2} + + def raise_for_status(self): + pass + + # mock the fetcher so it returns the key for ADDRESS_2 + km._fetcher.get = Mock( + return_value=Response()) + km.ca_cert_path = 'cacertpath' + # do the fetch + km._fetch_keys_from_server(ADDRESS_2) + # and verify the call + km._fetcher.get.assert_called_once_with( + 'http://nickserver.domain', + data={'address': ADDRESS_2}, + verify='cacertpath', + ) + + def test_refresh_keys_does_not_refresh_own_key(self): + """ + Test that refreshing keys will not attempt to refresh our own key. + """ + km = self._key_manager() + # we add 2 keys but we expect it to only refresh the second one. + km._wrapper_map[OpenPGPKey].put_ascii_key(PUBLIC_KEY) + km._wrapper_map[OpenPGPKey].put_ascii_key(PUBLIC_KEY_2) + # mock the key fetching + km._fetch_keys_from_server = Mock(return_value=[]) + km.ca_cert_path = '' # some bogus path so the km does not complain. + # do the refreshing + km.refresh_keys() + km._fetch_keys_from_server.assert_called_once_with( + ADDRESS_2 + ) + + def test_get_key_fetches_from_server(self): + """ + Test that getting a key successfuly fetches from server. + """ + km = self._key_manager(url='http://nickserver.domain') + + class Response(object): + status_code = 200 + headers = {'content-type': 'application/json'} + + def json(self): + return {'address': ADDRESS_2, 'openpgp': PUBLIC_KEY_2} + + def raise_for_status(self): + pass + + # mock the fetcher so it returns the key for ADDRESS_2 + km._fetcher.get = Mock(return_value=Response()) + km.ca_cert_path = 'cacertpath' + # try to key get without fetching from server + self.assertRaises( + KeyNotFound, km.get_key, ADDRESS_2, OpenPGPKey, + fetch_remote=False + ) + # try to get key fetching from server. + key = km.get_key(ADDRESS_2, OpenPGPKey) + self.assertIsInstance(key, OpenPGPKey) + self.assertEqual(ADDRESS_2, key.address) + + +# Key material for testing + +# key 24D18DDF: public key "Leap Test Key <leap@leap.se>" +KEY_FINGERPRINT = "E36E738D69173C13D709E44F2F455E2824D18DDF" +PUBLIC_KEY = """ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.10 (GNU/Linux) + +mQINBFC9+dkBEADNRfwV23TWEoGc/x0wWH1P7PlXt8MnC2Z1kKaKKmfnglVrpOiz +iLWoiU58sfZ0L5vHkzXHXCBf6Eiy/EtUIvdiWAn+yASJ1mk5jZTBKO/WMAHD8wTO +zpMsFmWyg3xc4DkmFa9KQ5EVU0o/nqPeyQxNMQN7px5pPwrJtJFmPxnxm+aDkPYx +irDmz/4DeDNqXliazGJKw7efqBdlwTHkl9Akw2gwy178pmsKwHHEMOBOFFvX61AT +huKqHYmlCGSliwbrJppTG7jc1/ls3itrK+CWTg4txREkSpEVmfcASvw/ZqLbjgfs +d/INMwXnR9U81O8+7LT6yw/ca4ppcFoJD7/XJbkRiML6+bJ4Dakiy6i727BzV17g +wI1zqNvm5rAhtALKfACha6YO43aJzairO4II1wxVHvRDHZn2IuKDDephQ3Ii7/vb +hUOf6XCSmchkAcpKXUOvbxm1yfB1LRa64mMc2RcZxf4mW7KQkulBsdV5QG2276lv +U2UUy2IutXcGP5nXC+f6sJJGJeEToKJ57yiO/VWJFjKN8SvP+7AYsQSqINUuEf6H +T5gCPCraGMkTUTPXrREvu7NOohU78q6zZNaL3GW8ai7eSeANSuQ8Vzffx7Wd8Y7i +Pw9sYj0SMFs1UgjbuL6pO5ueHh+qyumbtAq2K0Bci0kqOcU4E9fNtdiovQARAQAB +tBxMZWFwIFRlc3QgS2V5IDxsZWFwQGxlYXAuc2U+iQI3BBMBCAAhBQJQvfnZAhsD +BQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEC9FXigk0Y3fT7EQAKH3IuRniOpb +T/DDIgwwjz3oxB/W0DDMyPXowlhSOuM0rgGfntBpBb3boezEXwL86NPQxNGGruF5 +hkmecSiuPSvOmQlqlS95NGQp6hNG0YaKColh+Q5NTspFXCAkFch9oqUje0LdxfSP +QfV9UpeEvGyPmk1I9EJV/YDmZ4+Djge1d7qhVZInz4Rx1NrSyF/Tc2EC0VpjQFsU +Y9Kb2YBBR7ivG6DBc8ty0jJXi7B4WjkFcUEJviQpMF2dCLdonCehYs1PqsN1N7j+ +eFjQd+hqVMJgYuSGKjvuAEfClM6MQw7+FmFwMyLgK/Ew/DttHEDCri77SPSkOGSI +txCzhTg6798f6mJr7WcXmHX1w1Vcib5FfZ8vTDFVhz/XgAgArdhPo9V6/1dgSSiB +KPQ/spsco6u5imdOhckERE0lnAYvVT6KE81TKuhF/b23u7x+Wdew6kK0EQhYA7wy +7LmlaNXc7rMBQJ9Z60CJ4JDtatBWZ0kNrt2VfdDHVdqBTOpl0CraNUjWE5YMDasr +K2dF5IX8D3uuYtpZnxqg0KzyLg0tzL0tvOL1C2iudgZUISZNPKbS0z0v+afuAAnx +2pTC3uezbh2Jt8SWTLhll4i0P4Ps5kZ6HQUO56O+/Z1cWovX+mQekYFmERySDR9n +3k1uAwLilJmRmepGmvYbB8HloV8HqwgguQINBFC9+dkBEAC0I/xn1uborMgDvBtf +H0sEhwnXBC849/32zic6udB6/3Efk9nzbSpL3FSOuXITZsZgCHPkKarnoQ2ztMcS +sh1ke1C5gQGms75UVmM/nS+2YI4vY8OX/GC/on2vUyncqdH+bR6xH5hx4NbWpfTs +iQHmz5C6zzS/kuabGdZyKRaZHt23WQ7JX/4zpjqbC99DjHcP9BSk7tJ8wI4bkMYD +uFVQdT9O6HwyKGYwUU4sAQRAj7XCTGvVbT0dpgJwH4RmrEtJoHAx4Whg8mJ710E0 +GCmzf2jqkNuOw76ivgk27Kge+Hw00jmJjQhHY0yVbiaoJwcRrPKzaSjEVNgrpgP3 +lXPRGQArgESsIOTeVVHQ8fhK2YtTeCY9rIiO+L0OX2xo9HK7hfHZZWL6rqymXdyS +fhzh/f6IPyHFWnvj7Brl7DR8heMikygcJqv+ed2yx7iLyCUJ10g12I48+aEj1aLe +dP7lna32iY8/Z0SHQLNH6PXO9SlPcq2aFUgKqE75A/0FMk7CunzU1OWr2ZtTLNO1 +WT/13LfOhhuEq9jTyTosn0WxBjJKq18lnhzCXlaw6EAtbA7CUwsD3CTPR56aAXFK +3I7KXOVAqggrvMe5Tpdg5drfYpI8hZovL5aAgb+7Y5ta10TcJdUhS5K3kFAWe/td +U0cmWUMDP1UMSQ5Jg6JIQVWhSwARAQABiQIfBBgBCAAJBQJQvfnZAhsMAAoJEC9F +Xigk0Y3fRwsP/i0ElYCyxeLpWJTwo1iCLkMKz2yX1lFVa9nT1BVTPOQwr/IAc5OX +NdtbJ14fUsKL5pWgW8OmrXtwZm1y4euI1RPWWubG01ouzwnGzv26UcuHeqC5orZj +cOnKtL40y8VGMm8LoicVkRJH8blPORCnaLjdOtmA3rx/v2EXrJpSa3AhOy0ZSRXk +ZSrK68AVNwamHRoBSYyo0AtaXnkPX4+tmO8X8BPfj125IljubvwZPIW9VWR9UqCE +VPfDR1XKegVb6VStIywF7kmrknM1C5qUY28rdZYWgKorw01hBGV4jTW0cqde3N51 +XT1jnIAa+NoXUM9uQoGYMiwrL7vNsLlyyiW5ayDyV92H/rIuiqhFgbJsHTlsm7I8 +oGheR784BagAA1NIKD1qEO9T6Kz9lzlDaeWS5AUKeXrb7ZJLI1TTCIZx5/DxjLqM +Tt/RFBpVo9geZQrvLUqLAMwdaUvDXC2c6DaCPXTh65oCZj/hqzlJHH+RoTWWzKI+ +BjXxgUWF9EmZUBrg68DSmI+9wuDFsjZ51BcqvJwxyfxtTaWhdoYqH/UQS+D1FP3/ +diZHHlzwVwPICzM9ooNTgbrcDzyxRkIVqsVwBq7EtzcvgYUyX53yG25Giy6YQaQ2 +ZtQ/VymwFL3XdUWV6B/hU4PVAFvO3qlOtdJ6TpE+nEWgcWjCv5g7RjXX +=MuOY +-----END PGP PUBLIC KEY BLOCK----- +""" +PRIVATE_KEY = """ +-----BEGIN PGP PRIVATE KEY BLOCK----- +Version: GnuPG v1.4.10 (GNU/Linux) + +lQcYBFC9+dkBEADNRfwV23TWEoGc/x0wWH1P7PlXt8MnC2Z1kKaKKmfnglVrpOiz +iLWoiU58sfZ0L5vHkzXHXCBf6Eiy/EtUIvdiWAn+yASJ1mk5jZTBKO/WMAHD8wTO +zpMsFmWyg3xc4DkmFa9KQ5EVU0o/nqPeyQxNMQN7px5pPwrJtJFmPxnxm+aDkPYx +irDmz/4DeDNqXliazGJKw7efqBdlwTHkl9Akw2gwy178pmsKwHHEMOBOFFvX61AT +huKqHYmlCGSliwbrJppTG7jc1/ls3itrK+CWTg4txREkSpEVmfcASvw/ZqLbjgfs +d/INMwXnR9U81O8+7LT6yw/ca4ppcFoJD7/XJbkRiML6+bJ4Dakiy6i727BzV17g +wI1zqNvm5rAhtALKfACha6YO43aJzairO4II1wxVHvRDHZn2IuKDDephQ3Ii7/vb +hUOf6XCSmchkAcpKXUOvbxm1yfB1LRa64mMc2RcZxf4mW7KQkulBsdV5QG2276lv +U2UUy2IutXcGP5nXC+f6sJJGJeEToKJ57yiO/VWJFjKN8SvP+7AYsQSqINUuEf6H +T5gCPCraGMkTUTPXrREvu7NOohU78q6zZNaL3GW8ai7eSeANSuQ8Vzffx7Wd8Y7i +Pw9sYj0SMFs1UgjbuL6pO5ueHh+qyumbtAq2K0Bci0kqOcU4E9fNtdiovQARAQAB +AA/+JHtlL39G1wsH9R6UEfUQJGXR9MiIiwZoKcnRB2o8+DS+OLjg0JOh8XehtuCs +E/8oGQKtQqa5bEIstX7IZoYmYFiUQi9LOzIblmp2vxOm+HKkxa4JszWci2/ZmC3t +KtaA4adl9XVnshoQ7pijuCMUKB3naBEOAxd8s9d/JeReGIYkJErdrnVfNk5N71Ds +FmH5Ll3XtEDvgBUQP3nkA6QFjpsaB94FHjL3gDwum/cxzj6pCglcvHOzEhfY0Ddb +J967FozQTaf2JW3O+w3LOqtcKWpq87B7+O61tVidQPSSuzPjCtFF0D2LC9R/Hpky +KTMQ6CaKja4MPhjwywd4QPcHGYSqjMpflvJqi+kYIt8psUK/YswWjnr3r4fbuqVY +VhtiHvnBHQjz135lUqWvEz4hM3Xpnxydx7aRlv5NlevK8+YIO5oFbWbGNTWsPZI5 +jpoFBpSsnR1Q5tnvtNHauvoWV+XN2qAOBTG+/nEbDYH6Ak3aaE9jrpTdYh0CotYF +q7csANsDy3JvkAzeU6WnYpsHHaAjqOGyiZGsLej1UcXPFMosE/aUo4WQhiS8Zx2c +zOVKOi/X5vQ2GdNT9Qolz8AriwzsvFR+bxPzyd8V6ALwDsoXvwEYinYBKK8j0OPv +OOihSR6HVsuP9NUZNU9ewiGzte/+/r6pNXHvR7wTQ8EWLcEIAN6Zyrb0bHZTIlxt +VWur/Ht2mIZrBaO50qmM5RD3T5oXzWXi/pjLrIpBMfeZR9DWfwQwjYzwqi7pxtYx +nJvbMuY505rfnMoYxb4J+cpRXV8MS7Dr1vjjLVUC9KiwSbM3gg6emfd2yuA93ihv +Pe3mffzLIiQa4mRE3wtGcioC43nWuV2K2e1KjxeFg07JhrezA/1Cak505ab/tmvP +4YmjR5c44+yL/YcQ3HdFgs4mV+nVbptRXvRcPpolJsgxPccGNdvHhsoR4gwXMS3F +RRPD2z6x8xeN73Q4KH3bm01swQdwFBZbWVfmUGLxvN7leCdfs9+iFJyqHiCIB6Iv +mQfp8F0IAOwSo8JhWN+V1dwML4EkIrM8wUb4yecNLkyR6TpPH/qXx4PxVMC+vy6x +sCtjeHIwKE+9vqnlhd5zOYh7qYXEJtYwdeDDmDbL8oks1LFfd+FyAuZXY33DLwn0 +cRYsr2OEZmaajqUB3NVmj3H4uJBN9+paFHyFSXrH68K1Fk2o3n+RSf2EiX+eICwI +L6rqoF5sSVUghBWdNegV7qfy4anwTQwrIMGjgU5S6PKW0Dr/3iO5z3qQpGPAj5OW +ATqPWkDICLbObPxD5cJlyyNE2wCA9VVc6/1d6w4EVwSq9h3/WTpATEreXXxTGptd +LNiTA1nmakBYNO2Iyo3djhaqBdWjk+EIAKtVEnJH9FAVwWOvaj1RoZMA5DnDMo7e +SnhrCXl8AL7Z1WInEaybasTJXn1uQ8xY52Ua4b8cbuEKRKzw/70NesFRoMLYoHTO +dyeszvhoDHberpGRTciVmpMu7Hyi33rM31K9epA4ib6QbbCHnxkWOZB+Bhgj1hJ8 +xb4RBYWiWpAYcg0+DAC3w9gfxQhtUlZPIbmbrBmrVkO2GVGUj8kH6k4UV6kUHEGY +HQWQR0HcbKcXW81ZXCCD0l7ROuEWQtTe5Jw7dJ4/QFuqZnPutXVRNOZqpl6eRShw +7X2/a29VXBpmHA95a88rSQsL+qm7Fb3prqRmuMCtrUZgFz7HLSTuUMR867QcTGVh +cCBUZXN0IEtleSA8bGVhcEBsZWFwLnNlPokCNwQTAQgAIQUCUL352QIbAwULCQgH +AwUVCgkICwUWAgMBAAIeAQIXgAAKCRAvRV4oJNGN30+xEACh9yLkZ4jqW0/wwyIM +MI896MQf1tAwzMj16MJYUjrjNK4Bn57QaQW926HsxF8C/OjT0MTRhq7heYZJnnEo +rj0rzpkJapUveTRkKeoTRtGGigqJYfkOTU7KRVwgJBXIfaKlI3tC3cX0j0H1fVKX +hLxsj5pNSPRCVf2A5mePg44HtXe6oVWSJ8+EcdTa0shf03NhAtFaY0BbFGPSm9mA +QUe4rxugwXPLctIyV4uweFo5BXFBCb4kKTBdnQi3aJwnoWLNT6rDdTe4/nhY0Hfo +alTCYGLkhio77gBHwpTOjEMO/hZhcDMi4CvxMPw7bRxAwq4u+0j0pDhkiLcQs4U4 +Ou/fH+pia+1nF5h19cNVXIm+RX2fL0wxVYc/14AIAK3YT6PVev9XYEkogSj0P7Kb +HKOruYpnToXJBERNJZwGL1U+ihPNUyroRf29t7u8flnXsOpCtBEIWAO8Muy5pWjV +3O6zAUCfWetAieCQ7WrQVmdJDa7dlX3Qx1XagUzqZdAq2jVI1hOWDA2rKytnReSF +/A97rmLaWZ8aoNCs8i4NLcy9Lbzi9QtornYGVCEmTTym0tM9L/mn7gAJ8dqUwt7n +s24dibfElky4ZZeItD+D7OZGeh0FDuejvv2dXFqL1/pkHpGBZhEckg0fZ95NbgMC +4pSZkZnqRpr2GwfB5aFfB6sIIJ0HGARQvfnZARAAtCP8Z9bm6KzIA7wbXx9LBIcJ +1wQvOPf99s4nOrnQev9xH5PZ820qS9xUjrlyE2bGYAhz5Cmq56ENs7THErIdZHtQ +uYEBprO+VFZjP50vtmCOL2PDl/xgv6J9r1Mp3KnR/m0esR+YceDW1qX07IkB5s+Q +us80v5LmmxnWcikWmR7dt1kOyV/+M6Y6mwvfQ4x3D/QUpO7SfMCOG5DGA7hVUHU/ +Tuh8MihmMFFOLAEEQI+1wkxr1W09HaYCcB+EZqxLSaBwMeFoYPJie9dBNBgps39o +6pDbjsO+or4JNuyoHvh8NNI5iY0IR2NMlW4mqCcHEazys2koxFTYK6YD95Vz0RkA +K4BErCDk3lVR0PH4StmLU3gmPayIjvi9Dl9saPRyu4Xx2WVi+q6spl3ckn4c4f3+ +iD8hxVp74+wa5ew0fIXjIpMoHCar/nndsse4i8glCddINdiOPPmhI9Wi3nT+5Z2t +9omPP2dEh0CzR+j1zvUpT3KtmhVICqhO+QP9BTJOwrp81NTlq9mbUyzTtVk/9dy3 +zoYbhKvY08k6LJ9FsQYySqtfJZ4cwl5WsOhALWwOwlMLA9wkz0eemgFxStyOylzl +QKoIK7zHuU6XYOXa32KSPIWaLy+WgIG/u2ObWtdE3CXVIUuSt5BQFnv7XVNHJllD +Az9VDEkOSYOiSEFVoUsAEQEAAQAP/1AagnZQZyzHDEgw4QELAspYHCWLXE5aZInX +wTUJhK31IgIXNn9bJ0hFiSpQR2xeMs9oYtRuPOu0P8oOFMn4/z374fkjZy8QVY3e +PlL+3EUeqYtkMwlGNmVw5a/NbNuNfm5Darb7pEfbYd1gPcni4MAYw7R2SG/57GbC +9gucvspHIfOSfBNLBthDzmK8xEKe1yD2eimfc2T7IRYb6hmkYfeds5GsqvGI6mwI +85h4uUHWRc5JOlhVM6yX8hSWx0L60Z3DZLChmc8maWnFXd7C8eQ6P1azJJbW71Ih +7CoK0XW4LE82vlQurSRFgTwfl7wFYszW2bOzCuhHDDtYnwH86Nsu0DC78ZVRnvxn +E8Ke/AJgrdhIOo4UAyR+aZD2+2mKd7/waOUTUrUtTzc7i8N3YXGi/EIaNReBXaq+ +ZNOp24BlFzRp+FCF/pptDW9HjPdiV09x0DgICmeZS4Gq/4vFFIahWctg52NGebT0 +Idxngjj+xDtLaZlLQoOz0n5ByjO/Wi0ANmMv1sMKCHhGvdaSws2/PbMR2r4caj8m +KXpIgdinM/wUzHJ5pZyF2U/qejsRj8Kw8KH/tfX4JCLhiaP/mgeTuWGDHeZQERAT +xPmRFHaLP9/ZhvGNh6okIYtrKjWTLGoXvKLHcrKNisBLSq+P2WeFrlme1vjvJMo/ +jPwLT5o9CADQmcbKZ+QQ1ZM9v99iDZol7SAMZX43JC019sx6GK0u6xouJBcLfeB4 +OXacTgmSYdTa9RM9fbfVpti01tJ84LV2SyL/VJq/enJF4XQPSynT/tFTn1PAor6o +tEAAd8fjKdJ6LnD5wb92SPHfQfXqI84rFEO8rUNIE/1ErT6DYifDzVCbfD2KZdoF +cOSp7TpD77sY1bs74ocBX5ejKtd+aH99D78bJSMM4pSDZsIEwnomkBHTziubPwJb +OwnATy0LmSMAWOw5rKbsh5nfwCiUTM20xp0t5JeXd+wPVWbpWqI2EnkCEN+RJr9i +7dp/ymDQ+Yt5wrsN3NwoyiexPOG91WQVCADdErHsnglVZZq9Z8Wx7KwecGCUurJ2 +H6lKudv5YOxPnAzqZS5HbpZd/nRTMZh2rdXCr5m2YOuewyYjvM757AkmUpM09zJX +MQ1S67/UX2y8/74TcRF97Ncx9HeELs92innBRXoFitnNguvcO6Esx4BTe1OdU6qR +ER3zAmVf22Le9ciXbu24DN4mleOH+OmBx7X2PqJSYW9GAMTsRB081R6EWKH7romQ +waxFrZ4DJzZ9ltyosEJn5F32StyLrFxpcrdLUoEaclZCv2qka7sZvi0EvovDVEBU +e10jOx9AOwf8Gj2ufhquQ6qgVYCzbP+YrodtkFrXRS3IsljIchj1M2ffB/0bfoUs +rtER9pLvYzCjBPg8IfGLw0o754Qbhh/ReplCRTusP/fQMybvCvfxreS3oyEriu/G +GufRomjewZ8EMHDIgUsLcYo2UHZsfF7tcazgxMGmMvazp4r8vpgrvW/8fIN/6Adu +tF+WjWDTvJLFJCe6O+BFJOWrssNrrra1zGtLC1s8s+Wfpe+bGPL5zpHeebGTwH1U +22eqgJArlEKxrfarz7W5+uHZJHSjF/K9ZvunLGD0n9GOPMpji3UO3zeM8IYoWn7E +/EWK1XbjnssNemeeTZ+sDh+qrD7BOi+vCX1IyBxbfqnQfJZvmcPWpruy1UsO+aIC +0GY8Jr3OL69dDQ21jueJAh8EGAEIAAkFAlC9+dkCGwwACgkQL0VeKCTRjd9HCw/+ +LQSVgLLF4ulYlPCjWIIuQwrPbJfWUVVr2dPUFVM85DCv8gBzk5c121snXh9Swovm +laBbw6ate3BmbXLh64jVE9Za5sbTWi7PCcbO/bpRy4d6oLmitmNw6cq0vjTLxUYy +bwuiJxWREkfxuU85EKdouN062YDevH+/YResmlJrcCE7LRlJFeRlKsrrwBU3BqYd +GgFJjKjQC1peeQ9fj62Y7xfwE9+PXbkiWO5u/Bk8hb1VZH1SoIRU98NHVcp6BVvp +VK0jLAXuSauSczULmpRjbyt1lhaAqivDTWEEZXiNNbRyp17c3nVdPWOcgBr42hdQ +z25CgZgyLCsvu82wuXLKJblrIPJX3Yf+si6KqEWBsmwdOWybsjygaF5HvzgFqAAD +U0goPWoQ71PorP2XOUNp5ZLkBQp5etvtkksjVNMIhnHn8PGMuoxO39EUGlWj2B5l +Cu8tSosAzB1pS8NcLZzoNoI9dOHrmgJmP+GrOUkcf5GhNZbMoj4GNfGBRYX0SZlQ +GuDrwNKYj73C4MWyNnnUFyq8nDHJ/G1NpaF2hiof9RBL4PUU/f92JkceXPBXA8gL +Mz2ig1OButwPPLFGQhWqxXAGrsS3Ny+BhTJfnfIbbkaLLphBpDZm1D9XKbAUvdd1 +RZXoH+FTg9UAW87eqU610npOkT6cRaBxaMK/mDtGNdc= +=JTFu +-----END PGP PRIVATE KEY BLOCK----- +""" + +# key 7FEE575A: public key "anotheruser <anotheruser@leap.se>" +PUBLIC_KEY_2 = """ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.10 (GNU/Linux) + +mI0EUYwJXgEEAMbTKHuPJ5/Gk34l9Z06f+0WCXTDXdte1UBoDtZ1erAbudgC4MOR +gquKqoj3Hhw0/ILqJ88GcOJmKK/bEoIAuKaqlzDF7UAYpOsPZZYmtRfPC2pTCnXq +Z1vdeqLwTbUspqXflkCkFtfhGKMq5rH8GV5a3tXZkRWZhdNwhVXZagC3ABEBAAG0 +IWFub3RoZXJ1c2VyIDxhbm90aGVydXNlckBsZWFwLnNlPoi4BBMBAgAiBQJRjAle +AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRB/nfpof+5XWotuA/4tLN4E +gUr7IfLy2HkHAxzw7A4rqfMN92DIM9mZrDGaWRrOn3aVF7VU1UG7MDkHfPvp/cFw +ezoCw4s4IoHVc/pVlOkcHSyt4/Rfh248tYEJmFCJXGHpkK83VIKYJAithNccJ6Q4 +JE/o06Mtf4uh/cA1HUL4a4ceqUhtpLJULLeKo7iNBFGMCV4BBADsyQI7GR0wSAxz +VayLjuPzgT+bjbFeymIhjuxKIEwnIKwYkovztW+4bbOcQs785k3Lp6RzvigTpQQt +Z/hwcLOqZbZw8t/24+D+Pq9mMP2uUvCFFqLlVvA6D3vKSQ/XNN+YB919WQ04jh63 +yuRe94WenT1RJd6xU1aaUff4rKizuQARAQABiJ8EGAECAAkFAlGMCV4CGwwACgkQ +f536aH/uV1rPZQQAqCzRysOlu8ez7PuiBD4SebgRqWlxa1TF1ujzfLmuPivROZ2X +Kw5aQstxgGSjoB7tac49s0huh4X8XK+BtJBfU84JS8Jc2satlfwoyZ35LH6sDZck +I+RS/3we6zpMfHs3vvp9xgca6ZupQxivGtxlJs294TpJorx+mFFqbV17AzQ= +=Thdu +-----END PGP PUBLIC KEY BLOCK----- +""" + +PRIVATE_KEY_2 = """ +-----BEGIN PGP PRIVATE KEY BLOCK----- +Version: GnuPG v1.4.10 (GNU/Linux) + +lQHYBFGMCV4BBADG0yh7jyefxpN+JfWdOn/tFgl0w13bXtVAaA7WdXqwG7nYAuDD +kYKriqqI9x4cNPyC6ifPBnDiZiiv2xKCALimqpcwxe1AGKTrD2WWJrUXzwtqUwp1 +6mdb3Xqi8E21LKal35ZApBbX4RijKuax/BleWt7V2ZEVmYXTcIVV2WoAtwARAQAB +AAP7BLuSAx7tOohnimEs74ks8l/L6dOcsFQZj2bqs4AoY3jFe7bV0tHr4llypb/8 +H3/DYvpf6DWnCjyUS1tTnXSW8JXtx01BUKaAufSmMNg9blKV6GGHlT/Whe9uVyks +7XHk/+9mebVMNJ/kNlqq2k+uWqJohzC8WWLRK+d1tBeqDsECANZmzltPaqUsGV5X +C3zszE3tUBgptV/mKnBtopKi+VH+t7K6fudGcG+bAcZDUoH/QVde52mIIjjIdLje +uajJuHUCAO1mqh+vPoGv4eBLV7iBo3XrunyGXiys4a39eomhxTy3YktQanjjx+ty +GltAGCs5PbWGO6/IRjjvd46wh53kzvsCAO0J97gsWhzLuFnkxFAJSPk7RRlyl7lI +1XS/x0Og6j9XHCyY1OYkfBm0to3UlCfkgirzCYlTYObCofzdKFIPDmSqHbQhYW5v +dGhlcnVzZXIgPGFub3RoZXJ1c2VyQGxlYXAuc2U+iLgEEwECACIFAlGMCV4CGwMG +CwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEH+d+mh/7ldai24D/i0s3gSBSvsh +8vLYeQcDHPDsDiup8w33YMgz2ZmsMZpZGs6fdpUXtVTVQbswOQd8++n9wXB7OgLD +izgigdVz+lWU6RwdLK3j9F+Hbjy1gQmYUIlcYemQrzdUgpgkCK2E1xwnpDgkT+jT +oy1/i6H9wDUdQvhrhx6pSG2kslQst4qjnQHYBFGMCV4BBADsyQI7GR0wSAxzVayL +juPzgT+bjbFeymIhjuxKIEwnIKwYkovztW+4bbOcQs785k3Lp6RzvigTpQQtZ/hw +cLOqZbZw8t/24+D+Pq9mMP2uUvCFFqLlVvA6D3vKSQ/XNN+YB919WQ04jh63yuRe +94WenT1RJd6xU1aaUff4rKizuQARAQABAAP9EyElqJ3dq3EErXwwT4mMnbd1SrVC +rUJrNWQZL59mm5oigS00uIyR0SvusOr+UzTtd8ysRuwHy5d/LAZsbjQStaOMBILx +77TJveOel0a1QK0YSMF2ywZMCKvquvjli4hAtWYz/EwfuzQN3t23jc5ny+GqmqD2 +3FUxLJosFUfLNmECAO9KhVmJi+L9dswIs+2Dkjd1eiRQzNOEVffvYkGYZyKxNiXF +UA5kvyZcB4iAN9sWCybE4WHZ9jd4myGB0MPDGxkCAP1RsXJbbuD6zS7BXe5gwunO +2q4q7ptdSl/sJYQuTe1KNP5d/uGsvlcFfsYjpsopasPjFBIncc/2QThMKlhoEaEB +/0mVAxpT6SrEvUbJ18z7kna24SgMPr3OnPMxPGfvNLJY/Xv/A17YfoqjmByCvsKE +JCDjopXtmbcrZyoEZbEht9mko4ifBBgBAgAJBQJRjAleAhsMAAoJEH+d+mh/7lda +z2UEAKgs0crDpbvHs+z7ogQ+Enm4EalpcWtUxdbo83y5rj4r0TmdlysOWkLLcYBk +o6Ae7WnOPbNIboeF/FyvgbSQX1POCUvCXNrGrZX8KMmd+Sx+rA2XJCPkUv98Hus6 +THx7N776fcYHGumbqUMYrxrcZSbNveE6SaK8fphRam1dewM0 +=a5gs +-----END PGP PRIVATE KEY BLOCK----- +""" +import unittest +if __name__ == "__main__": + unittest.main() diff --git a/src/leap/platform_init/__init__.py b/src/leap/platform_init/__init__.py new file mode 100644 index 00000000..2a262a30 --- /dev/null +++ b/src/leap/platform_init/__init__.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# __init__.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +""" +System constants +""" +import platform + +_system = platform.system() + +IS_WIN = True if _system == "Windows" else False +IS_MAC = True if _system == "Darwin" else False +IS_LINUX = True if _system == "Linux" else False +IS_UNIX = IS_MAC or IS_LINUX diff --git a/src/leap/platform_init/initializers.py b/src/leap/platform_init/initializers.py new file mode 100644 index 00000000..5345f11a --- /dev/null +++ b/src/leap/platform_init/initializers.py @@ -0,0 +1,383 @@ +# -*- coding: utf-8 -*- +# initializers.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +""" +Platform dependant initializing code +""" + +import logging +import os +import platform +import stat +import subprocess +import tempfile + +from PySide import QtGui + +from leap.config.leapsettings import LeapSettings +from leap.services.eip import vpnlaunchers +from leap.util import first + +logger = logging.getLogger(__name__) + +# NOTE we could use a deferToThread here, but should +# be aware of this bug: http://www.themacaque.com/?p=1067 + +__all__ = ["init_platform"] + +_system = platform.system() + + +def init_platform(): + """ + Returns the right initializer for the platform we are running in, or + None if no proper initializer is found + """ + initializer = None + try: + initializer = globals()[_system + "Initializer"] + except: + pass + if initializer: + logger.debug("Running initializer for %s" % (platform.system(),)) + initializer() + else: + logger.debug("Initializer not found for %s" % (platform.system(),)) + + +# +# common utils +# + +NOTFOUND_MSG = ("Tried to install %s, but %s " + "not found inside this bundle.") +BADEXEC_MSG = ("Tried to install %s, but %s " + "failed to %s.") + +UPDOWN_NOTFOUND_MSG = NOTFOUND_MSG % ( + "updown scripts", "those were") +UPDOWN_BADEXEC_MSG = BADEXEC_MSG % ( + "updown scripts", "they", "be copied") + + +def get_missing_updown_dialog(): + """ + Creates a dialog for notifying of missing updown scripts. + Returns that dialog. + + :rtype: QtGui.QMessageBox instance + """ + WE_NEED_POWERS = ("To better protect your privacy, " + "LEAP needs administrative privileges " + "to install helper files. " + "Do you want to proceed?") + msg = QtGui.QMessageBox() + msg.setWindowTitle(msg.tr("Missing up/down scripts")) + msg.setText(msg.tr(WE_NEED_POWERS)) + # but maybe the user really deserve to know more + #msg.setInformativeText(msg.tr(BECAUSE)) + msg.setStandardButtons(QtGui.QMessageBox.Yes | QtGui.QMessageBox.No) + msg.addButton("No, don't ask again", QtGui.QMessageBox.RejectRole) + msg.setDefaultButton(QtGui.QMessageBox.Yes) + return msg + + +def check_missing(): + """ + Checks for the need of installing missing scripts, and + raises a dialog to ask user for permission to do it. + """ + config = LeapSettings() + alert_missing = config.get_alert_missing_scripts() + + launcher = vpnlaunchers.get_platform_launcher() + missing_scripts = launcher.missing_updown_scripts + missing_other = launcher.missing_other_files + + if alert_missing and (missing_scripts() or missing_other()): + msg = get_missing_updown_dialog() + ret = msg.exec_() + + if ret == QtGui.QMessageBox.Yes: + install_missing_fun = globals().get( + "_%s_install_missing_scripts" % (_system.lower(),), + None) + if not install_missing_fun: + logger.warning( + "Installer not found for platform %s." % (_system,)) + return + install_missing_fun( + # XXX maybe move constants to fun + UPDOWN_BADEXEC_MSG, + UPDOWN_NOTFOUND_MSG) + + elif ret == QtGui.QMessageBox.No: + logger.debug("Not installing missing scripts, " + "user decided to ignore our warning.") + + elif ret == QtGui.QMessageBox.Rejected: + logger.debug( + "Setting alert_missing_scripts to False, we will not " + "ask again") + config.set_alert_missing_scripts(False) +# +# windows initializers +# + + +def _windows_has_tap_device(): + """ + Loops over the windows registry trying to find if the tap0901 tap driver + has been installed on this machine. + """ + import _winreg as reg + + adapter_key = 'SYSTEM\CurrentControlSet\Control\Class' \ + '\{4D36E972-E325-11CE-BFC1-08002BE10318}' + with reg.OpenKey(reg.HKEY_LOCAL_MACHINE, adapter_key) as adapters: + try: + for i in xrange(10000): + key_name = reg.EnumKey(adapters, i) + with reg.OpenKey(adapters, key_name) as adapter: + try: + component_id = reg.QueryValueEx(adapter, + 'ComponentId')[0] + if component_id.startswith("tap0901"): + return True + except WindowsError: + pass + except WindowsError: + pass + return False + + +def WindowsInitializer(): + """ + Raises a dialog in case that the windows tap driver has not been found + in the registry, asking the user for permission to install the driver + """ + if not _windows_has_tap_device(): + msg = QtGui.QMessageBox() + msg.setWindowTitle(msg.tr("TAP Driver")) + msg.setText(msg.tr("LEAPClient needs to install the necessary drivers " + "for Encrypted Internet to work. Would you like to " + "proceed?")) + msg.setInformativeText(msg.tr("Encrypted Internet uses VPN, which " + "needs a TAP device installed and none " + "has been found. This will ask for " + "administrative privileges.")) + msg.setStandardButtons(QtGui.QMessageBox.Yes | QtGui.QMessageBox.No) + msg.setDefaultButton(QtGui.QMessageBox.Yes) + ret = msg.exec_() + + if ret == QtGui.QMessageBox.Yes: + # XXX should do this only if executed inside bundle. + # Let's assume it's the only way it's gonna be executed under win + # by now. + driver_path = os.path.join(os.getcwd(), + "apps", + "eip", + "tap_driver") + dev_installer = os.path.join(driver_path, + "devcon.exe") + if os.path.isfile(dev_installer) and \ + stat.S_IXUSR & os.stat(dev_installer)[stat.ST_MODE] != 0: + inf_path = os.path.join(driver_path, + "OemWin2k.inf") + cmd = [dev_installer, "install", inf_path, "tap0901"] + ret = subprocess.call(cmd, stdout=subprocess.PIPE, shell=True) + else: + logger.error("Tried to install TAP driver, but the installer " + "is not found or not executable") + +# +# Darwin initializer functions +# + + +def _darwin_has_tun_kext(): + """ + Returns True only if we found a directory under the system kext folder + containing a kext named tun.kext, AND we found a startup item named 'tun' + """ + # XXX we should be smarter here and use kextstats output. + + has_kext = os.path.isdir("/System/Library/Extensions/tun.kext") + has_startup = os.path.isdir("/System/Library/StartupItems/tun") + has_tun_and_startup = has_kext and has_startup + logger.debug( + 'platform initializer check: has tun_and_startup = %s' % + (has_tun_and_startup,)) + return has_tun_and_startup + + +def _darwin_install_missing_scripts(badexec, notfound): + """ + Tries to install the missing up/down scripts. + + :param badexec: error for notifying execution error during command. + :type badexec: str + :param notfound: error for notifying missing path. + :type notfound: str + """ + # We expect to execute this from some way of bundle, since + # the up/down scripts should be put in place by the installer. + installer_path = os.path.join( + os.getcwd(), + "..", + "Resources", + "openvpn") + launcher = vpnlaunchers.DarwinVPNLauncher + + # TODO should change osascript by use of the proper + # os authorization api. + if os.path.isdir(installer_path): + fd, tempscript = tempfile.mkstemp(prefix="leap_installer-") + try: + cmd = launcher.OSASCRIPT_BIN + scriptlines = launcher.cmd_for_missing_scripts(installer_path) + with os.fdopen(fd, 'w') as f: + f.write(scriptlines) + st = os.stat(tempscript) + os.chmod(tempscript, st.st_mode | stat.S_IEXEC | stat.S_IXUSR | + stat.S_IXGRP | stat.S_IXOTH) + + osascript = launcher.OSX_ASADMIN % ("/bin/sh %s" % (tempscript,),) + cmdline = ["%s -e '%s'" % (cmd, osascript)] + ret = subprocess.call( + cmdline, stdout=subprocess.PIPE, + shell=True) + assert([ret]) # happy flakes + except Exception as exc: + logger.error(badexec) + logger.error("Error was: %r" % (exc,)) + finally: + try: + os.remove(tempscript) + except OSError as exc: + logger.error("%r" % (exc,)) + else: + logger.error(notfound) + logger.debug('path searched: %s' % (installer_path,)) + + +def DarwinInitializer(): + """ + Raises a dialog in case that the osx tuntap driver has not been found + in the registry, asking the user for permission to install the driver + """ + # XXX split this function into several + + TUNTAP_NOTFOUND_MSG = NOTFOUND_MSG % ( + "tuntaposx kext", "the installer") + TUNTAP_BADEXEC_MSG = BADEXEC_MSG % ( + "tuntaposx kext", "the installer", "be launched") + + # TODO DRY this with other cases, and + # factor out to _should_install() function. + # Leave the dialog as a more generic thing. + + if not _darwin_has_tun_kext(): + msg = QtGui.QMessageBox() + msg.setWindowTitle(msg.tr("TUN Driver")) + msg.setText(msg.tr("LEAPClient needs to install the necessary drivers " + "for Encrypted Internet to work. Would you like to " + "proceed?")) + msg.setInformativeText(msg.tr("Encrypted Internet uses VPN, which " + "needs a kernel extension for a TUN " + "device installed, and none " + "has been found. This will ask for " + "administrative privileges.")) + msg.setStandardButtons(QtGui.QMessageBox.Yes | QtGui.QMessageBox.No) + msg.setDefaultButton(QtGui.QMessageBox.Yes) + ret = msg.exec_() + + if ret == QtGui.QMessageBox.Yes: + installer_path = os.path.join( + os.getcwd(), + "..", + "Resources", + "tuntap-installer.app") + if os.path.isdir(installer_path): + cmd = ["open %s" % (installer_path,)] + try: + ret = subprocess.call( + cmd, stdout=subprocess.PIPE, + shell=True) + except: + logger.error(TUNTAP_BADEXEC_MSG) + else: + logger.error(TUNTAP_NOTFOUND_MSG) + + # Second check, for missing scripts. + check_missing() + + +# +# Linux initializers +# + +def _linux_install_missing_scripts(badexec, notfound): + """ + Tries to install the missing up/down scripts. + + :param badexec: error for notifying execution error during command. + :type badexec: str + :param notfound: error for notifying missing path. + :type notfound: str + """ + installer_path = os.path.join( + os.getcwd(), + "apps", "eip", "files") + launcher = vpnlaunchers.LinuxVPNLauncher + + # XXX refactor with darwin, same block. + + if os.path.isdir(installer_path): + fd, tempscript = tempfile.mkstemp(prefix="leap_installer-") + try: + pkexec = first(launcher.maybe_pkexec()) + scriptlines = launcher.cmd_for_missing_scripts(installer_path) + with os.fdopen(fd, 'w') as f: + f.write(scriptlines) + st = os.stat(tempscript) + os.chmod(tempscript, st.st_mode | stat.S_IEXEC | stat.S_IXUSR | + stat.S_IXGRP | stat.S_IXOTH) + cmdline = ["%s %s" % (pkexec, tempscript)] + ret = subprocess.call( + cmdline, stdout=subprocess.PIPE, + shell=True) + assert([ret]) # happy flakes + except Exception as exc: + logger.error(badexec) + logger.error("Error was: %r" % (exc,)) + finally: + try: + os.remove(tempscript) + except OSError as exc: + logger.error("%r" % (exc,)) + else: + logger.error(notfound) + logger.debug('path searched: %s' % (installer_path,)) + + +def LinuxInitializer(): + """ + Raises a dialog in case that either updown scripts or policykit file + are missing or they have incorrect permissions. + """ + check_missing() diff --git a/src/leap/platform_init/locks.py b/src/leap/platform_init/locks.py new file mode 100644 index 00000000..c40c31d0 --- /dev/null +++ b/src/leap/platform_init/locks.py @@ -0,0 +1,312 @@ +# -*- coding: utf-8 -*- +# locks.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +""" +Utilities for handling multi-platform file locking mechanisms +""" +import logging +import errno +import os +import platform + +from leap.common.events import signal as signal_event +from leap.common.events import events_pb2 as proto +from leap import platform_init + +if platform_init.IS_UNIX: + from fcntl import flock, LOCK_EX, LOCK_NB +else: + import glob + import shutil + + from tempfile import gettempdir + +logger = logging.getLogger(__name__) + +if platform_init.IS_UNIX: + + class UnixLock(object): + """ + Uses flock to get an exclusive lock over a file. + See man 2 flock + """ + + def __init__(self, path): + """ + iniializes t he UnixLock with the path of the + desired lockfile + """ + + self._fd = None + self.path = path + + def get_lock(self): + """ + Tries to get a lock, and writes the running pid there if successful + """ + gotit, pid = self._get_lock_and_pid() + return gotit + + def get_pid(self): + """ + Returns the pid of the locking process + """ + gotit, pid = self._get_lock_and_pid() + return pid + + def _get_lock(self): + """ + Tries to get a lock, returning True if successful + + :rtype: bool + """ + self._fd = os.open(self.path, os.O_CREAT | os.O_RDWR) + + try: + flock(self._fd, LOCK_EX | LOCK_NB) + except IOError as exc: + # could not get the lock + #import ipdb; ipdb.set_trace() + + if exc.args[0] in (errno.EDEADLK, errno.EAGAIN): + # errno 11 or 35 + # Resource temporarily unavailable + return False + else: + raise + return True + + @property + def locked_by_us(self): + """ + Returns True if the pid in the pidfile + is ours. + + :rtype: bool + """ + gotit, pid = self._get_lock_and_pid() + return pid == os.getpid() + + def _get_lock_and_pid(self): + """ + Tries to get a lock over the file. + Returns (locked, pid) tuple. + + :rtype: tuple + """ + + if self._get_lock(): + self._write_to_pidfile() + return True, None + + return False, self._read_from_pidfile() + + def _read_from_pidfile(self): + """ + Tries to read pid from the pidfile, + returns False if no content found. + """ + + pidfile = os.read( + self._fd, 16) + if not pidfile: + return False + + try: + return int(pidfile.strip()) + except Exception as exc: + exc.args += (pidfile, self.lock_file) + raise + + def _write_to_pidfile(self): + """ + Writes the pid of the running process + to the pidfile + """ + fd = self._fd + os.ftruncate(fd, 0) + os.write(fd, '%d\n' % os.getpid()) + os.fsync(fd) + + +if platform_init.IS_WIN: + + class WindowsLock(object): + """ + Creates a lock based on the atomic nature of mkdir on Windows + system calls. + """ + LOCKBASE = os.path.join(gettempdir(), "leap-client-lock") + + def __init__(self): + """ + Initializes the lock. + Sets the lock name to basename plus the process pid. + """ + self._fd = None + pid = os.getpid() + self.name = "%s-%s" % (self.LOCKBASE, pid) + self.pid = pid + + def get_lock(self): + """ + Tries to get a lock, and writes the running pid there if successful + """ + gotit = self._get_lock() + return gotit + + def _get_lock(self): + """ + Tries to write to a file with the current pid as part of the name + """ + try: + self._fd = os.makedirs(self.name) + except OSError as exc: + # could not create the dir + if exc.args[0] == 183: + logger.debug('cannot create dir') + # cannot create dir with existing name + return False + else: + raise + return self._is_one_pidfile()[0] + + def _is_one_pidfile(self): + """ + Returns True, pid if there is only one pidfile with the expected + base path + + :rtype: tuple + """ + pidfiles = glob.glob(self.LOCKBASE + '-*') + if len(pidfiles) == 1: + pid = pidfiles[0].split('-')[-1] + return True, int(pid) + else: + return False, None + + def get_pid(self): + """ + Returns the pid of the locking process + + :rtype: int + """ + # XXX assert there is only one? + _, pid = self._is_one_pidfile() + return pid + + def release_lock(self): + """ + Releases the pidfile dir for this process, by removing it. + """ + try: + shutil.rmtree(self.name) + return True + except WindowsError as exc: + if exc.errno in (errno.EPIPE, errno.ENOENT, + errno.ESRCH, errno.EACCES): + logger.warning( + 'exception while trying to remove the lockfile dir') + logger.warning('errno %s: %s' % (exc.errno, exc.args[1])) + # path does not exist + return False + else: + logger.debug('errno = %s' % (exc.errno,)) + # we did not foresee this error, better add it explicitely + raise + + @property + def locked_by_us(self): + """ + Returns True if the pid in the pidfile + is ours. + + :rtype: bool + """ + _, pid = self._is_one_pidfile() + return pid == self.pid + + def write_port(self, port): + """ + Writes the port for windows control to the pidfile folder + Returns True if successful. + + :rtype: bool + """ + if not self.locked_by_us: + logger.warning("Tried to write control port to a " + "non-unique pidfile folder") + return False + port_file = os.path.join(self.name, "port") + with open(port_file, 'w') as f: + f.write("%s" % port) + return True + + def get_control_port(self): + """ + Reads control port of the main instance from the port file + in the pidfile dir + + :rtype: int + """ + pid = self.get_pid() + port_file = os.path.join(self.LOCKBASE + "-%s" % pid, "port") + port = None + try: + with open(port_file) as f: + port_str = f.read() + port = int(port_str.strip()) + except IOError as exc: + if exc.errno == errno.ENOENT: + logger.error("Tried to read port from non-existent file") + else: + # we did not know explicitely about this error + raise + return port + + +def we_are_the_one_and_only(): + """ + Returns True if we are the only instance running, False otherwise. + If we came later, send a raise signal to the main instance of the + application + + :rtype: bool + """ + _sys = platform.system() + + if _sys in ("Linux", "Darwin"): + locker = UnixLock('/tmp/leap-client.lock') + locker.get_lock() + we_are_the_one = locker.locked_by_us + if not we_are_the_one: + signal_event(proto.RAISE_WINDOW) + return we_are_the_one + + elif _sys == "Windows": + locker = WindowsLock() + locker.get_lock() + we_are_the_one = locker.locked_by_us + if not we_are_the_one: + locker.release_lock() + signal_event(proto.RAISE_WINDOW) + return we_are_the_one + + else: + logger.warning("Multi-instance checker " + "not implemented for %s" % (_sys)) + # lies, lies, lies... + return True diff --git a/src/leap/baseapp/__init__.py b/src/leap/provider/__init__.py index e69de29b..e69de29b 100644 --- a/src/leap/baseapp/__init__.py +++ b/src/leap/provider/__init__.py diff --git a/src/leap/provider/supportedapis.py b/src/leap/provider/supportedapis.py new file mode 100644 index 00000000..3e650ba2 --- /dev/null +++ b/src/leap/provider/supportedapis.py @@ -0,0 +1,38 @@ +# -*- coding: utf-8 -*- +# supportedapis.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +""" +API Support check. +""" + + +class SupportedAPIs(object): + """ + Class responsible of checking for API compatibility. + """ + SUPPORTED_APIS = ["1"] + + @classmethod + def supports(self, api_version): + """ + :param api_version: the version number of the api that we need to check + :type api_version: str + + :returns: if that version is supported or not. + :return type: bool + """ + return api_version in self.SUPPORTED_APIS diff --git a/src/leap/services/__init__.py b/src/leap/services/__init__.py new file mode 100644 index 00000000..fc4aa416 --- /dev/null +++ b/src/leap/services/__init__.py @@ -0,0 +1,33 @@ +# -*- coding: utf-8 -*- +# __init__.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +""" +Services module. +""" +DEPLOYED = ["openvpn"] # for 0.2.2 release + + +def get_supported(services): + """ + Returns a list of the available services. + + :param services: a list containing the services to be filtered. + :type services: list of str + + :returns: a list of the available services + :rtype: list of str + """ + return filter(lambda s: s in DEPLOYED, services) diff --git a/src/leap/services/abstractbootstrapper.py b/src/leap/services/abstractbootstrapper.py new file mode 100644 index 00000000..633d818d --- /dev/null +++ b/src/leap/services/abstractbootstrapper.py @@ -0,0 +1,160 @@ +# -*- coding: utf-8 -*- +# abstractbootstrapper.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +""" +Abstract bootstrapper implementation +""" +import logging + +import requests + +from functools import partial + +from PySide import QtCore +from twisted.internet import threads +from leap.common.check import leap_assert, leap_assert_type + +logger = logging.getLogger(__name__) + + +class AbstractBootstrapper(QtCore.QObject): + """ + Abstract Bootstrapper that implements the needed deferred callbacks + """ + + PASSED_KEY = "passed" + ERROR_KEY = "error" + + def __init__(self, bypass_checks=False): + """ + Constructor for the abstract bootstrapper + + :param bypass_checks: Set to true if the app should bypass + first round of checks for CA + certificates at bootstrap + :type bypass_checks: bool + """ + QtCore.QObject.__init__(self) + + leap_assert(self._gui_errback.im_func == + AbstractBootstrapper._gui_errback.im_func, + "Cannot redefine _gui_errback") + leap_assert(self._errback.im_func == + AbstractBootstrapper._errback.im_func, + "Cannot redefine _errback") + leap_assert(self._gui_notify.im_func == + AbstractBootstrapper._gui_notify.im_func, + "Cannot redefine _gui_notify") + + # **************************************************** # + # Dependency injection helpers, override this for more + # granular testing + self._fetcher = requests + # **************************************************** # + + self._session = self._fetcher.session() + self._bypass_checks = bypass_checks + self._signal_to_emit = None + self._err_msg = None + + def _gui_errback(self, failure): + """ + Errback used to notify the GUI of a problem, it should be used + as the last errback of the whole chain. + + Traps all exceptions if a signal is defined, otherwise it just + lets it continue. + + NOTE: This method is final, it should not be redefined. + + :param failure: failure object that Twisted generates + :type failure: twisted.python.failure.Failure + """ + if self._signal_to_emit: + err_msg = self._err_msg \ + if self._err_msg is not None \ + else str(failure.value) + self._signal_to_emit.emit({ + self.PASSED_KEY: False, + self.ERROR_KEY: err_msg + }) + failure.trap(Exception) + + def _errback(self, failure, signal=None): + """ + Regular errback used for the middle of the chain. If it's + executed, the first one will set the signal to emit as + failure. + + NOTE: This method is final, it should not be redefined. + + :param failure: failure object that Twisted generates + :type failure: twisted.python.failure.Failure + :param signal: Signal to emit if it fails here first + :type signal: QtCore.SignalInstance + + :returns: failure object that Twisted generates + :rtype: twisted.python.failure.Failure + """ + if self._signal_to_emit is None: + self._signal_to_emit = signal + return failure + + def _gui_notify(self, _, signal=None): + """ + Callback used to notify the GUI of a success. Will emit signal + if specified + + NOTE: This method is final, it should not be redefined. + + :param _: IGNORED. Returned from the previous callback + :type _: IGNORED + :param signal: Signal to emit if it fails here first + :type signal: QtCore.SignalInstance + """ + if signal: + logger.debug("Emitting %s" % (signal,)) + signal.emit({self.PASSED_KEY: True, self.ERROR_KEY: ""}) + + def _callback_threader(self, cb, res, *args, **kwargs): + return threads.deferToThread(cb, res, *args, **kwargs) + + def addCallbackChain(self, callbacks): + """ + Creates a callback/errback chain on another thread using + deferToThread and adds the _gui_errback to the end to notify + the GUI on an error. + + :param callbacks: List of tuples of callbacks and the signal + associated to that callback + :type callbacks: list(tuple(func, func)) + """ + leap_assert_type(callbacks, list) + + self._signal_to_emit = None + self._err_msg = None + + d = None + for cb, sig in callbacks: + if d is None: + d = threads.deferToThread(cb) + else: + d.addCallback(partial(self._callback_threader, cb)) + d.addErrback(self._errback, signal=sig) + d.addCallback(self._gui_notify, signal=sig) + d.addErrback(self._gui_errback) + return d diff --git a/src/leap/eip/__init__.py b/src/leap/services/eip/__init__.py index e69de29b..e69de29b 100644 --- a/src/leap/eip/__init__.py +++ b/src/leap/services/eip/__init__.py diff --git a/src/leap/services/eip/eipbootstrapper.py b/src/leap/services/eip/eipbootstrapper.py new file mode 100644 index 00000000..b2af0aea --- /dev/null +++ b/src/leap/services/eip/eipbootstrapper.py @@ -0,0 +1,178 @@ +# -*- coding: utf-8 -*- +# eipbootstrapper.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +""" +EIP bootstrapping +""" + +import logging +import os + +from PySide import QtCore + +from leap.common.check import leap_assert, leap_assert_type +from leap.common import certs +from leap.common.files import check_and_fix_urw_only, get_mtime, mkdir_p +from leap.config.providerconfig import ProviderConfig +from leap.crypto.srpauth import SRPAuth +from leap.services.eip.eipconfig import EIPConfig +from leap.util.request_helpers import get_content +from leap.services.abstractbootstrapper import AbstractBootstrapper + +logger = logging.getLogger(__name__) + + +class EIPBootstrapper(AbstractBootstrapper): + """ + Sets up EIP for a provider a series of checks and emits signals + after they are passed. + If a check fails, the subsequent checks are not executed + """ + + # All dicts returned are of the form + # {"passed": bool, "error": str} + download_config = QtCore.Signal(dict) + download_client_certificate = QtCore.Signal(dict) + + def __init__(self): + AbstractBootstrapper.__init__(self) + + self._provider_config = None + self._eip_config = None + self._download_if_needed = False + + def _download_config(self, *args): + """ + Downloads the EIP config for the given provider + """ + + leap_assert(self._provider_config, + "We need a provider configuration!") + + logger.debug("Downloading EIP config for %s" % + (self._provider_config.get_domain(),)) + + self._eip_config = EIPConfig() + + headers = {} + mtime = get_mtime(os.path.join(self._eip_config + .get_path_prefix(), + "leap", + "providers", + self._provider_config.get_domain(), + "eip-service.json")) + + if self._download_if_needed and mtime: + headers['if-modified-since'] = mtime + + # there is some confusion with this uri, + # it's in 1/config/eip, config/eip and config/1/eip... + config_uri = "%s/%s/config/eip-service.json" % ( + self._provider_config.get_api_uri(), + self._provider_config.get_api_version()) + logger.debug('Downloading eip config from: %s' % config_uri) + + res = self._session.get(config_uri, + verify=self._provider_config + .get_ca_cert_path(), + headers=headers) + res.raise_for_status() + + # Not modified + if res.status_code == 304: + logger.debug("EIP definition has not been modified") + else: + eip_definition, mtime = get_content(res) + + self._eip_config.load(data=eip_definition, mtime=mtime) + self._eip_config.save(["leap", + "providers", + self._provider_config.get_domain(), + "eip-service.json"]) + + def _download_client_certificates(self, *args): + """ + Downloads the EIP client certificate for the given provider + """ + leap_assert(self._provider_config, "We need a provider configuration!") + leap_assert(self._eip_config, "We need an eip configuration!") + + logger.debug("Downloading EIP client certificate for %s" % + (self._provider_config.get_domain(),)) + + client_cert_path = self._eip_config.\ + get_client_cert_path(self._provider_config, + about_to_download=True) + + # For re-download if something is wrong with the cert + self._download_if_needed = self._download_if_needed and \ + not certs.should_redownload(client_cert_path) + + if self._download_if_needed and \ + os.path.exists(client_cert_path): + check_and_fix_urw_only(client_cert_path) + return + + srp_auth = SRPAuth(self._provider_config) + session_id = srp_auth.get_session_id() + cookies = None + if session_id: + cookies = {"_session_id": session_id} + cert_uri = "%s/%s/cert" % ( + self._provider_config.get_api_uri(), + self._provider_config.get_api_version()) + logger.debug('getting cert from uri: %s' % cert_uri) + res = self._session.get(cert_uri, + verify=self._provider_config + .get_ca_cert_path(), + cookies=cookies) + res.raise_for_status() + client_cert = res.content + + if not certs.is_valid_pemfile(client_cert): + raise Exception(self.tr("The downloaded certificate is not a " + "valid PEM file")) + + mkdir_p(os.path.dirname(client_cert_path)) + + with open(client_cert_path, "w") as f: + f.write(client_cert) + + check_and_fix_urw_only(client_cert_path) + + def run_eip_setup_checks(self, + provider_config, + download_if_needed=False): + """ + Starts the checks needed for a new eip setup + + :param provider_config: Provider configuration + :type provider_config: ProviderConfig + """ + leap_assert(provider_config, "We need a provider config!") + leap_assert_type(provider_config, ProviderConfig) + + self._provider_config = provider_config + self._download_if_needed = download_if_needed + + cb_chain = [ + (self._download_config, self.download_config), + (self._download_client_certificates, + self.download_client_certificate) + ] + + return self.addCallbackChain(cb_chain) diff --git a/src/leap/services/eip/eipconfig.py b/src/leap/services/eip/eipconfig.py new file mode 100644 index 00000000..9e3a9b29 --- /dev/null +++ b/src/leap/services/eip/eipconfig.py @@ -0,0 +1,260 @@ +# -*- coding: utf-8 -*- +# eipconfig.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +""" +Provider configuration +""" +import logging +import os +import re +import time + +import ipaddr + +from leap.common.check import leap_assert, leap_assert_type +from leap.common.config.baseconfig import BaseConfig +from leap.config.providerconfig import ProviderConfig +from leap.services.eip.eipspec import eipservice_config_spec + +logger = logging.getLogger(__name__) + + +class VPNGatewaySelector(object): + """ + VPN Gateway selector. + """ + # http://www.timeanddate.com/time/map/ + equivalent_timezones = {13: -11, 14: -10} + + def __init__(self, eipconfig, tz_offset=None): + ''' + Constructor for VPNGatewaySelector. + + :param eipconfig: a valid EIP Configuration. + :type eipconfig: EIPConfig + :param tz_offset: use this offset as a local distance to GMT. + :type tz_offset: int + ''' + leap_assert_type(eipconfig, EIPConfig) + + self._local_offset = tz_offset + if tz_offset is None: + tz_offset = self._get_local_offset() + + if tz_offset in self.equivalent_timezones: + tz_offset = self.equivalent_timezones[tz_offset] + + self._local_offset = tz_offset + + self._eipconfig = eipconfig + + def get_gateways(self): + """ + Returns the 4 best gateways, sorted by timezone proximity. + + :rtype: list of IPv4Address or IPv6Address object. + """ + gateways_timezones = [] + locations = self._eipconfig.get_locations() + gateways = self._eipconfig.get_gateways() + + for idx, gateway in enumerate(gateways): + gateway_location = gateway.get('location') + gateway_distance = 99 # if hasn't location -> should go last + + if gateway_location is not None: + gw_offset = int(locations[gateway['location']]['timezone']) + if gw_offset in self.equivalent_timezones: + gw_offset = self.equivalent_timezones[gw_offset] + + gateway_distance = self._get_timezone_distance(gw_offset) + + ip = self._eipconfig.get_gateway_ip(idx) + gateways_timezones.append((ip, gateway_distance)) + + gateways_timezones = sorted(gateways_timezones, + key=lambda gw: gw[1])[:4] + + gateways = [ip for ip, dist in gateways_timezones] + return gateways + + def _get_timezone_distance(self, offset): + ''' + Returns the distance between the local timezone and + the one with offset 'offset'. + + :param offset: the distance of a timezone to GMT. + :type offset: int + :returns: distance between local offset and param offset. + :rtype: int + ''' + timezones = range(-11, 13) + tz1 = offset + tz2 = self._local_offset + distance = abs(timezones.index(tz1) - timezones.index(tz2)) + if distance > 12: + if tz1 < 0: + distance = timezones.index(tz1) + timezones[::-1].index(tz2) + else: + distance = timezones[::-1].index(tz1) + timezones.index(tz2) + + return distance + + def _get_local_offset(self): + ''' + Returns the distance between GMT and the local timezone. + + :rtype: int + ''' + local_offset = time.timezone + if time.daylight: + local_offset = time.altzone + + return local_offset / 3600 + + +class EIPConfig(BaseConfig): + """ + Provider configuration abstraction class + """ + OPENVPN_ALLOWED_KEYS = ("auth", "cipher", "tls-cipher") + OPENVPN_CIPHERS_REGEX = re.compile("[A-Z0-9\-]+") + + def __init__(self): + BaseConfig.__init__(self) + + def _get_spec(self): + """ + Returns the spec object for the specific configuration + """ + return eipservice_config_spec + + def get_clusters(self): + # TODO: create an abstraction for clusters + return self._safe_get_value("clusters") + + def get_gateways(self): + # TODO: create an abstraction for gateways + return self._safe_get_value("gateways") + + def get_locations(self): + ''' + Returns a list of locations + + :rtype: dict + ''' + return self._safe_get_value("locations") + + def get_openvpn_configuration(self): + """ + Returns a dictionary containing the openvpn configuration + parameters. + + These are sanitized with alphanumeric whitelist. + + :returns: openvpn configuration dict + :rtype: C{dict} + """ + ovpncfg = self._safe_get_value("openvpn_configuration") + config = {} + for key, value in ovpncfg.items(): + if key in self.OPENVPN_ALLOWED_KEYS and value is not None: + sanitized_val = self.OPENVPN_CIPHERS_REGEX.findall(value) + if len(sanitized_val) != 0: + _val = sanitized_val[0] + config[str(key)] = str(_val) + return config + + def get_serial(self): + return self._safe_get_value("serial") + + def get_version(self): + return self._safe_get_value("version") + + def get_gateway_ip(self, index=0): + """ + Returns the ip of the gateway. + + :rtype: An IPv4Address or IPv6Address object. + """ + gateways = self.get_gateways() + leap_assert(len(gateways) > 0, "We don't have any gateway!") + if index > len(gateways): + index = 0 + logger.warning("Provided an unknown gateway index %s, " + + "defaulting to 0") + ip_addr_str = gateways[index]["ip_address"] + + try: + ipaddr.IPAddress(ip_addr_str) + return ip_addr_str + except ValueError: + logger.error("Invalid ip address in config: %s" % (ip_addr_str,)) + return None + + def get_client_cert_path(self, + providerconfig=None, + about_to_download=False): + """ + Returns the path to the certificate used by openvpn + """ + + leap_assert(providerconfig, "We need a provider") + leap_assert_type(providerconfig, ProviderConfig) + + cert_path = os.path.join(self.get_path_prefix(), + "leap", + "providers", + providerconfig.get_domain(), + "keys", + "client", + "openvpn.pem") + + if not about_to_download: + leap_assert(os.path.exists(cert_path), + "You need to download the certificate first") + logger.debug("Using OpenVPN cert %s" % (cert_path,)) + + return cert_path + + +if __name__ == "__main__": + logger = logging.getLogger(name='leap') + logger.setLevel(logging.DEBUG) + console = logging.StreamHandler() + console.setLevel(logging.DEBUG) + formatter = logging.Formatter( + '%(asctime)s ' + '- %(name)s - %(levelname)s - %(message)s') + console.setFormatter(formatter) + logger.addHandler(console) + + eipconfig = EIPConfig() + + try: + eipconfig.get_clusters() + except Exception as e: + assert isinstance(e, AssertionError), "Expected an assert" + print "Safe value getting is working" + + if eipconfig.load("leap/providers/bitmask.net/eip-service.json"): + print eipconfig.get_clusters() + print eipconfig.get_gateways() + print eipconfig.get_locations() + print eipconfig.get_openvpn_configuration() + print eipconfig.get_serial() + print eipconfig.get_version() diff --git a/src/leap/services/eip/eipspec.py b/src/leap/services/eip/eipspec.py new file mode 100644 index 00000000..94ba674f --- /dev/null +++ b/src/leap/services/eip/eipspec.py @@ -0,0 +1,65 @@ +# -*- coding: utf-8 -*- +# eipspec.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +eipservice_config_spec = { + 'description': 'sample eip service config', + 'type': 'object', + 'properties': { + 'serial': { + 'type': int, + 'default': 1, + 'required': ["True"] + }, + 'version': { + 'type': int, + 'default': 1, + 'required': ["True"] + }, + 'clusters': { + 'type': list, + 'default': [ + {"label": { + "en": "Location Unknown"}, + "name": "location_unknown"}] + }, + 'gateways': { + 'type': list, + 'default': [ + {"capabilities": { + "adblock": True, + "filter_dns": True, + "ports": ["80", "53", "443", "1194"], + "protocols": ["udp", "tcp"], + "transport": ["openvpn"], + "user_ips": False}, + "cluster": "location_unknown", + "host": "location.example.org", + "ip_address": "127.0.0.1"}] + }, + 'locations': { + 'type': dict, + 'default': {} + }, + 'openvpn_configuration': { + 'type': dict, + 'default': { + "auth": None, + "cipher": None, + "tls-cipher": None} + } + } +} diff --git a/src/leap/services/eip/providerbootstrapper.py b/src/leap/services/eip/providerbootstrapper.py new file mode 100644 index 00000000..754d0643 --- /dev/null +++ b/src/leap/services/eip/providerbootstrapper.py @@ -0,0 +1,311 @@ +# -*- coding: utf-8 -*- +# providerbootstrapper.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +""" +Provider bootstrapping +""" +import logging +import socket +import os + +import requests + +from PySide import QtCore + +from leap.common.certs import get_digest +from leap.common.files import check_and_fix_urw_only, get_mtime, mkdir_p +from leap.common.check import leap_assert, leap_assert_type +from leap.config.providerconfig import ProviderConfig +from leap.util.request_helpers import get_content +from leap.services.abstractbootstrapper import AbstractBootstrapper +from leap.provider.supportedapis import SupportedAPIs + + +logger = logging.getLogger(__name__) + + +class UnsupportedProviderAPI(Exception): + """ + Raised when attempting to use a provider with an incompatible API. + """ + pass + + +class ProviderBootstrapper(AbstractBootstrapper): + """ + Given a provider URL performs a series of checks and emits signals + after they are passed. + If a check fails, the subsequent checks are not executed + """ + + # All dicts returned are of the form + # {"passed": bool, "error": str} + name_resolution = QtCore.Signal(dict) + https_connection = QtCore.Signal(dict) + download_provider_info = QtCore.Signal(dict) + + download_ca_cert = QtCore.Signal(dict) + check_ca_fingerprint = QtCore.Signal(dict) + check_api_certificate = QtCore.Signal(dict) + + def __init__(self, bypass_checks=False): + """ + Constructor for provider bootstrapper object + + :param bypass_checks: Set to true if the app should bypass + first round of checks for CA certificates at bootstrap + :type bypass_checks: bool + """ + AbstractBootstrapper.__init__(self, bypass_checks) + + self._domain = None + self._provider_config = None + self._download_if_needed = False + + def _check_name_resolution(self): + """ + Checks that the name resolution for the provider name works + """ + leap_assert(self._domain, "Cannot check DNS without a domain") + + logger.debug("Checking name resolution for %s" % (self._domain)) + + # We don't skip this check, since it's basic for the whole + # system to work + socket.gethostbyname(self._domain) + + def _check_https(self, *args): + """ + Checks that https is working and that the provided certificate + checks out + """ + + leap_assert(self._domain, "Cannot check HTTPS without a domain") + + logger.debug("Checking https for %s" % (self._domain)) + + # We don't skip this check, since it's basic for the whole + # system to work + + try: + res = self._session.get("https://%s" % (self._domain,), + verify=not self._bypass_checks) + res.raise_for_status() + except requests.exceptions.SSLError: + self._err_msg = self.tr("Provider certificate could " + "not be verified") + raise + except Exception: + self._err_msg = self.tr("Provider does not support HTTPS") + raise + + def _download_provider_info(self, *args): + """ + Downloads the provider.json defition + """ + leap_assert(self._domain, + "Cannot download provider info without a domain") + + logger.debug("Downloading provider info for %s" % (self._domain)) + + headers = {} + mtime = get_mtime(os.path.join(ProviderConfig() + .get_path_prefix(), + "leap", + "providers", + self._domain, + "provider.json")) + if self._download_if_needed and mtime: + headers['if-modified-since'] = mtime + + res = self._session.get("https://%s/%s" % (self._domain, + "provider.json"), + headers=headers, + verify=not self._bypass_checks) + res.raise_for_status() + + # Not modified + if res.status_code == 304: + logger.debug("Provider definition has not been modified") + else: + provider_definition, mtime = get_content(res) + + provider_config = ProviderConfig() + provider_config.load(data=provider_definition, mtime=mtime) + provider_config.save(["leap", + "providers", + self._domain, + "provider.json"]) + + api_version = provider_config.get_api_version() + if SupportedAPIs.supports(api_version): + logger.debug("Provider definition has been modified") + else: + api_supported = ', '.join(SupportedAPIs.SUPPORTED_APIS) + error = ('Unsupported provider API version. ' + 'Supported versions are: {}. ' + 'Found: {}.').format(api_supported, api_version) + + logger.error(error) + raise UnsupportedProviderAPI(error) + + def run_provider_select_checks(self, domain, download_if_needed=False): + """ + Populates the check queue. + + :param domain: domain to check + :type domain: str + + :param download_if_needed: if True, makes the checks do not + overwrite already downloaded data + :type download_if_needed: bool + """ + leap_assert(domain and len(domain) > 0, "We need a domain!") + + self._domain = domain + self._download_if_needed = download_if_needed + + cb_chain = [ + (self._check_name_resolution, self.name_resolution), + (self._check_https, self.https_connection), + (self._download_provider_info, self.download_provider_info) + ] + + return self.addCallbackChain(cb_chain) + + def _should_proceed_cert(self): + """ + Returns False if the certificate already exists for the given + provider. True otherwise + + :rtype: bool + """ + leap_assert(self._provider_config, "We need a provider config!") + + if not self._download_if_needed: + return True + + return not os.path.exists(self._provider_config + .get_ca_cert_path(about_to_download=True)) + + def _download_ca_cert(self, *args): + """ + Downloads the CA cert that is going to be used for the api URL + """ + + leap_assert(self._provider_config, "Cannot download the ca cert " + "without a provider config!") + + logger.debug("Downloading ca cert for %s at %s" % + (self._domain, self._provider_config.get_ca_cert_uri())) + + if not self._should_proceed_cert(): + check_and_fix_urw_only( + self._provider_config + .get_ca_cert_path(about_to_download=True)) + return + + res = self._session.get(self._provider_config.get_ca_cert_uri(), + verify=not self._bypass_checks) + res.raise_for_status() + + cert_path = self._provider_config.get_ca_cert_path( + about_to_download=True) + cert_dir = os.path.dirname(cert_path) + mkdir_p(cert_dir) + with open(cert_path, "w") as f: + f.write(res.content) + + check_and_fix_urw_only(cert_path) + + def _check_ca_fingerprint(self, *args): + """ + Checks the CA cert fingerprint against the one provided in the + json definition + """ + leap_assert(self._provider_config, "Cannot check the ca cert " + "without a provider config!") + + logger.debug("Checking ca fingerprint for %s and cert %s" % + (self._domain, + self._provider_config.get_ca_cert_path())) + + if not self._should_proceed_cert(): + return + + parts = self._provider_config.get_ca_cert_fingerprint().split(":") + leap_assert(len(parts) == 2, "Wrong fingerprint format") + + method = parts[0].strip() + fingerprint = parts[1].strip() + cert_data = None + with open(self._provider_config.get_ca_cert_path()) as f: + cert_data = f.read() + + leap_assert(len(cert_data) > 0, "Could not read certificate data") + digest = get_digest(cert_data, method) + leap_assert(digest == fingerprint, + "Downloaded certificate has a different fingerprint!") + + def _check_api_certificate(self, *args): + """ + Tries to make an API call with the downloaded cert and checks + if it validates against it + """ + leap_assert(self._provider_config, "Cannot check the ca cert " + "without a provider config!") + + logger.debug("Checking api certificate for %s and cert %s" % + (self._provider_config.get_api_uri(), + self._provider_config.get_ca_cert_path())) + + if not self._should_proceed_cert(): + return + + test_uri = "%s/%s/cert" % (self._provider_config.get_api_uri(), + self._provider_config.get_api_version()) + res = self._session.get(test_uri, + verify=self._provider_config + .get_ca_cert_path()) + res.raise_for_status() + + def run_provider_setup_checks(self, + provider_config, + download_if_needed=False): + """ + Starts the checks needed for a new provider setup. + + :param provider_config: Provider configuration + :type provider_config: ProviderConfig + + :param download_if_needed: if True, makes the checks do not + overwrite already downloaded data. + :type download_if_needed: bool + """ + leap_assert(provider_config, "We need a provider config!") + leap_assert_type(provider_config, ProviderConfig) + + self._provider_config = provider_config + self._download_if_needed = download_if_needed + + cb_chain = [ + (self._download_ca_cert, self.download_ca_cert), + (self._check_ca_fingerprint, self.check_ca_fingerprint), + (self._check_api_certificate, self.check_api_certificate) + ] + + return self.addCallbackChain(cb_chain) diff --git a/src/leap/eip/tests/__init__.py b/src/leap/services/eip/tests/__init__.py index e69de29b..e69de29b 100644 --- a/src/leap/eip/tests/__init__.py +++ b/src/leap/services/eip/tests/__init__.py diff --git a/src/leap/services/eip/tests/test_eipbootstrapper.py b/src/leap/services/eip/tests/test_eipbootstrapper.py new file mode 100644 index 00000000..f2331eca --- /dev/null +++ b/src/leap/services/eip/tests/test_eipbootstrapper.py @@ -0,0 +1,347 @@ +# -*- coding: utf-8 -*- +# test_eipbootstrapper.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + + +""" +Tests for the EIP Boostrapper checks + +These will be whitebox tests since we want to make sure the private +implementation is checking what we expect. +""" + +import os +import mock +import tempfile +import time +try: + import unittest2 as unittest +except ImportError: + import unittest + +from nose.twistedtools import deferred, reactor +from twisted.internet import threads +from requests.models import Response + +from leap.common.testing.basetest import BaseLeapTest +from leap.services.eip.eipbootstrapper import EIPBootstrapper +from leap.services.eip.eipconfig import EIPConfig +from leap.config.providerconfig import ProviderConfig +from leap.crypto.tests import fake_provider +from leap.common.files import mkdir_p +from leap.crypto.srpauth import SRPAuth + + +class EIPBootstrapperActiveTest(BaseLeapTest): + @classmethod + def setUpClass(cls): + BaseLeapTest.setUpClass() + factory = fake_provider.get_provider_factory() + http = reactor.listenTCP(0, factory) + https = reactor.listenSSL( + 0, factory, + fake_provider.OpenSSLServerContextFactory()) + get_port = lambda p: p.getHost().port + cls.http_port = get_port(http) + cls.https_port = get_port(https) + + def setUp(self): + self.eb = EIPBootstrapper() + self.old_pp = EIPConfig.get_path_prefix + self.old_save = EIPConfig.save + self.old_load = EIPConfig.load + self.old_si = SRPAuth.get_session_id + + def tearDown(self): + EIPConfig.get_path_prefix = self.old_pp + EIPConfig.save = self.old_save + EIPConfig.load = self.old_load + SRPAuth.get_session_id = self.old_si + + def _download_config_test_template(self, ifneeded, new): + """ + All download config tests have the same structure, so this is + a parametrized test for that. + + :param ifneeded: sets _download_if_needed + :type ifneeded: bool + :param new: if True uses time.time() as mtime for the mocked + eip-service file, otherwise it uses 100 (a really + old mtime) + :type new: float or int (will be coersed) + """ + pc = ProviderConfig() + pc.get_domain = mock.MagicMock( + return_value="localhost:%s" % (self.https_port)) + self.eb._provider_config = pc + + pc.get_api_uri = mock.MagicMock( + return_value="https://%s" % (pc.get_domain())) + pc.get_api_version = mock.MagicMock(return_value="1") + + # This is to ignore https checking, since it's not the point + # of this test + pc.get_ca_cert_path = mock.MagicMock(return_value=False) + + path_prefix = tempfile.mkdtemp() + EIPConfig.get_path_prefix = mock.MagicMock(return_value=path_prefix) + EIPConfig.save = mock.MagicMock() + EIPConfig.load = mock.MagicMock() + + self.eb._download_if_needed = ifneeded + + provider_dir = os.path.join(EIPConfig.get_path_prefix(), + "leap", + "providers", + pc.get_domain()) + mkdir_p(provider_dir) + eip_config_path = os.path.join(provider_dir, + "eip-service.json") + + with open(eip_config_path, "w") as ec: + ec.write("A") + + # set mtime to something really new + if new: + os.utime(eip_config_path, (-1, time.time())) + else: + os.utime(eip_config_path, (-1, 100)) + + @deferred() + def test_download_config_not_modified(self): + self._download_config_test_template(True, True) + + d = threads.deferToThread(self.eb._download_config) + + def check(*args): + self.assertFalse(self.eb._eip_config.save.called) + d.addCallback(check) + return d + + @deferred() + def test_download_config_modified(self): + self._download_config_test_template(True, False) + + d = threads.deferToThread(self.eb._download_config) + + def check(*args): + self.assertTrue(self.eb._eip_config.save.called) + d.addCallback(check) + return d + + @deferred() + def test_download_config_ignores_mtime(self): + self._download_config_test_template(False, True) + + d = threads.deferToThread(self.eb._download_config) + + def check(*args): + self.eb._eip_config.save.assert_called_once_with( + ["leap", + "providers", + self.eb._provider_config.get_domain(), + "eip-service.json"]) + d.addCallback(check) + return d + + def _download_certificate_test_template(self, ifneeded, createcert): + """ + All download client certificate tests have the same structure, + so this is a parametrized test for that. + + :param ifneeded: sets _download_if_needed + :type ifneeded: bool + :param createcert: if True it creates a dummy file to play the + part of a downloaded certificate + :type createcert: bool + + :returns: the temp eip cert path and the dummy cert contents + :rtype: tuple of str, str + """ + pc = ProviderConfig() + ec = EIPConfig() + self.eb._provider_config = pc + self.eb._eip_config = ec + + pc.get_domain = mock.MagicMock( + return_value="localhost:%s" % (self.https_port)) + pc.get_api_uri = mock.MagicMock( + return_value="https://%s" % (pc.get_domain())) + pc.get_api_version = mock.MagicMock(return_value="1") + pc.get_ca_cert_path = mock.MagicMock(return_value=False) + + path_prefix = tempfile.mkdtemp() + EIPConfig.get_path_prefix = mock.MagicMock(return_value=path_prefix) + EIPConfig.save = mock.MagicMock() + EIPConfig.load = mock.MagicMock() + + self.eb._download_if_needed = ifneeded + + provider_dir = os.path.join(EIPConfig.get_path_prefix(), + "leap", + "providers", + "somedomain") + mkdir_p(provider_dir) + eip_cert_path = os.path.join(provider_dir, + "cert") + + ec.get_client_cert_path = mock.MagicMock( + return_value=eip_cert_path) + + cert_content = "A" + if createcert: + with open(eip_cert_path, "w") as ec: + ec.write(cert_content) + + return eip_cert_path, cert_content + + def test_download_client_certificate_not_modified(self): + cert_path, old_cert_content = self._download_certificate_test_template( + True, True) + + with mock.patch('leap.common.certs.should_redownload', + new_callable=mock.MagicMock, + return_value=False): + self.eb._download_client_certificates() + with open(cert_path, "r") as c: + self.assertEqual(c.read(), old_cert_content) + + @deferred() + def test_download_client_certificate_old_cert(self): + cert_path, old_cert_content = self._download_certificate_test_template( + True, True) + + def wrapper(*args): + with mock.patch('leap.common.certs.should_redownload', + new_callable=mock.MagicMock, + return_value=True): + with mock.patch('leap.common.certs.is_valid_pemfile', + new_callable=mock.MagicMock, + return_value=True): + self.eb._download_client_certificates() + + def check(*args): + with open(cert_path, "r") as c: + self.assertNotEqual(c.read(), old_cert_content) + d = threads.deferToThread(wrapper) + d.addCallback(check) + + return d + + @deferred() + def test_download_client_certificate_no_cert(self): + cert_path, _ = self._download_certificate_test_template( + True, False) + + def wrapper(*args): + with mock.patch('leap.common.certs.should_redownload', + new_callable=mock.MagicMock, + return_value=False): + with mock.patch('leap.common.certs.is_valid_pemfile', + new_callable=mock.MagicMock, + return_value=True): + self.eb._download_client_certificates() + + def check(*args): + self.assertTrue(os.path.exists(cert_path)) + d = threads.deferToThread(wrapper) + d.addCallback(check) + + return d + + @deferred() + def test_download_client_certificate_force_not_valid(self): + cert_path, old_cert_content = self._download_certificate_test_template( + True, True) + + def wrapper(*args): + with mock.patch('leap.common.certs.should_redownload', + new_callable=mock.MagicMock, + return_value=True): + with mock.patch('leap.common.certs.is_valid_pemfile', + new_callable=mock.MagicMock, + return_value=True): + self.eb._download_client_certificates() + + def check(*args): + with open(cert_path, "r") as c: + self.assertNotEqual(c.read(), old_cert_content) + d = threads.deferToThread(wrapper) + d.addCallback(check) + + return d + + @deferred() + def test_download_client_certificate_invalid_download(self): + cert_path, _ = self._download_certificate_test_template( + False, False) + + def wrapper(*args): + with mock.patch('leap.common.certs.should_redownload', + new_callable=mock.MagicMock, + return_value=True): + with mock.patch('leap.common.certs.is_valid_pemfile', + new_callable=mock.MagicMock, + return_value=False): + with self.assertRaises(Exception): + self.eb._download_client_certificates() + d = threads.deferToThread(wrapper) + + return d + + @deferred() + def test_download_client_certificate_uses_session_id(self): + _, _ = self._download_certificate_test_template( + False, False) + + SRPAuth.get_session_id = mock.MagicMock(return_value="1") + + def check_cookie(*args, **kwargs): + cookies = kwargs.get("cookies", None) + self.assertEqual(cookies, {'_session_id': '1'}) + return Response() + + def wrapper(*args): + with mock.patch('leap.common.certs.should_redownload', + new_callable=mock.MagicMock, + return_value=False): + with mock.patch('leap.common.certs.is_valid_pemfile', + new_callable=mock.MagicMock, + return_value=True): + with mock.patch('requests.sessions.Session.get', + new_callable=mock.MagicMock, + side_effect=check_cookie): + with mock.patch('requests.models.Response.content', + new_callable=mock.PropertyMock, + return_value="A"): + self.eb._download_client_certificates() + + d = threads.deferToThread(wrapper) + + return d + + @deferred() + def test_run_eip_setup_checks(self): + self.eb._download_config = mock.MagicMock() + self.eb._download_client_certificates = mock.MagicMock() + + d = self.eb.run_eip_setup_checks(ProviderConfig()) + + def check(*args): + self.eb._download_config.assert_called_once_with() + self.eb._download_client_certificates.assert_called_once_with(None) + d.addCallback(check) + return d diff --git a/src/leap/services/eip/tests/test_eipconfig.py b/src/leap/services/eip/tests/test_eipconfig.py new file mode 100644 index 00000000..8b746b78 --- /dev/null +++ b/src/leap/services/eip/tests/test_eipconfig.py @@ -0,0 +1,313 @@ +# -*- coding: utf-8 -*- +# test_eipconfig.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +""" +Tests for eipconfig +""" +import copy +import json +import os +import unittest + +from leap.common.testing.basetest import BaseLeapTest +from leap.services.eip.eipconfig import EIPConfig +from leap.config.providerconfig import ProviderConfig + +from mock import Mock + + +sample_config = { + "gateways": [ + { + "capabilities": { + "adblock": False, + "filter_dns": True, + "limited": True, + "ports": [ + "1194", + "443", + "53", + "80"], + "protocols": [ + "tcp", + "udp"], + "transport": ["openvpn"], + "user_ips": False}, + "host": "host.dev.example.org", + "ip_address": "11.22.33.44", + "location": "cyberspace" + }, { + "capabilities": { + "adblock": False, + "filter_dns": True, + "limited": True, + "ports": [ + "1194", + "443", + "53", + "80"], + "protocols": [ + "tcp", + "udp"], + "transport": ["openvpn"], + "user_ips": False}, + "host": "host2.dev.example.org", + "ip_address": "22.33.44.55", + "location": "cyberspace" + } + ], + "locations": { + "ankara": { + "country_code": "XX", + "hemisphere": "S", + "name": "Antarctica", + "timezone": "+2" + }, + "cyberspace": { + "country_code": "XX", + "hemisphere": "X", + "name": "outer space", + "timezone": "" + } + }, + "openvpn_configuration": { + "auth": "SHA1", + "cipher": "AES-128-CBC", + "tls-cipher": "DHE-RSA-AES128-SHA" + }, + "serial": 1, + "version": 1 +} + + +class EIPConfigTest(BaseLeapTest): + + __name__ = "eip_config_tests" + + maxDiff = None + + def setUp(self): + self._old_ospath_exists = os.path.exists + + def tearDown(self): + os.path.exists = self._old_ospath_exists + + def _write_config(self, data): + """ + Helper to write some data to a temp config file. + + :param data: data to be used to save in the config file. + :data type: dict (valid json) + """ + self.configfile = os.path.join(self.tempdir, "eipconfig.json") + conf = open(self.configfile, "w") + conf.write(json.dumps(data)) + conf.close() + + def _get_eipconfig(self, fromfile=True, data=sample_config): + """ + Helper that returns an EIPConfig object using the data parameter + or a sample data. + + :param fromfile: sets if we should use a file or a string + :fromfile type: bool + :param data: sets the data to be used to load in the EIPConfig object + :data type: dict (valid json) + :rtype: EIPConfig + """ + config = EIPConfig() + + loaded = False + if fromfile: + self._write_config(data) + loaded = config.load(self.configfile, relative=False) + else: + json_string = json.dumps(data) + loaded = config.load(data=json_string) + + if not loaded: + return None + + return config + + def test_loads_from_file(self): + config = self._get_eipconfig() + self.assertIsNotNone(config) + + def test_loads_from_data(self): + config = self._get_eipconfig(fromfile=False) + self.assertIsNotNone(config) + + def test_load_valid_config_from_file(self): + config = self._get_eipconfig() + self.assertIsNotNone(config) + + self.assertEqual( + config.get_openvpn_configuration(), + sample_config["openvpn_configuration"]) + + sample_ip = sample_config["gateways"][0]["ip_address"] + self.assertEqual( + config.get_gateway_ip(), + sample_ip) + self.assertEqual(config.get_version(), sample_config["version"]) + self.assertEqual(config.get_serial(), sample_config["serial"]) + self.assertEqual(config.get_gateways(), sample_config["gateways"]) + self.assertEqual(config.get_locations(), sample_config["locations"]) + self.assertEqual(config.get_clusters(), None) + + def test_load_valid_config_from_data(self): + config = self._get_eipconfig(fromfile=False) + self.assertIsNotNone(config) + + self.assertEqual( + config.get_openvpn_configuration(), + sample_config["openvpn_configuration"]) + + sample_ip = sample_config["gateways"][0]["ip_address"] + self.assertEqual( + config.get_gateway_ip(), + sample_ip) + + self.assertEqual(config.get_version(), sample_config["version"]) + self.assertEqual(config.get_serial(), sample_config["serial"]) + self.assertEqual(config.get_gateways(), sample_config["gateways"]) + self.assertEqual(config.get_locations(), sample_config["locations"]) + self.assertEqual(config.get_clusters(), None) + + def test_sanitize_extra_parameters(self): + data = copy.deepcopy(sample_config) + data['openvpn_configuration']["extra_param"] = "FOO" + config = self._get_eipconfig(data=data) + + self.assertEqual( + config.get_openvpn_configuration(), + sample_config["openvpn_configuration"]) + + def test_sanitize_non_allowed_chars(self): + data = copy.deepcopy(sample_config) + data['openvpn_configuration']["auth"] = "SHA1;" + config = self._get_eipconfig(data=data) + + self.assertEqual( + config.get_openvpn_configuration(), + sample_config["openvpn_configuration"]) + + data = copy.deepcopy(sample_config) + data['openvpn_configuration']["auth"] = "SHA1>`&|" + config = self._get_eipconfig(data=data) + + self.assertEqual( + config.get_openvpn_configuration(), + sample_config["openvpn_configuration"]) + + def test_sanitize_lowercase(self): + data = copy.deepcopy(sample_config) + data['openvpn_configuration']["auth"] = "shaSHA1" + config = self._get_eipconfig(data=data) + + self.assertEqual( + config.get_openvpn_configuration(), + sample_config["openvpn_configuration"]) + + def test_all_characters_invalid(self): + data = copy.deepcopy(sample_config) + data['openvpn_configuration']["auth"] = "sha&*!@#;" + config = self._get_eipconfig(data=data) + + self.assertEqual( + config.get_openvpn_configuration(), + {'cipher': 'AES-128-CBC', + 'tls-cipher': 'DHE-RSA-AES128-SHA'}) + + def test_sanitize_bad_ip(self): + data = copy.deepcopy(sample_config) + data['gateways'][0]["ip_address"] = "11.22.33.44;" + config = self._get_eipconfig(data=data) + + self.assertEqual(config.get_gateway_ip(), None) + + data = copy.deepcopy(sample_config) + data['gateways'][0]["ip_address"] = "11.22.33.44`" + config = self._get_eipconfig(data=data) + + self.assertEqual(config.get_gateway_ip(), None) + + def test_default_gateway_on_unknown_index(self): + config = self._get_eipconfig() + sample_ip = sample_config["gateways"][0]["ip_address"] + self.assertEqual(config.get_gateway_ip(999), sample_ip) + + def test_get_gateway_by_index(self): + config = self._get_eipconfig() + sample_ip_0 = sample_config["gateways"][0]["ip_address"] + sample_ip_1 = sample_config["gateways"][1]["ip_address"] + self.assertEqual(config.get_gateway_ip(0), sample_ip_0) + self.assertEqual(config.get_gateway_ip(1), sample_ip_1) + + def test_get_client_cert_path_as_expected(self): + config = self._get_eipconfig() + config.get_path_prefix = Mock(return_value='test') + + provider_config = ProviderConfig() + + # mock 'get_domain' so we don't need to load a config + provider_domain = 'test.provider.com' + provider_config.get_domain = Mock(return_value=provider_domain) + + expected_path = os.path.join('test', 'leap', 'providers', + provider_domain, 'keys', 'client', + 'openvpn.pem') + + # mock 'os.path.exists' so we don't get an error for unexisting file + os.path.exists = Mock(return_value=True) + cert_path = config.get_client_cert_path(provider_config) + + self.assertEqual(cert_path, expected_path) + + def test_get_client_cert_path_about_to_download(self): + config = self._get_eipconfig() + config.get_path_prefix = Mock(return_value='test') + + provider_config = ProviderConfig() + + # mock 'get_domain' so we don't need to load a config + provider_domain = 'test.provider.com' + provider_config.get_domain = Mock(return_value=provider_domain) + + expected_path = os.path.join('test', 'leap', 'providers', + provider_domain, 'keys', 'client', + 'openvpn.pem') + + cert_path = config.get_client_cert_path( + provider_config, about_to_download=True) + + self.assertEqual(cert_path, expected_path) + + def test_get_client_cert_path_fails(self): + config = self._get_eipconfig() + provider_config = ProviderConfig() + + # mock 'get_domain' so we don't need to load a config + provider_domain = 'test.provider.com' + provider_config.get_domain = Mock(return_value=provider_domain) + + with self.assertRaises(AssertionError): + config.get_client_cert_path(provider_config) + + +if __name__ == "__main__": + unittest.main() diff --git a/src/leap/services/eip/tests/test_providerbootstrapper.py b/src/leap/services/eip/tests/test_providerbootstrapper.py new file mode 100644 index 00000000..cd740793 --- /dev/null +++ b/src/leap/services/eip/tests/test_providerbootstrapper.py @@ -0,0 +1,504 @@ +# -*- coding: utf-8 -*- +# test_providerbootstrapper.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + + +""" +Tests for the Provider Boostrapper checks + +These will be whitebox tests since we want to make sure the private +implementation is checking what we expect. +""" + +import os +import mock +import socket +import stat +import tempfile +import time +import requests +try: + import unittest2 as unittest +except ImportError: + import unittest + +from nose.twistedtools import deferred, reactor +from twisted.internet import threads +from requests.models import Response + +from leap.common.testing.https_server import where +from leap.common.testing.basetest import BaseLeapTest +from leap.services.eip.providerbootstrapper import ProviderBootstrapper +from leap.services.eip.providerbootstrapper import UnsupportedProviderAPI +from leap.provider.supportedapis import SupportedAPIs +from leap.config.providerconfig import ProviderConfig +from leap.crypto.tests import fake_provider +from leap.common.files import mkdir_p + + +class ProviderBootstrapperTest(BaseLeapTest): + def setUp(self): + self.pb = ProviderBootstrapper() + + def tearDown(self): + pass + + def test_name_resolution_check(self): + # Something highly likely to success + self.pb._domain = "google.com" + self.pb._check_name_resolution() + # Something highly likely to fail + self.pb._domain = "uquhqweuihowquie.abc.def" + with self.assertRaises(socket.gaierror): + self.pb._check_name_resolution() + + @deferred() + def test_run_provider_select_checks(self): + self.pb._check_name_resolution = mock.MagicMock() + self.pb._check_https = mock.MagicMock() + self.pb._download_provider_info = mock.MagicMock() + + d = self.pb.run_provider_select_checks("somedomain") + + def check(*args): + self.pb._check_name_resolution.assert_called_once_with() + self.pb._check_https.assert_called_once_with(None) + self.pb._download_provider_info.assert_called_once_with(None) + d.addCallback(check) + return d + + @deferred() + def test_run_provider_setup_checks(self): + self.pb._download_ca_cert = mock.MagicMock() + self.pb._check_ca_fingerprint = mock.MagicMock() + self.pb._check_api_certificate = mock.MagicMock() + + d = self.pb.run_provider_setup_checks(ProviderConfig()) + + def check(*args): + self.pb._download_ca_cert.assert_called_once_with() + self.pb._check_ca_fingerprint.assert_called_once_with(None) + self.pb._check_api_certificate.assert_called_once_with(None) + d.addCallback(check) + return d + + def test_should_proceed_cert(self): + self.pb._provider_config = mock.Mock() + self.pb._provider_config.get_ca_cert_path = mock.MagicMock( + return_value=where("cacert.pem")) + + self.pb._download_if_needed = False + self.assertTrue(self.pb._should_proceed_cert()) + + self.pb._download_if_needed = True + self.assertFalse(self.pb._should_proceed_cert()) + + self.pb._provider_config.get_ca_cert_path = mock.MagicMock( + return_value=where("somefilethatdoesntexist.pem")) + self.assertTrue(self.pb._should_proceed_cert()) + + def _check_download_ca_cert(self, should_proceed): + """ + Helper to check different paths easily for the download ca + cert check + + :param should_proceed: sets the _should_proceed_cert in the + provider bootstrapper being tested + :type should_proceed: bool + + :returns: The contents of the certificate, the expected + content depending on should_proceed, and the mode of + the file to be checked by the caller + :rtype: tuple of str, str, int + """ + old_content = "NOT THE NEW CERT" + new_content = "NEW CERT" + new_cert_path = os.path.join(tempfile.mkdtemp(), + "mynewcert.pem") + + with open(new_cert_path, "w") as c: + c.write(old_content) + + self.pb._provider_config = mock.Mock() + self.pb._provider_config.get_ca_cert_path = mock.MagicMock( + return_value=new_cert_path) + self.pb._domain = "somedomain" + + self.pb._should_proceed_cert = mock.MagicMock( + return_value=should_proceed) + + read = None + content_to_check = None + mode = None + + with mock.patch('requests.models.Response.content', + new_callable=mock.PropertyMock) as \ + content: + content.return_value = new_content + response_obj = Response() + response_obj.raise_for_status = mock.MagicMock() + + self.pb._session.get = mock.MagicMock(return_value=response_obj) + self.pb._download_ca_cert() + with open(new_cert_path, "r") as nc: + read = nc.read() + if should_proceed: + content_to_check = new_content + else: + content_to_check = old_content + mode = stat.S_IMODE(os.stat(new_cert_path).st_mode) + + os.unlink(new_cert_path) + return read, content_to_check, mode + + def test_download_ca_cert_no_saving(self): + read, expected_read, mode = self._check_download_ca_cert(False) + self.assertEqual(read, expected_read) + self.assertEqual(mode, int("600", 8)) + + def test_download_ca_cert_saving(self): + read, expected_read, mode = self._check_download_ca_cert(True) + self.assertEqual(read, expected_read) + self.assertEqual(mode, int("600", 8)) + + def test_check_ca_fingerprint_skips(self): + self.pb._provider_config = mock.Mock() + self.pb._provider_config.get_ca_cert_fingerprint = mock.MagicMock( + return_value="") + self.pb._domain = "somedomain" + + self.pb._should_proceed_cert = mock.MagicMock(return_value=False) + + self.pb._check_ca_fingerprint() + self.assertFalse(self.pb._provider_config. + get_ca_cert_fingerprint.called) + + def test_check_ca_cert_fingerprint_raises_bad_format(self): + self.pb._provider_config = mock.Mock() + self.pb._provider_config.get_ca_cert_fingerprint = mock.MagicMock( + return_value="wrongfprformat!!") + self.pb._domain = "somedomain" + + self.pb._should_proceed_cert = mock.MagicMock(return_value=True) + + with self.assertRaises(AssertionError): + self.pb._check_ca_fingerprint() + + # This two hashes different in the last byte, but that's good enough + # for the tests + KNOWN_BAD_HASH = "SHA256: 0f17c033115f6b76ff67871872303ff65034efe" \ + "7dd1b910062ca323eb4da5c7f" + KNOWN_GOOD_HASH = "SHA256: 0f17c033115f6b76ff67871872303ff65034ef" \ + "e7dd1b910062ca323eb4da5c7e" + KNOWN_GOOD_CERT = """ +-----BEGIN CERTIFICATE----- +MIIFbzCCA1egAwIBAgIBATANBgkqhkiG9w0BAQ0FADBKMRgwFgYDVQQDDA9CaXRt +YXNrIFJvb3QgQ0ExEDAOBgNVBAoMB0JpdG1hc2sxHDAaBgNVBAsME2h0dHBzOi8v +Yml0bWFzay5uZXQwHhcNMTIxMTA2MDAwMDAwWhcNMjIxMTA2MDAwMDAwWjBKMRgw +FgYDVQQDDA9CaXRtYXNrIFJvb3QgQ0ExEDAOBgNVBAoMB0JpdG1hc2sxHDAaBgNV +BAsME2h0dHBzOi8vYml0bWFzay5uZXQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw +ggIKAoICAQC1eV4YvayaU+maJbWrD4OHo3d7S1BtDlcvkIRS1Fw3iYDjsyDkZxai +dHp4EUasfNQ+EVtXUvtk6170EmLco6Elg8SJBQ27trE6nielPRPCfX3fQzETRfvB +7tNvGw4Jn2YKiYoMD79kkjgyZjkJ2r/bEHUSevmR09BRp86syHZerdNGpXYhcQ84 +CA1+V+603GFIHnrP+uQDdssW93rgDNYu+exT+Wj6STfnUkugyjmPRPjL7wh0tzy+ +znCeLl4xiV3g9sjPnc7r2EQKd5uaTe3j71sDPF92KRk0SSUndREz+B1+Dbe/RGk4 +MEqGFuOzrtsgEhPIX0hplhb0Tgz/rtug+yTT7oJjBa3u20AAOQ38/M99EfdeJvc4 +lPFF1XBBLh6X9UKF72an2NuANiX6XPySnJgZ7nZ09RiYZqVwu/qt3DfvLfhboq+0 +bQvLUPXrVDr70onv5UDjpmEA/cLmaIqqrduuTkFZOym65/PfAPvpGnt7crQj/Ibl +DEDYZQmP7AS+6zBjoOzNjUGE5r40zWAR1RSi7zliXTu+yfsjXUIhUAWmYR6J3KxB +lfsiHBQ+8dn9kC3YrUexWoOqBiqJOAJzZh5Y1tqgzfh+2nmHSB2dsQRs7rDRRlyy +YMbkpzL9ZsOUO2eTP1mmar6YjCN+rggYjRrX71K2SpBG6b1zZxOG+wIDAQABo2Aw +XjAdBgNVHQ4EFgQUuYGDLL2sswnYpHHvProt1JU+D48wDgYDVR0PAQH/BAQDAgIE +MAwGA1UdEwQFMAMBAf8wHwYDVR0jBBgwFoAUuYGDLL2sswnYpHHvProt1JU+D48w +DQYJKoZIhvcNAQENBQADggIBADeG67vaFcbITGpi51264kHPYPEWaXUa5XYbtmBl +cXYyB6hY5hv/YNuVGJ1gWsDmdeXEyj0j2icGQjYdHRfwhrbEri+h1EZOm1cSBDuY +k/P5+ctHyOXx8IE79DBsZ6IL61UKIaKhqZBfLGYcWu17DVV6+LT+AKtHhOrv3TSj +RnAcKnCbKqXLhUPXpK0eTjPYS2zQGQGIhIy9sQXVXJJJsGrPgMxna1Xw2JikBOCG +htD/JKwt6xBmNwktH0GI/LVtVgSp82Clbn9C4eZN9E5YbVYjLkIEDhpByeC71QhX +EIQ0ZR56bFuJA/CwValBqV/G9gscTPQqd+iETp8yrFpAVHOW+YzSFbxjTEkBte1J +aF0vmbqdMAWLk+LEFPQRptZh0B88igtx6tV5oVd+p5IVRM49poLhuPNJGPvMj99l +mlZ4+AeRUnbOOeAEuvpLJbel4rhwFzmUiGoeTVoPZyMevWcVFq6BMkS+jRR2w0jK +G6b0v5XDHlcFYPOgUrtsOBFJVwbutLvxdk6q37kIFnWCd8L3kmES5q4wjyFK47Co +Ja8zlx64jmMZPg/t3wWqkZgXZ14qnbyG5/lGsj5CwVtfDljrhN0oCWK1FZaUmW3d +69db12/g4f6phldhxiWuGC/W6fCW5kre7nmhshcltqAJJuU47iX+DarBFiIj816e +yV8e +-----END CERTIFICATE----- +""" + + def _prepare_provider_config_with(self, cert_path, cert_hash): + """ + Mocks the provider config to give the cert_path and cert_hash + specified + + :param cert_path: path for the certificate + :type cert_path: str + :param cert_hash: hash for the certificate as it would appear + in the provider config json + :type cert_hash: str + """ + self.pb._provider_config = mock.Mock() + self.pb._provider_config.get_ca_cert_fingerprint = mock.MagicMock( + return_value=cert_hash) + self.pb._provider_config.get_ca_cert_path = mock.MagicMock( + return_value=cert_path) + self.pb._domain = "somedomain" + + def test_check_ca_fingerprint_checksout(self): + cert_path = os.path.join(tempfile.mkdtemp(), + "mynewcert.pem") + + with open(cert_path, "w") as c: + c.write(self.KNOWN_GOOD_CERT) + + self._prepare_provider_config_with(cert_path, self.KNOWN_GOOD_HASH) + + self.pb._should_proceed_cert = mock.MagicMock(return_value=True) + + self.pb._check_ca_fingerprint() + + os.unlink(cert_path) + + def test_check_ca_fingerprint_fails(self): + cert_path = os.path.join(tempfile.mkdtemp(), + "mynewcert.pem") + + with open(cert_path, "w") as c: + c.write(self.KNOWN_GOOD_CERT) + + self._prepare_provider_config_with(cert_path, self.KNOWN_BAD_HASH) + + self.pb._should_proceed_cert = mock.MagicMock(return_value=True) + + with self.assertRaises(AssertionError): + self.pb._check_ca_fingerprint() + + os.unlink(cert_path) + + +############################################################################### +# Tests with a fake provider # +############################################################################### + +class ProviderBootstrapperActiveTest(unittest.TestCase): + @classmethod + def setUpClass(cls): + factory = fake_provider.get_provider_factory() + http = reactor.listenTCP(8002, factory) + https = reactor.listenSSL( + 0, factory, + fake_provider.OpenSSLServerContextFactory()) + get_port = lambda p: p.getHost().port + cls.http_port = get_port(http) + cls.https_port = get_port(https) + + def setUp(self): + self.pb = ProviderBootstrapper() + + # At certain points we are going to be replacing these methods + # directly in ProviderConfig to be able to catch calls from + # new ProviderConfig objects inside the methods tested. We + # need to save the old implementation and restore it in + # tearDown so we are sure everything is as expected for each + # test. If we do it inside each specific test, a failure in + # the test will leave the implementation with the mock. + self.old_gpp = ProviderConfig.get_path_prefix + self.old_load = ProviderConfig.load + self.old_save = ProviderConfig.save + self.old_api_version = ProviderConfig.get_api_version + + def tearDown(self): + ProviderConfig.get_path_prefix = self.old_gpp + ProviderConfig.load = self.old_load + ProviderConfig.save = self.old_save + ProviderConfig.get_api_version = self.old_api_version + + def test_check_https_succeeds(self): + # XXX: Need a proper CA signed cert to test this + pass + + @deferred() + def test_check_https_fails(self): + self.pb._domain = "localhost:%s" % (self.https_port,) + + def check(*args): + with self.assertRaises(requests.exceptions.SSLError): + self.pb._check_https() + return threads.deferToThread(check) + + @deferred() + def test_second_check_https_fails(self): + self.pb._domain = "localhost:1234" + + def check(*args): + with self.assertRaises(Exception): + self.pb._check_https() + return threads.deferToThread(check) + + @deferred() + def test_check_https_succeeds_if_danger(self): + self.pb._domain = "localhost:%s" % (self.https_port,) + self.pb._bypass_checks = True + + def check(*args): + self.pb._check_https() + + return threads.deferToThread(check) + + def _setup_provider_config_with(self, api, path_prefix): + """ + Sets up the ProviderConfig with mocks for the path prefix, the + api returned and load/save methods. + It modifies ProviderConfig directly instead of an object + because the object used is created in the method itself and we + cannot control that. + + :param api: API to return + :type api: str + :param path_prefix: path prefix to be used when calculating + paths + :type path_prefix: str + """ + ProviderConfig.get_path_prefix = mock.MagicMock( + return_value=path_prefix) + ProviderConfig.get_api_version = mock.MagicMock( + return_value=api) + ProviderConfig.load = mock.MagicMock() + ProviderConfig.save = mock.MagicMock() + + def _setup_providerbootstrapper(self, ifneeded): + """ + Sets the provider bootstrapper's domain to + localhost:https_port, sets it to bypass https checks and sets + the download if needed based on the ifneeded value. + + :param ifneeded: Value for _download_if_needed + :type ifneeded: bool + """ + self.pb._domain = "localhost:%s" % (self.https_port,) + self.pb._bypass_checks = True + self.pb._download_if_needed = ifneeded + + def _produce_dummy_provider_json(self): + """ + Creates a dummy provider json on disk in order to test + behaviour around it (download if newer online, etc) + + :returns: the provider.json path used + :rtype: str + """ + provider_dir = os.path.join(ProviderConfig() + .get_path_prefix(), + "leap", + "providers", + self.pb._domain) + mkdir_p(provider_dir) + provider_path = os.path.join(provider_dir, + "provider.json") + + with open(provider_path, "w") as p: + p.write("A") + return provider_path + + def test_download_provider_info_not_modified(self): + self._setup_provider_config_with("1", tempfile.mkdtemp()) + self._setup_providerbootstrapper(True) + provider_path = self._produce_dummy_provider_json() + + # set mtime to something really new + os.utime(provider_path, (-1, time.time())) + + self.pb._download_provider_info() + # we check that it doesn't do anything with the provider + # config, because it's new enough + self.assertFalse(ProviderConfig.load.called) + self.assertFalse(ProviderConfig.save.called) + + def test_download_provider_info_modified(self): + self._setup_provider_config_with("1", tempfile.mkdtemp()) + self._setup_providerbootstrapper(True) + provider_path = self._produce_dummy_provider_json() + + # set mtime to something really old + os.utime(provider_path, (-1, 100)) + + self.pb._download_provider_info() + self.assertTrue(ProviderConfig.load.called) + self.assertTrue(ProviderConfig.save.called) + + def test_download_provider_info_unsupported_api_raises(self): + self._setup_provider_config_with("9999999", tempfile.mkdtemp()) + self._setup_providerbootstrapper(False) + self._produce_dummy_provider_json() + + with self.assertRaises(UnsupportedProviderAPI): + self.pb._download_provider_info() + + def test_download_provider_info_unsupported_api(self): + self._setup_provider_config_with(SupportedAPIs.SUPPORTED_APIS[0], + tempfile.mkdtemp()) + self._setup_providerbootstrapper(False) + self._produce_dummy_provider_json() + + self.pb._download_provider_info() + + def test_check_api_certificate_skips(self): + self.pb._provider_config = ProviderConfig() + self.pb._provider_config.get_api_uri = mock.MagicMock( + return_value="api.uri") + self.pb._provider_config.get_ca_cert_path = mock.MagicMock( + return_value="/cert/path") + self.pb._session.get = mock.MagicMock(return_value=Response()) + + self.pb._should_proceed_cert = mock.MagicMock(return_value=False) + self.pb._check_api_certificate() + self.assertFalse(self.pb._session.get.called) + + @deferred() + def test_check_api_certificate_fails(self): + self.pb._provider_config = ProviderConfig() + self.pb._provider_config.get_api_uri = mock.MagicMock( + return_value="https://localhost:%s" % (self.https_port,)) + self.pb._provider_config.get_ca_cert_path = mock.MagicMock( + return_value=os.path.join( + os.path.split(__file__)[0], + "wrongcert.pem")) + self.pb._provider_config.get_api_version = mock.MagicMock( + return_value="1") + + self.pb._should_proceed_cert = mock.MagicMock(return_value=True) + + def check(*args): + with self.assertRaises(requests.exceptions.SSLError): + self.pb._check_api_certificate() + d = threads.deferToThread(check) + return d + + @deferred() + def test_check_api_certificate_succeeds(self): + self.pb._provider_config = ProviderConfig() + self.pb._provider_config.get_api_uri = mock.MagicMock( + return_value="https://localhost:%s" % (self.https_port,)) + self.pb._provider_config.get_ca_cert_path = mock.MagicMock( + return_value=where('cacert.pem')) + self.pb._provider_config.get_api_version = mock.MagicMock( + return_value="1") + + self.pb._should_proceed_cert = mock.MagicMock(return_value=True) + + def check(*args): + self.pb._check_api_certificate() + d = threads.deferToThread(check) + return d diff --git a/src/leap/services/eip/tests/test_vpngatewayselector.py b/src/leap/services/eip/tests/test_vpngatewayselector.py new file mode 100644 index 00000000..c90681d7 --- /dev/null +++ b/src/leap/services/eip/tests/test_vpngatewayselector.py @@ -0,0 +1,131 @@ +# -*- coding: utf-8 -*- +# test_vpngatewayselector.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +""" +tests for vpngatewayselector +""" + +import unittest + +from leap.services.eip.eipconfig import EIPConfig, VPNGatewaySelector +from leap.common.testing.basetest import BaseLeapTest +from mock import Mock + + +sample_gateways = [ + {u'host': u'gateway1.com', + u'ip_address': u'1.2.3.4', + u'location': u'location1'}, + {u'host': u'gateway2.com', + u'ip_address': u'2.3.4.5', + u'location': u'location2'}, + {u'host': u'gateway3.com', + u'ip_address': u'3.4.5.6', + u'location': u'location3'}, + {u'host': u'gateway4.com', + u'ip_address': u'4.5.6.7', + u'location': u'location4'} +] + +sample_gateways_no_location = [ + {u'host': u'gateway1.com', + u'ip_address': u'1.2.3.4'}, + {u'host': u'gateway2.com', + u'ip_address': u'2.3.4.5'}, + {u'host': u'gateway3.com', + u'ip_address': u'3.4.5.6'} +] + +sample_locations = { + u'location1': {u'timezone': u'2'}, + u'location2': {u'timezone': u'-7'}, + u'location3': {u'timezone': u'-4'}, + u'location4': {u'timezone': u'+13'} +} + +# 0 is not used, only for indexing from 1 in tests +ips = (0, u'1.2.3.4', u'2.3.4.5', u'3.4.5.6', u'4.5.6.7') + + +class VPNGatewaySelectorTest(BaseLeapTest): + """ + VPNGatewaySelector's tests. + """ + def setUp(self): + self.eipconfig = EIPConfig() + self.eipconfig.get_gateways = Mock(return_value=sample_gateways) + self.eipconfig.get_locations = Mock(return_value=sample_locations) + + def tearDown(self): + pass + + def test_get_no_gateways(self): + gateway_selector = VPNGatewaySelector(self.eipconfig) + self.eipconfig.get_gateways = Mock(return_value=[]) + gateways = gateway_selector.get_gateways() + self.assertEqual(gateways, []) + + def test_get_gateway_with_no_locations(self): + gateway_selector = VPNGatewaySelector(self.eipconfig) + self.eipconfig.get_gateways = Mock( + return_value=sample_gateways_no_location) + self.eipconfig.get_locations = Mock(return_value=[]) + gateways = gateway_selector.get_gateways() + gateways_default_order = [ + sample_gateways[0]['ip_address'], + sample_gateways[1]['ip_address'], + sample_gateways[2]['ip_address'] + ] + self.assertEqual(gateways, gateways_default_order) + + def test_correct_order_gmt(self): + gateway_selector = VPNGatewaySelector(self.eipconfig, 0) + gateways = gateway_selector.get_gateways() + self.assertEqual(gateways, [ips[1], ips[3], ips[2], ips[4]]) + + def test_correct_order_gmt_minus_3(self): + gateway_selector = VPNGatewaySelector(self.eipconfig, -3) + gateways = gateway_selector.get_gateways() + self.assertEqual(gateways, [ips[3], ips[2], ips[1], ips[4]]) + + def test_correct_order_gmt_minus_7(self): + gateway_selector = VPNGatewaySelector(self.eipconfig, -7) + gateways = gateway_selector.get_gateways() + self.assertEqual(gateways, [ips[2], ips[3], ips[4], ips[1]]) + + def test_correct_order_gmt_plus_5(self): + gateway_selector = VPNGatewaySelector(self.eipconfig, 5) + gateways = gateway_selector.get_gateways() + self.assertEqual(gateways, [ips[1], ips[4], ips[3], ips[2]]) + + def test_correct_order_gmt_plus_12(self): + gateway_selector = VPNGatewaySelector(self.eipconfig, 12) + gateways = gateway_selector.get_gateways() + self.assertEqual(gateways, [ips[4], ips[2], ips[3], ips[1]]) + + def test_correct_order_gmt_minus_11(self): + gateway_selector = VPNGatewaySelector(self.eipconfig, -11) + gateways = gateway_selector.get_gateways() + self.assertEqual(gateways, [ips[4], ips[2], ips[3], ips[1]]) + + def test_correct_order_gmt_plus_14(self): + gateway_selector = VPNGatewaySelector(self.eipconfig, 14) + gateways = gateway_selector.get_gateways() + self.assertEqual(gateways, [ips[4], ips[2], ips[3], ips[1]]) + + +if __name__ == "__main__": + unittest.main() diff --git a/src/leap/services/eip/tests/wrongcert.pem b/src/leap/services/eip/tests/wrongcert.pem new file mode 100644 index 00000000..e6cff38a --- /dev/null +++ b/src/leap/services/eip/tests/wrongcert.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFtTCCA52gAwIBAgIJAIWZus5EIXNtMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQwHhcNMTMwNjI1MTc0NjExWhcNMTgwNjI1MTc0NjExWjBF +MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50 +ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEA2ObM7ESjyuxFZYD/Y68qOPQgjgggW+cdXfBpU2p4n7clsrUeMhWdW40Y +77Phzor9VOeqs3ZpHuyLzsYVp/kFDm8tKyo2ah5fJwzL0VCSLYaZkUQQ7GNUmTCk +furaxl8cQx/fg395V7/EngsS9B3/y5iHbctbA4MnH3jaotO5EGeo6hw7/eyCotQ9 +KbBV9GJMcY94FsXBCmUB+XypKklWTLhSaS6Cu4Fo8YLW6WmcnsyEOGS2F7WVf5at +7CBWFQZHaSgIBLmc818/mDYCnYmCVMFn/6Ndx7V2NTlz+HctWrQn0dmIOnCUeCwS +wXq9PnBR1rSx/WxwyF/WpyjOFkcIo7vm72kS70pfrYsXcZD4BQqkXYj3FyKnPt3O +ibLKtCxL8/83wOtErPcYpG6LgFkgAAlHQ9MkUi5dbmjCJtpqQmlZeK1RALdDPiB3 +K1KZimrGsmcE624dJxUIOJJpuwJDy21F8kh5ZAsAtE1prWETrQYNElNFjQxM83rS +ZR1Ql2MPSB4usEZT57+KvpEzlOnAT3elgCg21XrjSFGi14hCEao4g2OEZH5GAwm5 +frf6UlSRZ/g3tLTfI8Hv1prw15W2qO+7q7SBAplTODCRk+Yb0YoA2mMM/QXBUcXs +vKEDLSSxzNIBi3T62l39RB/ml+gPKo87ZMDivex1ZhrcJc3Yu3sCAwEAAaOBpzCB +pDAdBgNVHQ4EFgQUPjE+4pun+8FreIdpoR8v6N7xKtUwdQYDVR0jBG4wbIAUPjE+ +4pun+8FreIdpoR8v6N7xKtWhSaRHMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpT +b21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGSCCQCF +mbrORCFzbTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4ICAQCpvCPdtvXJ +muTj379TZuCJs7/l0FhA7AHa1WAlHjsXHaA7N0+3ZWAbdtXDsowal6S+ldgU/kfV +Lq7NrRq+amJWC7SYj6cvVwhrSwSvu01fe/TWuOzHrRv1uTfJ/VXLonVufMDd9opo +bhqYxMaxLdIx6t/MYmZH4Wpiq0yfZuv//M8i7BBl/qvaWbLhg0yVAKRwjFvf59h6 +6tRFCLddELOIhLDQtk8zMbioPEbfAlKdwwP8kYGtDGj6/9/YTd/oTKRdgHuwyup3 +m0L20Y6LddC+tb0WpK5EyrNbCbEqj1L4/U7r6f/FKNA3bx6nfdXbscaMfYonKAKg +1cRrRg45sErmCz0QyTnWzXyvbjR4oQRzyW3kJ1JZudZ+AwOi00J5FYa3NiLuxl1u +gIGKWSrASQWhEdpa1nlCgX7PhdaQgYjEMpQvA0GCA0OF5JDu8en1yZqsOt1hCLIN +lkz/5jKPqrclY5hV99bE3hgCHRmIPNHCZG3wbZv2yJKxJX1YLMmQwAmSh2N7YwGG +yXRvCxQs5ChPHyRairuf/5MZCZnSVb45ppTVuNUijsbflKRUgfj/XvfqQ22f+C9N +Om2dmNvAiS2TOIfuP47CF2OUa5q4plUwmr+nyXQGM0SIoHNCj+MBdFfb3oxxAtI+ +SLhbnzQv5e84Doqz3YF0XW8jyR7q8GFLNA== +-----END CERTIFICATE----- diff --git a/src/leap/services/eip/udstelnet.py b/src/leap/services/eip/udstelnet.py new file mode 100644 index 00000000..e6c82350 --- /dev/null +++ b/src/leap/services/eip/udstelnet.py @@ -0,0 +1,60 @@ +# -*- coding: utf-8 -*- +# udstelnet.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import os +import socket +import telnetlib + + +class ConnectionRefusedError(Exception): + pass + + +class MissingSocketError(Exception): + pass + + +class UDSTelnet(telnetlib.Telnet): + """ + A telnet-alike class, that can listen on unix domain sockets + """ + + def open(self, host, port=23, timeout=socket._GLOBAL_DEFAULT_TIMEOUT): + """ + Connect to a host. If port is 'unix', it will open a + connection over unix docmain sockets. + + The optional second argument is the port number, which + defaults to the standard telnet port (23). + Don't try to reopen an already connected instance. + """ + self.eof = 0 + self.host = host + self.port = port + self.timeout = timeout + + if self.port == "unix": + # unix sockets spoken + if not os.path.exists(self.host): + raise MissingSocketError() + self.sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) + try: + self.sock.connect(self.host) + except socket.error: + raise ConnectionRefusedError() + else: + self.sock = socket.create_connection((host, port), timeout) diff --git a/src/leap/services/eip/vpnlaunchers.py b/src/leap/services/eip/vpnlaunchers.py new file mode 100644 index 00000000..570a7893 --- /dev/null +++ b/src/leap/services/eip/vpnlaunchers.py @@ -0,0 +1,774 @@ +# -*- coding: utf-8 -*- +# vpnlaunchers.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +""" +Platform dependant VPN launchers +""" +import commands +import logging +import getpass +import os +import platform +import subprocess +import stat +try: + import grp +except ImportError: + pass # ignore, probably windows + +from abc import ABCMeta, abstractmethod +from functools import partial + +from leap.common.check import leap_assert, leap_assert_type +from leap.common.files import which +from leap.config.providerconfig import ProviderConfig +from leap.services.eip.eipconfig import EIPConfig, VPNGatewaySelector +from leap.util import first + +logger = logging.getLogger(__name__) + + +class VPNLauncherException(Exception): + pass + + +class OpenVPNNotFoundException(VPNLauncherException): + pass + + +class EIPNoPolkitAuthAgentAvailable(VPNLauncherException): + pass + + +class EIPNoPkexecAvailable(VPNLauncherException): + pass + + +class VPNLauncher: + """ + Abstract launcher class + """ + __metaclass__ = ABCMeta + + UPDOWN_FILES = None + OTHER_FILES = None + + @abstractmethod + def get_vpn_command(self, eipconfig=None, providerconfig=None, + socket_host=None, socket_port=None): + """ + Returns the platform dependant vpn launching command + + :param eipconfig: eip configuration object + :type eipconfig: EIPConfig + :param providerconfig: provider specific configuration + :type providerconfig: ProviderConfig + :param socket_host: either socket path (unix) or socket IP + :type socket_host: str + :param socket_port: either string "unix" if it's a unix + socket, or port otherwise + :type socket_port: str + + :return: A VPN command ready to be launched + :rtype: list + """ + return [] + + @abstractmethod + def get_vpn_env(self, providerconfig): + """ + Returns a dictionary with the custom env for the platform. + This is mainly used for setting LD_LIBRARY_PATH to the correct + path when distributing a standalone client + + :param providerconfig: provider specific configuration + :type providerconfig: ProviderConfig + + :rtype: dict + """ + return {} + + @classmethod + def missing_updown_scripts(kls): + """ + Returns what updown scripts are missing. + :rtype: list + """ + leap_assert(kls.UPDOWN_FILES is not None, + "Need to define UPDOWN_FILES for this particular " + "auncher before calling this method") + file_exist = partial(_has_updown_scripts, warn=False) + zipped = zip(kls.UPDOWN_FILES, map(file_exist, kls.UPDOWN_FILES)) + missing = filter(lambda (path, exists): exists is False, zipped) + return [path for path, exists in missing] + + @classmethod + def missing_other_files(kls): + """ + Returns what other important files are missing during startup. + Same as missing_updown_scripts but does not check for exec bit. + :rtype: list + """ + leap_assert(kls.UPDOWN_FILES is not None, + "Need to define OTHER_FILES for this particular " + "auncher before calling this method") + file_exist = partial(_has_other_files, warn=False) + zipped = zip(kls.OTHER_FILES, map(file_exist, kls.OTHER_FILES)) + missing = filter(lambda (path, exists): exists is False, zipped) + return [path for path, exists in missing] + + +def get_platform_launcher(): + launcher = globals()[platform.system() + "VPNLauncher"] + leap_assert(launcher, "Unimplemented platform launcher: %s" % + (platform.system(),)) + return launcher() + + +def _is_pkexec_in_system(): + """ + Checks the existence of the pkexec binary in system. + """ + pkexec_path = which('pkexec') + if len(pkexec_path) == 0: + return False + return True + + +def _has_updown_scripts(path, warn=True): + """ + Checks the existence of the up/down scripts and its + exec bit if applicable. + + :param path: the path to be checked + :type path: str + + :param warn: whether we should log the absence + :type warn: bool + + :rtype: bool + """ + is_file = os.path.isfile(path) + if warn and not is_file: + logger.error("Could not find up/down script %s. " + "Might produce DNS leaks." % (path,)) + + # XXX check if applies in win + is_exe = False + try: + is_exe = (stat.S_IXUSR & os.stat(path)[stat.ST_MODE] != 0) + except OSError as e: + logger.warn("%s" % (e,)) + if warn and not is_exe: + logger.error("Up/down script %s is not executable. " + "Might produce DNS leaks." % (path,)) + return is_file and is_exe + + +def _has_other_files(path, warn=True): + """ + Checks the existence of other important files. + + :param path: the path to be checked + :type path: str + + :param warn: whether we should log the absence + :type warn: bool + + :rtype: bool + """ + is_file = os.path.isfile(path) + if warn and not is_file: + logger.warning("Could not find file during checks: %s. " % ( + path,)) + return is_file + + +def _is_auth_agent_running(): + """ + Checks if a polkit daemon is running. + + :return: True if it's running, False if it's not. + :rtype: boolean + """ + ps = 'ps aux | grep polkit-%s-authentication-agent-1' + opts = (ps % case for case in ['[g]nome', '[k]de']) + is_running = map(lambda l: commands.getoutput(l), opts) + return any(is_running) + + +def _try_to_launch_agent(): + """ + Tries to launch a polkit daemon. + """ + opts = [ + "/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1", + # XXX add kde thing here + ] + for cmd in opts: + try: + subprocess.Popen([cmd], shell=True) + except: + pass + + +class LinuxVPNLauncher(VPNLauncher): + """ + VPN launcher for the Linux platform + """ + + PKEXEC_BIN = 'pkexec' + OPENVPN_BIN = 'openvpn' + SYSTEM_CONFIG = "/etc/leap" + UP_DOWN_FILE = "resolv-update" + UP_DOWN_PATH = "%s/%s" % (SYSTEM_CONFIG, UP_DOWN_FILE) + + # We assume this is there by our openvpn dependency, and + # we will put it there on the bundle too. + # TODO adapt to the bundle path. + OPENVPN_DOWN_ROOT_BASE = "/usr/lib/openvpn/" + OPENVPN_DOWN_ROOT_FILE = "openvpn-plugin-down-root.so" + OPENVPN_DOWN_ROOT_PATH = "%s/%s" % ( + OPENVPN_DOWN_ROOT_BASE, + OPENVPN_DOWN_ROOT_FILE) + + POLKIT_BASE = "/usr/share/polkit-1/actions" + POLKIT_FILE = "net.openvpn.gui.leap.policy" + POLKIT_PATH = "%s/%s" % (POLKIT_BASE, POLKIT_FILE) + + UPDOWN_FILES = (UP_DOWN_PATH,) + OTHER_FILES = (POLKIT_PATH,) + + @classmethod + def cmd_for_missing_scripts(kls, frompath): + """ + Returns a command that can copy the missing scripts. + :rtype: str + """ + to = kls.SYSTEM_CONFIG + cmd = "#!/bin/sh\nset -e\nmkdir -p %s\ncp %s/%s %s\ncp %s/%s %s" % ( + to, + frompath, kls.UP_DOWN_FILE, to, + frompath, kls.POLKIT_FILE, kls.POLKIT_PATH) + return cmd + + @classmethod + def maybe_pkexec(kls): + """ + Checks whether pkexec is available in the system, and + returns the path if found. + + Might raise EIPNoPkexecAvailable or EIPNoPolkitAuthAgentAvailable + + :returns: a list of the paths where pkexec is to be found + :rtype: list + """ + if _is_pkexec_in_system(): + if not _is_auth_agent_running(): + _try_to_launch_agent() + if _is_auth_agent_running(): + pkexec_possibilities = which(kls.PKEXEC_BIN) + leap_assert(len(pkexec_possibilities) > 0, + "We couldn't find pkexec") + return pkexec_possibilities + else: + logger.warning("No polkit auth agent found. pkexec " + + "will use its own auth agent.") + raise EIPNoPolkitAuthAgentAvailable() + else: + logger.warning("System has no pkexec") + raise EIPNoPkexecAvailable() + + @classmethod + def maybe_down_plugin(kls): + """ + Returns the path of the openvpn down-root-plugin, searching first + in the relative path for the standalone bundle, and then in the system + path where the debian package puts it. + + :returns: the path where the plugin was found, or None + :rtype: str or None + """ + cwd = os.getcwd() + rel_path_in_bundle = os.path.join( + 'apps', 'eip', 'files', kls.OPENVPN_DOWN_ROOT_FILE) + abs_path_in_bundle = os.path.join(cwd, rel_path_in_bundle) + if os.path.isfile(abs_path_in_bundle): + return abs_path_in_bundle + abs_path_in_system = kls.OPENVPN_DOWN_ROOT_FILE + if os.path.isfile(abs_path_in_system): + return abs_path_in_system + + logger.warning("We could not find the down-root-plugin, so no updown " + "scripts will be run. DNS leaks are likely!") + return None + + def get_vpn_command(self, eipconfig=None, providerconfig=None, + socket_host=None, socket_port="unix"): + """ + Returns the platform dependant vpn launching command. It will + look for openvpn in the regular paths and algo in + path_prefix/apps/eip/ (in case standalone is set) + + Might raise VPNException. + + :param eipconfig: eip configuration object + :type eipconfig: EIPConfig + + :param providerconfig: provider specific configuration + :type providerconfig: ProviderConfig + + :param socket_host: either socket path (unix) or socket IP + :type socket_host: str + + :param socket_port: either string "unix" if it's a unix + socket, or port otherwise + :type socket_port: str + + :return: A VPN command ready to be launched + :rtype: list + """ + leap_assert(eipconfig, "We need an eip config") + leap_assert_type(eipconfig, EIPConfig) + leap_assert(providerconfig, "We need a provider config") + leap_assert_type(providerconfig, ProviderConfig) + leap_assert(socket_host, "We need a socket host!") + leap_assert(socket_port, "We need a socket port!") + + kwargs = {} + if ProviderConfig.standalone: + kwargs['path_extension'] = os.path.join( + providerconfig.get_path_prefix(), + "..", "apps", "eip") + + openvpn_possibilities = which(self.OPENVPN_BIN, **kwargs) + + if len(openvpn_possibilities) == 0: + raise OpenVPNNotFoundException() + + openvpn = first(openvpn_possibilities) + args = [] + + pkexec = self.maybe_pkexec() + if pkexec: + args.append(openvpn) + openvpn = first(pkexec) + + # TODO: handle verbosity + + gateway_selector = VPNGatewaySelector(eipconfig) + gateways = gateway_selector.get_gateways() + + logger.debug("Using gateways ips: {}".format(', '.join(gateways))) + + for gw in gateways: + args += ['--remote', gw, '1194', 'udp'] + + args += [ + '--client', + '--dev', 'tun', + '--persist-tun', + '--persist-key', + '--tls-client', + '--remote-cert-tls', + 'server' + ] + + openvpn_configuration = eipconfig.get_openvpn_configuration() + + for key, value in openvpn_configuration.items(): + args += ['--%s' % (key,), value] + + args += [ + '--user', getpass.getuser(), + '--group', grp.getgrgid(os.getgroups()[-1]).gr_name + ] + + if socket_port == "unix": # that's always the case for linux + args += [ + '--management-client-user', getpass.getuser() + ] + + args += [ + '--management-signal', + '--management', socket_host, socket_port, + '--script-security', '2' + ] + + plugin_path = self.maybe_down_plugin() + # If we do not have the down plugin neither in the bundle + # nor in the system, we do not do updown scripts. The alternative + # is leaving the user without the ability to restore dns and routes + # to its original state. + + if plugin_path and _has_updown_scripts(self.UP_DOWN_PATH): + args += [ + '--up', self.UP_DOWN_PATH, + '--down', self.UP_DOWN_PATH, + '--plugin', plugin_path, + '\'script_type=down %s\'' % self.UP_DOWN_PATH + ] + + args += [ + '--cert', eipconfig.get_client_cert_path(providerconfig), + '--key', eipconfig.get_client_cert_path(providerconfig), + '--ca', providerconfig.get_ca_cert_path() + ] + + logger.debug("Running VPN with command:") + logger.debug("%s %s" % (openvpn, " ".join(args))) + + return [openvpn] + args + + def get_vpn_env(self, providerconfig): + """ + Returns a dictionary with the custom env for the platform. + This is mainly used for setting LD_LIBRARY_PATH to the correct + path when distributing a standalone client + + :param providerconfig: provider specific configuration + :type providerconfig: ProviderConfig + + :rtype: dict + """ + leap_assert(providerconfig, "We need a provider config") + leap_assert_type(providerconfig, ProviderConfig) + + return {"LD_LIBRARY_PATH": os.path.join( + providerconfig.get_path_prefix(), + "..", "lib")} + + +class DarwinVPNLauncher(VPNLauncher): + """ + VPN launcher for the Darwin Platform + """ + + COCOASUDO = "cocoasudo" + # XXX need magic translate for this string + SUDO_MSG = ("LEAP needs administrative privileges to run " + "Encrypted Internet.") + + INSTALL_PATH = "/Applications/LEAP\ Client.app" + OPENVPN_BIN = 'openvpn.leap' + OPENVPN_PATH = "%s/Contents/Resources/openvpn" % (INSTALL_PATH,) + + UP_SCRIPT = "%s/client.up.sh" % (OPENVPN_PATH,) + DOWN_SCRIPT = "%s/client.down.sh" % (OPENVPN_PATH,) + OPENVPN_DOWN_PLUGIN = '%s/openvpn-down-root.so' % (OPENVPN_PATH,) + + UPDOWN_FILES = (UP_SCRIPT, DOWN_SCRIPT, OPENVPN_DOWN_PLUGIN) + + @classmethod + def cmd_for_missing_scripts(kls, frompath): + """ + Returns a command that can copy the missing scripts. + :rtype: str + """ + to = kls.OPENVPN_PATH + cmd = "#!/bin/sh\nmkdir -p %s\ncp \"%s/\"* %s" % (to, frompath, to) + return cmd + + def get_cocoasudo_cmd(self): + """ + Returns a string with the cocoasudo command needed to run openvpn + as admin with a nice password prompt. The actual command needs to be + appended. + + :rtype: (str, list) + """ + iconpath = os.path.abspath(os.path.join( + os.getcwd(), + "../../../Resources/leap-client.tiff")) + has_icon = os.path.isfile(iconpath) + args = ["--icon=%s" % iconpath] if has_icon else [] + args.append("--prompt=%s" % (self.SUDO_MSG,)) + + return self.COCOASUDO, args + + def get_vpn_command(self, eipconfig=None, providerconfig=None, + socket_host=None, socket_port="unix"): + """ + Returns the platform dependant vpn launching command + + Might raise VPNException. + + :param eipconfig: eip configuration object + :type eipconfig: EIPConfig + + :param providerconfig: provider specific configuration + :type providerconfig: ProviderConfig + + :param socket_host: either socket path (unix) or socket IP + :type socket_host: str + + :param socket_port: either string "unix" if it's a unix + socket, or port otherwise + :type socket_port: str + + :return: A VPN command ready to be launched + :rtype: list + """ + leap_assert(eipconfig, "We need an eip config") + leap_assert_type(eipconfig, EIPConfig) + leap_assert(providerconfig, "We need a provider config") + leap_assert_type(providerconfig, ProviderConfig) + leap_assert(socket_host, "We need a socket host!") + leap_assert(socket_port, "We need a socket port!") + + kwargs = {} + if ProviderConfig.standalone: + kwargs['path_extension'] = os.path.join( + providerconfig.get_path_prefix(), + "..", "apps", "eip") + + openvpn_possibilities = which( + self.OPENVPN_BIN, + **kwargs) + if len(openvpn_possibilities) == 0: + raise OpenVPNNotFoundException() + + openvpn = first(openvpn_possibilities) + args = [openvpn] + + # TODO: handle verbosity + + gateway_selector = VPNGatewaySelector(eipconfig) + gateways = gateway_selector.get_gateways() + + logger.debug("Using gateways ips: {gw}".format( + gw=', '.join(gateways))) + + for gw in gateways: + args += ['--remote', gw, '1194', 'udp'] + + args += [ + '--client', + '--dev', 'tun', + '--persist-tun', + '--persist-key', + '--tls-client', + '--remote-cert-tls', + 'server' + ] + + openvpn_configuration = eipconfig.get_openvpn_configuration() + for key, value in openvpn_configuration.items(): + args += ['--%s' % (key,), value] + + user = getpass.getuser() + args += [ + '--user', user, + '--group', grp.getgrgid(os.getgroups()[-1]).gr_name + ] + + if socket_port == "unix": + args += [ + '--management-client-user', user + ] + + args += [ + '--management-signal', + '--management', socket_host, socket_port, + '--script-security', '2' + ] + + if _has_updown_scripts(self.UP_SCRIPT): + args += [ + '--up', self.UP_SCRIPT, + ] + + if _has_updown_scripts(self.DOWN_SCRIPT): + args += [ + '--down', self.DOWN_SCRIPT] + + # should have the down script too + if _has_updown_scripts(self.OPENVPN_DOWN_PLUGIN): + args += [ + '--plugin', self.OPENVPN_DOWN_PLUGIN, + '\'%s\'' % self.DOWN_SCRIPT + ] + + # we set user to be passed to the up/down scripts + args += [ + '--setenv', "LEAPUSER", "%s" % (user,)] + + args += [ + '--cert', eipconfig.get_client_cert_path(providerconfig), + '--key', eipconfig.get_client_cert_path(providerconfig), + '--ca', providerconfig.get_ca_cert_path() + ] + + command, cargs = self.get_cocoasudo_cmd() + cmd_args = cargs + args + + logger.debug("Running VPN with command:") + logger.debug("%s %s" % (command, " ".join(cmd_args))) + + return [command] + cmd_args + + def get_vpn_env(self, providerconfig): + """ + Returns a dictionary with the custom env for the platform. + This is mainly used for setting LD_LIBRARY_PATH to the correct + path when distributing a standalone client + + :param providerconfig: provider specific configuration + :type providerconfig: ProviderConfig + + :rtype: dict + """ + return {"DYLD_LIBRARY_PATH": os.path.join( + providerconfig.get_path_prefix(), + "..", "lib")} + + +class WindowsVPNLauncher(VPNLauncher): + """ + VPN launcher for the Windows platform + """ + + OPENVPN_BIN = 'openvpn_leap.exe' + + # XXX UPDOWN_FILES ... we do not have updown files defined yet! + + def get_vpn_command(self, eipconfig=None, providerconfig=None, + socket_host=None, socket_port="9876"): + """ + Returns the platform dependant vpn launching command. It will + look for openvpn in the regular paths and algo in + path_prefix/apps/eip/ (in case standalone is set) + + Might raise VPNException. + + :param eipconfig: eip configuration object + :type eipconfig: EIPConfig + :param providerconfig: provider specific configuration + :type providerconfig: ProviderConfig + :param socket_host: either socket path (unix) or socket IP + :type socket_host: str + :param socket_port: either string "unix" if it's a unix + socket, or port otherwise + :type socket_port: str + + :return: A VPN command ready to be launched + :rtype: list + """ + leap_assert(eipconfig, "We need an eip config") + leap_assert_type(eipconfig, EIPConfig) + leap_assert(providerconfig, "We need a provider config") + leap_assert_type(providerconfig, ProviderConfig) + leap_assert(socket_host, "We need a socket host!") + leap_assert(socket_port, "We need a socket port!") + leap_assert(socket_port != "unix", + "We cannot use unix sockets in windows!") + + openvpn_possibilities = which( + self.OPENVPN_BIN, + path_extension=os.path.join(providerconfig.get_path_prefix(), + "..", "apps", "eip")) + + if len(openvpn_possibilities) == 0: + raise OpenVPNNotFoundException() + + openvpn = first(openvpn_possibilities) + args = [] + + # TODO: handle verbosity + + gateway_selector = VPNGatewaySelector(eipconfig) + gateways = gateway_selector.get_gateways() + + logger.debug("Using gateways ips: {}".format(', '.join(gateways))) + + for gw in gateways: + args += ['--remote', gw, '1194', 'udp'] + + args += [ + '--client', + '--dev', 'tun', + '--persist-tun', + '--persist-key', + '--tls-client', + '--remote-cert-tls', + 'server' + ] + + openvpn_configuration = eipconfig.get_openvpn_configuration() + for key, value in openvpn_configuration.items(): + args += ['--%s' % (key,), value] + + args += [ + '--user', getpass.getuser(), + #'--group', grp.getgrgid(os.getgroups()[-1]).gr_name + ] + args += [ + '--management-signal', + '--management', socket_host, socket_port, + '--script-security', '2' + ] + args += [ + '--cert', eipconfig.get_client_cert_path(providerconfig), + '--key', eipconfig.get_client_cert_path(providerconfig), + '--ca', providerconfig.get_ca_cert_path() + ] + + logger.debug("Running VPN with command:") + logger.debug("%s %s" % (openvpn, " ".join(args))) + + return [openvpn] + args + + def get_vpn_env(self, providerconfig): + """ + Returns a dictionary with the custom env for the platform. + This is mainly used for setting LD_LIBRARY_PATH to the correct + path when distributing a standalone client + + :param providerconfig: provider specific configuration + :type providerconfig: ProviderConfig + + :rtype: dict + """ + return {} + + +if __name__ == "__main__": + logger = logging.getLogger(name='leap') + logger.setLevel(logging.DEBUG) + console = logging.StreamHandler() + console.setLevel(logging.DEBUG) + formatter = logging.Formatter( + '%(asctime)s ' + '- %(name)s - %(levelname)s - %(message)s') + console.setFormatter(formatter) + logger.addHandler(console) + + try: + abs_launcher = VPNLauncher() + except Exception as e: + assert isinstance(e, TypeError), "Something went wrong" + print "Abstract Prefixer class is working as expected" + + vpnlauncher = get_platform_launcher() + + eipconfig = EIPConfig() + if eipconfig.load("leap/providers/bitmask.net/eip-service.json"): + provider = ProviderConfig() + if provider.load("leap/providers/bitmask.net/provider.json"): + vpnlauncher.get_vpn_command(eipconfig=eipconfig, + providerconfig=provider, + socket_host="/blah") diff --git a/src/leap/services/eip/vpnprocess.py b/src/leap/services/eip/vpnprocess.py new file mode 100644 index 00000000..0ec56ae7 --- /dev/null +++ b/src/leap/services/eip/vpnprocess.py @@ -0,0 +1,718 @@ +# -*- coding: utf-8 -*- +# vpnprocess.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +""" +VPN Manager, spawned in a custom processProtocol. +""" +import logging +import os +import psutil +import psutil.error +import shutil +import socket + +from PySide import QtCore + +from leap.common.check import leap_assert, leap_assert_type +from leap.config.providerconfig import ProviderConfig +from leap.services.eip.vpnlaunchers import get_platform_launcher +from leap.services.eip.eipconfig import EIPConfig +from leap.services.eip.udstelnet import UDSTelnet + +logger = logging.getLogger(__name__) +vpnlog = logging.getLogger('leap.openvpn') + +from twisted.internet import protocol +from twisted.internet import defer +from twisted.internet.task import LoopingCall +from twisted.internet import error as internet_error + + +class VPNSignals(QtCore.QObject): + """ + These are the signals that we use to let the UI know + about the events we are polling. + They are instantiated in the VPN object and passed along + till the VPNProcess. + """ + state_changed = QtCore.Signal(dict) + status_changed = QtCore.Signal(dict) + process_finished = QtCore.Signal(int) + + def __init__(self): + QtCore.QObject.__init__(self) + + +class VPN(object): + """ + This is the high-level object that the GUI is dealing with. + It exposes the start and terminate methods. + + On start, it spawns a VPNProcess instance that will use a vpnlauncher + suited for the running platform and connect to the management interface + opened by the openvpn process, executing commands over that interface on + demand. + """ + TERMINATE_MAXTRIES = 10 + TERMINATE_WAIT = 1 # secs + + def __init__(self): + """ + Instantiate empty attributes and get a copy + of a QObject containing the QSignals that we will pass along + to the VPNManager. + """ + from twisted.internet import reactor + self._vpnproc = None + self._pollers = [] + self._reactor = reactor + self._qtsigs = VPNSignals() + + @property + def qtsigs(self): + return self._qtsigs + + def start(self, *args, **kwargs): + """ + Starts the openvpn subprocess. + + :param args: args to be passed to the VPNProcess + :type args: tuple + + :param kwargs: kwargs to be passed to the VPNProcess + :type kwargs: dict + """ + kwargs['qtsigs'] = self.qtsigs + + # start the main vpn subprocess + vpnproc = VPNProcess(*args, **kwargs) + + # XXX Should stop if already running ------- + if vpnproc.get_openvpn_process(): + logger.warning("Another vpnprocess is running!") + + cmd = vpnproc.getCommand() + env = os.environ + for key, val in vpnproc.vpn_env.items(): + env[key] = val + + self._reactor.spawnProcess(vpnproc, cmd[0], cmd, env) + self._vpnproc = vpnproc + + # add pollers for status and state + # this could be extended to a collection of + # generic watchers + + poll_list = [LoopingCall(vpnproc.pollStatus), + LoopingCall(vpnproc.pollState)] + self._pollers.extend(poll_list) + self._start_pollers() + + def _kill_if_left_alive(self, tries=0): + """ + Check if the process is still alive, and sends a + SIGKILL after a timeout period. + + :param tries: counter of tries, used in recursion + :type tries: int + """ + from twisted.internet import reactor + while tries < self.TERMINATE_MAXTRIES: + if self._vpnproc.transport.pid is None: + logger.debug("Process has been happily terminated.") + return + else: + logger.debug("Process did not die, waiting...") + tries += 1 + reactor.callLater(self.TERMINATE_WAIT, + self._kill_if_left_alive, tries) + + # after running out of patience, we try a killProcess + logger.debug("Process did not died. Sending a SIGKILL.") + self.killit() + + def killit(self): + """ + Sends a kill signal to the process. + """ + self._stop_pollers() + self._vpnproc.aborted = True + self._vpnproc.killProcess() + + def terminate(self, shutdown=False): + """ + Stops the openvpn subprocess. + + Attempts to send a SIGTERM first, and after a timeout + it sends a SIGKILL. + """ + from twisted.internet import reactor + self._stop_pollers() + + # First we try to be polite and send a SIGTERM... + if self._vpnproc: + self._sentterm = True + self._vpnproc.terminate_openvpn(shutdown=shutdown) + + # ...but we also trigger a countdown to be unpolite + # if strictly needed. + reactor.callLater( + self.TERMINATE_WAIT, self._kill_if_left_alive) + + def _start_pollers(self): + """ + Iterate through the registered observers + and start the looping call for them. + """ + for poller in self._pollers: + poller.start(VPNManager.POLL_TIME) + + def _stop_pollers(self): + """ + Iterate through the registered observers + and stop the looping calls if they are running. + """ + for poller in self._pollers: + if poller.running: + poller.stop() + self._pollers = [] + + +class VPNManager(object): + """ + This is a mixin that we use in the VPNProcess class. + Here we get together all methods related with the openvpn management + interface. + + A copy of a QObject containing signals as attributes is passed along + upon initialization, and we use that object to emit signals to qt-land. + + For more info about management methods:: + + zcat `dpkg -L openvpn | grep management` + """ + + # Timers, in secs + POLL_TIME = 0.5 + CONNECTION_RETRY_TIME = 1 + + TS_KEY = "ts" + STATUS_STEP_KEY = "status_step" + OK_KEY = "ok" + IP_KEY = "ip" + REMOTE_KEY = "remote" + + TUNTAP_READ_KEY = "tun_tap_read" + TUNTAP_WRITE_KEY = "tun_tap_write" + TCPUDP_READ_KEY = "tcp_udp_read" + TCPUDP_WRITE_KEY = "tcp_udp_write" + AUTH_READ_KEY = "auth_read" + + def __init__(self, qtsigs=None): + """ + Initializes the VPNManager. + + :param qtsigs: a QObject containing the Qt signals used by the UI + to give feedback about state changes. + :type qtsigs: QObject + """ + from twisted.internet import reactor + self._reactor = reactor + self._tn = None + self._qtsigs = qtsigs + self._aborted = False + + @property + def qtsigs(self): + return self._qtsigs + + @property + def aborted(self): + return self._aborted + + @aborted.setter + def aborted(self, value): + self._aborted = value + + def _seek_to_eof(self): + """ + Read as much as available. Position seek pointer to end of stream + """ + try: + self._tn.read_eager() + except EOFError: + logger.debug("Could not read from socket. Assuming it died.") + return + + def _send_command(self, command, until=b"END"): + """ + Sends a command to the telnet connection and reads until END + is reached. + + :param command: command to send + :type command: str + + :param until: byte delimiter string for reading command output + :type until: byte str + + :return: response read + :rtype: list + """ + leap_assert(self._tn, "We need a tn connection!") + + try: + self._tn.write("%s\n" % (command,)) + buf = self._tn.read_until(until, 2) + self._seek_to_eof() + blist = buf.split('\r\n') + if blist[-1].startswith(until): + del blist[-1] + return blist + else: + return [] + + except socket.error: + # XXX should get a counter and repeat only + # after mod X times. + logger.warning('socket error') + self._close_management_socket(announce=False) + return [] + + # XXX should move this to a errBack! + except Exception as e: + logger.warning("Error sending command %s: %r" % + (command, e)) + return [] + + def _close_management_socket(self, announce=True): + """ + Close connection to openvpn management interface. + """ + logger.debug('closing socket') + if announce: + self._tn.write("quit\n") + self._tn.read_all() + self._tn.get_socket().close() + self._tn = None + + def _connect_management(self, socket_host, socket_port): + """ + Connects to the management interface on the specified + socket_host socket_port. + + :param socket_host: either socket path (unix) or socket IP + :type socket_host: str + + :param socket_port: either string "unix" if it's a unix + socket, or port otherwise + :type socket_port: str + """ + if self.is_connected(): + self._close_management_socket() + + try: + self._tn = UDSTelnet(socket_host, socket_port) + + # XXX make password optional + # specially for win. we should generate + # the pass on the fly when invoking manager + # from conductor + + # self.tn.read_until('ENTER PASSWORD:', 2) + # self.tn.write(self.password + '\n') + # self.tn.read_until('SUCCESS:', 2) + if self._tn: + self._tn.read_eager() + + # XXX move this to the Errback + except Exception as e: + logger.warning("Could not connect to OpenVPN yet: %r" % (e,)) + self._tn = None + + def _connectCb(self, *args): + """ + Callback for connection. + + :param args: not used + """ + if self._tn: + logger.info('connected to management') + + def _connectErr(self, failure): + """ + Errorback for connection. + + :param failure: Failure + """ + logger.warning(failure) + + def connect_to_management(self, host, port): + """ + Connect to a management interface. + + :param host: the host of the management interface + :type host: str + + :param port: the port of the management interface + :type port: str + + :returns: a deferred + """ + self.connectd = defer.maybeDeferred( + self._connect_management, host, port) + self.connectd.addCallbacks(self._connectCb, self._connectErr) + return self.connectd + + def is_connected(self): + """ + Returns the status of the management interface. + + :returns: True if connected, False otherwise + :rtype: bool + """ + return True if self._tn else False + + def try_to_connect_to_management(self, retry=0): + """ + Attempts to connect to a management interface, and retries + after CONNECTION_RETRY_TIME if not successful. + + :param retry: number of the retry + :type retry: int + """ + # TODO decide about putting a max_lim to retries and signaling + # an error. + if not self.aborted and not self.is_connected(): + self.connect_to_management(self._socket_host, self._socket_port) + self._reactor.callLater( + self.CONNECTION_RETRY_TIME, + self.try_to_connect_to_management, retry + 1) + + def _parse_state_and_notify(self, output): + """ + Parses the output of the state command and emits state_changed + signal when the state changes. + + :param output: list of lines that the state command printed as + its output + :type output: list + """ + for line in output: + stripped = line.strip() + if stripped == "END": + continue + parts = stripped.split(",") + if len(parts) < 5: + continue + ts, status_step, ok, ip, remote = parts + + state_dict = { + self.TS_KEY: ts, + self.STATUS_STEP_KEY: status_step, + self.OK_KEY: ok, + self.IP_KEY: ip, + self.REMOTE_KEY: remote + } + + if state_dict != self._last_state: + self.qtsigs.state_changed.emit(state_dict) + self._last_state = state_dict + + def _parse_status_and_notify(self, output): + """ + Parses the output of the status command and emits + status_changed signal when the status changes. + + :param output: list of lines that the status command printed + as its output + :type output: list + """ + tun_tap_read = "" + tun_tap_write = "" + tcp_udp_read = "" + tcp_udp_write = "" + auth_read = "" + for line in output: + stripped = line.strip() + if stripped.endswith("STATISTICS") or stripped == "END": + continue + parts = stripped.split(",") + if len(parts) < 2: + continue + if parts[0].strip() == "TUN/TAP read bytes": + tun_tap_read = parts[1] + elif parts[0].strip() == "TUN/TAP write bytes": + tun_tap_write = parts[1] + elif parts[0].strip() == "TCP/UDP read bytes": + tcp_udp_read = parts[1] + elif parts[0].strip() == "TCP/UDP write bytes": + tcp_udp_write = parts[1] + elif parts[0].strip() == "Auth read bytes": + auth_read = parts[1] + + status_dict = { + self.TUNTAP_READ_KEY: tun_tap_read, + self.TUNTAP_WRITE_KEY: tun_tap_write, + self.TCPUDP_READ_KEY: tcp_udp_read, + self.TCPUDP_WRITE_KEY: tcp_udp_write, + self.AUTH_READ_KEY: auth_read + } + + if status_dict != self._last_status: + self.qtsigs.status_changed.emit(status_dict) + self._last_status = status_dict + + def get_state(self): + """ + Notifies the gui of the output of the state command over + the openvpn management interface. + """ + if self.is_connected(): + return self._parse_state_and_notify(self._send_command("state")) + + def get_status(self): + """ + Notifies the gui of the output of the status command over + the openvpn management interface. + """ + if self.is_connected(): + return self._parse_status_and_notify(self._send_command("status")) + + @property + def vpn_env(self): + """ + Return a dict containing the vpn environment to be used. + """ + return self._launcher.get_vpn_env(self._providerconfig) + + def terminate_openvpn(self, shutdown=False): + """ + Attempts to terminate openvpn by sending a SIGTERM. + """ + if self.is_connected(): + self._send_command("signal SIGTERM") + if shutdown: + self._cleanup_tempfiles() + + def _cleanup_tempfiles(self): + """ + Remove all temporal files we might have left behind. + + Iif self.port is 'unix', we have created a temporal socket path that, + under normal circumstances, we should be able to delete. + """ + if self._socket_port == "unix": + logger.debug('cleaning socket file temp folder') + tempfolder = os.path.split(self._socket_host)[0] # XXX use `first` + if os.path.isdir(tempfolder): + try: + shutil.rmtree(tempfolder) + except OSError: + logger.error('could not delete tmpfolder %s' % tempfolder) + + # --------------------------------------------------- + # XXX old methods, not adapted to twisted process yet + + def get_openvpn_process(self): + """ + Looks for openvpn instances running. + + :rtype: process + """ + openvpn_process = None + for p in psutil.process_iter(): + try: + # XXX Not exact! + # Will give false positives. + # we should check that cmdline BEGINS + # with openvpn or with our wrapper + # (pkexec / osascript / whatever) + if "openvpn" in ' '.join(p.cmdline): + openvpn_process = p + break + except psutil.error.AccessDenied: + pass + return openvpn_process + + def _stop_if_already_running(self): + """ + Checks if VPN is already running and tries to stop it. + + :return: True if stopped, False otherwise + """ + # TODO cleanup this + process = self._get_openvpn_process() + if process: + logger.debug("OpenVPN is already running, trying to stop it...") + cmdline = process.cmdline + + manag_flag = "--management" + if isinstance(cmdline, list) and manag_flag in cmdline: + try: + index = cmdline.index(manag_flag) + host = cmdline[index + 1] + port = cmdline[index + 2] + logger.debug("Trying to connect to %s:%s" + % (host, port)) + self._connect_to_management(host, port) + self._send_command("signal SIGTERM") + self._tn.close() + self._tn = None + #self._disconnect_management() + except Exception as e: + logger.warning("Problem trying to terminate OpenVPN: %r" + % (e,)) + + process = self._get_openvpn_process() + if process is None: + logger.warning("Unabled to terminate OpenVPN") + return True + else: + return False + return True + + +class VPNProcess(protocol.ProcessProtocol, VPNManager): + """ + A ProcessProtocol class that can be used to spawn a process that will + launch openvpn and connect to its management interface to control it + programmatically. + """ + + def __init__(self, eipconfig, providerconfig, socket_host, socket_port, + qtsigs): + """ + :param eipconfig: eip configuration object + :type eipconfig: EIPConfig + + :param providerconfig: provider specific configuration + :type providerconfig: ProviderConfig + + :param socket_host: either socket path (unix) or socket IP + :type socket_host: str + + :param socket_port: either string "unix" if it's a unix + socket, or port otherwise + :type socket_port: str + + :param qtsigs: a QObject containing the Qt signals used to notify the + UI. + :type qtsigs: QObject + """ + VPNManager.__init__(self, qtsigs=qtsigs) + leap_assert_type(eipconfig, EIPConfig) + leap_assert_type(providerconfig, ProviderConfig) + leap_assert_type(qtsigs, QtCore.QObject) + + #leap_assert(not self.isRunning(), "Starting process more than once!") + + self._eipconfig = eipconfig + self._providerconfig = providerconfig + self._socket_host = socket_host + self._socket_port = socket_port + + self._launcher = get_platform_launcher() + + self._last_state = None + self._last_status = None + self._alive = False + + # processProtocol methods + + def connectionMade(self): + """ + Called when the connection is made. + + .. seeAlso: `http://twistedmatrix.com/documents/13.0.0/api/twisted.internet.protocol.ProcessProtocol.html` # noqa + """ + self._alive = True + self.aborted = False + self.try_to_connect_to_management() + + def outReceived(self, data): + """ + Called when new data is available on stdout. + + :param data: the data read on stdout + + .. seeAlso: `http://twistedmatrix.com/documents/13.0.0/api/twisted.internet.protocol.ProcessProtocol.html` # noqa + """ + # truncate the newline + # should send this to the logging window + vpnlog.info(data[:-1]) + + def processExited(self, reason): + """ + Called when the child process exits. + + .. seeAlso: `http://twistedmatrix.com/documents/13.0.0/api/twisted.internet.protocol.ProcessProtocol.html` # noqa + """ + exit_code = reason.value.exitCode + if isinstance(exit_code, int): + logger.debug("processExited, status %d" % (exit_code,)) + self.qtsigs.process_finished.emit(exit_code) + self._alive = False + + def processEnded(self, reason): + """ + Called when the child process exits and all file descriptors associated + with it have been closed. + + .. seeAlso: `http://twistedmatrix.com/documents/13.0.0/api/twisted.internet.protocol.ProcessProtocol.html` # noqa + """ + exit_code = reason.value.exitCode + if isinstance(exit_code, int): + logger.debug("processEnded, status %d" % (exit_code,)) + + # polling + + def pollStatus(self): + """ + Polls connection status. + """ + if self._alive: + self.get_status() + + def pollState(self): + """ + Polls connection state. + """ + if self._alive: + self.get_state() + + # launcher + + def getCommand(self): + """ + Gets the vpn command from the aproppriate launcher. + """ + cmd = self._launcher.get_vpn_command( + eipconfig=self._eipconfig, + providerconfig=self._providerconfig, + socket_host=self._socket_host, + socket_port=self._socket_port) + return map(str, cmd) + + # shutdown + + def killProcess(self): + """ + Sends the KILL signal to the running process. + """ + try: + self.transport.signalProcess('KILL') + except internet_error.ProcessExitedAlready: + logger.debug('Process Exited Already') diff --git a/src/leap/gui/tests/__init__.py b/src/leap/services/mail/__init__.py index e69de29b..e69de29b 100644 --- a/src/leap/gui/tests/__init__.py +++ b/src/leap/services/mail/__init__.py diff --git a/src/leap/services/mail/smtpbootstrapper.py b/src/leap/services/mail/smtpbootstrapper.py new file mode 100644 index 00000000..e8af5349 --- /dev/null +++ b/src/leap/services/mail/smtpbootstrapper.py @@ -0,0 +1,135 @@ +# -*- coding: utf-8 -*- +# smtpbootstrapper.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +""" +SMTP bootstrapping +""" + +import logging +import os + +from PySide import QtCore + +from leap.common.check import leap_assert, leap_assert_type +from leap.common.files import get_mtime +from leap.config.providerconfig import ProviderConfig +from leap.crypto.srpauth import SRPAuth +from leap.util.request_helpers import get_content +from leap.services.abstractbootstrapper import AbstractBootstrapper + +logger = logging.getLogger(__name__) + + +class SMTPBootstrapper(AbstractBootstrapper): + """ + SMTP init procedure + """ + + # All dicts returned are of the form + # {"passed": bool, "error": str} + download_config = QtCore.Signal(dict) + + def __init__(self): + AbstractBootstrapper.__init__(self) + + self._provider_config = None + self._smtp_config = None + self._download_if_needed = False + + def _download_config(self, *args): + """ + Downloads the SMTP config for the given provider + """ + + leap_assert(self._provider_config, + "We need a provider configuration!") + + logger.debug("Downloading SMTP config for %s" % + (self._provider_config.get_domain(),)) + + headers = {} + mtime = get_mtime(os.path.join(self._smtp_config + .get_path_prefix(), + "leap", + "providers", + self._provider_config.get_domain(), + "smtp-service.json")) + + if self._download_if_needed and mtime: + headers['if-modified-since'] = mtime + + # there is some confusion with this uri, + config_uri = "%s/%s/config/smtp-service.json" % ( + self._provider_config.get_api_uri(), + self._provider_config.get_api_version()) + logger.debug('Downloading SMTP config from: %s' % config_uri) + + srp_auth = SRPAuth(self._provider_config) + session_id = srp_auth.get_session_id() + cookies = None + if session_id: + cookies = {"_session_id": session_id} + + res = self._session.get(config_uri, + verify=self._provider_config + .get_ca_cert_path(), + headers=headers, + cookies=cookies) + res.raise_for_status() + + # Not modified + if res.status_code == 304: + logger.debug("SMTP definition has not been modified") + self._smtp_config.load(os.path.join( + "leap", "providers", + self._provider_config.get_domain(), + "smtp-service.json")) + else: + smtp_definition, mtime = get_content(res) + + self._smtp_config.load(data=smtp_definition, mtime=mtime) + self._smtp_config.save(["leap", + "providers", + self._provider_config.get_domain(), + "smtp-service.json"]) + + def run_smtp_setup_checks(self, + provider_config, + smtp_config, + download_if_needed=False): + """ + Starts the checks needed for a new smtp setup + + :param provider_config: Provider configuration + :type provider_config: ProviderConfig + :param smtp_config: SMTP configuration to populate + :type smtp_config: SMTPConfig + :param download_if_needed: True if it should check for mtime + for the file + :type download_if_needed: bool + """ + leap_assert_type(provider_config, ProviderConfig) + + self._provider_config = provider_config + self._smtp_config = smtp_config + self._download_if_needed = download_if_needed + + cb_chain = [ + (self._download_config, self.download_config), + ] + + self.addCallbackChain(cb_chain) diff --git a/src/leap/services/mail/smtpconfig.py b/src/leap/services/mail/smtpconfig.py new file mode 100644 index 00000000..30371005 --- /dev/null +++ b/src/leap/services/mail/smtpconfig.py @@ -0,0 +1,47 @@ +# -*- coding: utf-8 -*- +# smtpconfig.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +""" +SMTP configuration +""" +import logging + +from leap.common.config.baseconfig import BaseConfig +from leap.services.mail.smtpspec import smtp_config_spec + +logger = logging.getLogger(__name__) + + +class SMTPConfig(BaseConfig): + """ + SMTP configuration abstraction class + """ + + def __init__(self): + BaseConfig.__init__(self) + + def _get_spec(self): + """ + Returns the spec object for the specific configuration + """ + return smtp_config_spec + + def get_hosts(self): + return self._safe_get_value("hosts") + + def get_locations(self): + return self._safe_get_value("locations") diff --git a/src/leap/services/mail/smtpspec.py b/src/leap/services/mail/smtpspec.py new file mode 100644 index 00000000..270dfb76 --- /dev/null +++ b/src/leap/services/mail/smtpspec.py @@ -0,0 +1,51 @@ +# -*- coding: utf-8 -*- +# smtpspec.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +smtp_config_spec = { + 'description': 'sample smtp service config', + 'type': 'object', + 'properties': { + 'serial': { + 'type': int, + 'default': 1, + 'required': ["True"] + }, + 'version': { + 'type': int, + 'default': 1, + 'required': ["True"] + }, + 'hosts': { + 'type': dict, + 'default': { + "walrus": { + "hostname": "someprovider", + "ip_address": "1.1.1.1", + "port": 1111 + }, + }, + }, + 'locations': { + 'type': dict, + 'default': { + "locations": { + + } + } + } + } +} diff --git a/src/leap/testing/__init__.py b/src/leap/services/soledad/__init__.py index e69de29b..e69de29b 100644 --- a/src/leap/testing/__init__.py +++ b/src/leap/services/soledad/__init__.py diff --git a/src/leap/services/soledad/soledadbootstrapper.py b/src/leap/services/soledad/soledadbootstrapper.py new file mode 100644 index 00000000..2635a7e6 --- /dev/null +++ b/src/leap/services/soledad/soledadbootstrapper.py @@ -0,0 +1,220 @@ +# -*- coding: utf-8 -*- +# soledadbootstrapper.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +""" +Soledad bootstrapping +""" + +import logging +import os + +from PySide import QtCore + +from leap.common.check import leap_assert, leap_assert_type +from leap.common.files import get_mtime +from leap.keymanager import KeyManager, openpgp +from leap.keymanager.errors import KeyNotFound +from leap.config.providerconfig import ProviderConfig +from leap.crypto.srpauth import SRPAuth +from leap.services.soledad.soledadconfig import SoledadConfig +from leap.util.request_helpers import get_content +from leap.soledad import Soledad +from leap.services.abstractbootstrapper import AbstractBootstrapper + +logger = logging.getLogger(__name__) + + +class SoledadBootstrapper(AbstractBootstrapper): + """ + Soledad init procedure + """ + + SOLEDAD_KEY = "soledad" + KEYMANAGER_KEY = "keymanager" + + PUBKEY_KEY = "user[public_key]" + + # All dicts returned are of the form + # {"passed": bool, "error": str} + download_config = QtCore.Signal(dict) + gen_key = QtCore.Signal(dict) + + def __init__(self): + AbstractBootstrapper.__init__(self) + + self._provider_config = None + self._soledad_config = None + self._keymanager = None + self._download_if_needed = False + self._user = "" + self._password = "" + + @property + def keymanager(self): + return self._keymanager + + @property + def soledad(self): + return self._soledad + + def _load_and_sync_soledad(self, srp_auth): + """ + Once everthing is in the right place, we instantiate and sync + Soledad + + :param srp_auth: SRPAuth object used + :type srp_auth: SRPAuth + """ + uuid = srp_auth.get_uid() + + prefix = os.path.join(self._soledad_config.get_path_prefix(), + "leap", "soledad") + secrets_path = "%s/%s.secret" % (prefix, uuid) + local_db_path = "%s/%s.db" % (prefix, uuid) + + # TODO: use the proper URL + #server_url = 'https://mole.dev.bitmask.net:2424/user-%s' % (uuid,) + server_url = 'https://gadwall.dev.bitmask.net:1111/user-%s' % (uuid,) + # server_url = self._soledad_config.get_hosts(...) + + cert_file = self._provider_config.get_ca_cert_path() + + self._soledad = Soledad(uuid, + self._password.encode("utf-8"), + secrets_path, + local_db_path, + server_url, + cert_file, + srp_auth.get_token()) + self._soledad.sync() + + def _download_config(self): + """ + Downloads the Soledad config for the given provider + """ + + leap_assert(self._provider_config, + "We need a provider configuration!") + + logger.debug("Downloading Soledad config for %s" % + (self._provider_config.get_domain(),)) + + self._soledad_config = SoledadConfig() + + headers = {} + mtime = get_mtime(os.path.join(self._soledad_config + .get_path_prefix(), + "leap", + "providers", + self._provider_config.get_domain(), + "soledad-service.json")) + + if self._download_if_needed and mtime: + headers['if-modified-since'] = mtime + + # there is some confusion with this uri, + config_uri = "%s/%s/config/soledad-service.json" % ( + self._provider_config.get_api_uri(), + self._provider_config.get_api_version()) + logger.debug('Downloading soledad config from: %s' % config_uri) + + srp_auth = SRPAuth(self._provider_config) + session_id = srp_auth.get_session_id() + cookies = None + if session_id: + cookies = {"_session_id": session_id} + + res = self._session.get(config_uri, + verify=self._provider_config + .get_ca_cert_path(), + headers=headers, + cookies=cookies) + res.raise_for_status() + + # Not modified + if res.status_code == 304: + logger.debug("Soledad definition has not been modified") + else: + soledad_definition, mtime = get_content(res) + + self._soledad_config.load(data=soledad_definition, mtime=mtime) + self._soledad_config.save(["leap", + "providers", + self._provider_config.get_domain(), + "soledad-service.json"]) + + self._load_and_sync_soledad(srp_auth) + + def _gen_key(self): + """ + Generates the key pair if needed, uploads it to the webapp and + nickserver + """ + leap_assert(self._provider_config, + "We need a provider configuration!") + + address = "%s@%s" % (self._user, self._provider_config.get_domain()) + + logger.debug("Retrieving key for %s" % (address,)) + + srp_auth = SRPAuth(self._provider_config) + self._keymanager = KeyManager( + address, + "https://%s:6425" % (self._provider_config.get_domain()), + self._soledad, + #token=srp_auth.get_token(), # TODO: enable token usage + session_id=srp_auth.get_session_id(), + ca_cert_path=self._provider_config.get_ca_cert_path(), + api_uri=self._provider_config.get_api_uri(), + api_version=self._provider_config.get_api_version(), + uid=srp_auth.get_uid()) + try: + self._keymanager.get_key(address, openpgp.OpenPGPKey, + private=True, fetch_remote=False) + except KeyNotFound: + logger.debug("Key not found. Generating key for %s" % (address,)) + self._keymanager.gen_key(openpgp.OpenPGPKey) + logger.debug("Key generated successfully.") + + def run_soledad_setup_checks(self, + provider_config, + user, + password, + download_if_needed=False): + """ + Starts the checks needed for a new soledad setup + + :param provider_config: Provider configuration + :type provider_config: ProviderConfig + :param user: User's login + :type user: str + :param password: User's password + :type password: str + """ + leap_assert_type(provider_config, ProviderConfig) + + self._provider_config = provider_config + self._download_if_needed = download_if_needed + self._user = user + self._password = password + + cb_chain = [ + (self._download_config, self.download_config), + (self._gen_key, self.gen_key) + ] + + self.addCallbackChain(cb_chain) diff --git a/src/leap/services/soledad/soledadconfig.py b/src/leap/services/soledad/soledadconfig.py new file mode 100644 index 00000000..80a82d11 --- /dev/null +++ b/src/leap/services/soledad/soledadconfig.py @@ -0,0 +1,47 @@ +# -*- coding: utf-8 -*- +# soledadconfig.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +""" +Soledad configuration +""" +import logging + +from leap.common.config.baseconfig import BaseConfig +from leap.services.soledad.soledadspec import soledad_config_spec + +logger = logging.getLogger(__name__) + + +class SoledadConfig(BaseConfig): + """ + Soledad configuration abstraction class + """ + + def __init__(self): + BaseConfig.__init__(self) + + def _get_spec(self): + """ + Returns the spec object for the specific configuration + """ + return soledad_config_spec + + def get_hosts(self): + return self._safe_get_value("hosts") + + def get_locations(self): + return self._safe_get_value("locations") diff --git a/src/leap/services/soledad/soledadspec.py b/src/leap/services/soledad/soledadspec.py new file mode 100644 index 00000000..8233d6a0 --- /dev/null +++ b/src/leap/services/soledad/soledadspec.py @@ -0,0 +1,57 @@ +# -*- coding: utf-8 -*- +# soledadspec.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +soledad_config_spec = { + 'description': 'sample soledad service config', + 'type': 'object', + 'properties': { + 'serial': { + 'type': int, + 'default': 1, + 'required': ["True"] + }, + 'version': { + 'type': int, + 'default': 1, + 'required': ["True"] + }, + 'hosts': { + 'type': dict, + 'default': { + "python": { + "hostname": "someprovider", + "ip_address": "1.1.1.1", + "location": "loc", + "port": 1111 + }, + }, + }, + 'locations': { + 'type': dict, + 'default': { + "locations": { + "ankara": { + "country_code": "TR", + "hemisphere": "N", + "name": "loc", + "timezone": "+0" + } + } + } + } + } +} diff --git a/src/leap/gui/firstrun/constants.py b/src/leap/services/tests/__init__.py index e69de29b..e69de29b 100644 --- a/src/leap/gui/firstrun/constants.py +++ b/src/leap/services/tests/__init__.py diff --git a/src/leap/services/tests/test_abstractbootstrapper.py b/src/leap/services/tests/test_abstractbootstrapper.py new file mode 100644 index 00000000..a9ee220f --- /dev/null +++ b/src/leap/services/tests/test_abstractbootstrapper.py @@ -0,0 +1,196 @@ +## -*- coding: utf-8 -*- +# test_abstrctbootstrapper.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + + +""" +Tests for the Abstract Boostrapper functionality +""" + +import mock + +from PySide import QtCore + +from nose.twistedtools import deferred + +from leap.services.abstractbootstrapper import AbstractBootstrapper +from leap.util.pyside_tests_helper import UsesQApplication, BasicPySlotCase + + +class TesterBootstrapper(AbstractBootstrapper): + test_signal1 = QtCore.Signal(dict) + test_signal2 = QtCore.Signal(dict) + test_signal3 = QtCore.Signal(dict) + + ERROR_MSG = "This is a test error msg" + + def _check_that_passes(self, *args): + pass + + def _second_check_that_passes(self, *args): + pass + + def _check_that_fails(self, *args): + raise Exception(self.ERROR_MSG) + + def run_checks_pass(self): + cb_chain = [ + (self._check_that_passes, self.test_signal1), + (self._second_check_that_passes, self.test_signal2), + ] + return self.addCallbackChain(cb_chain) + + def run_second_checks_pass(self): + cb_chain = [ + (self._check_that_passes, None), + ] + return self.addCallbackChain(cb_chain) + + def run_checks_fail(self): + cb_chain = [ + (self._check_that_passes, self.test_signal1), + (self._check_that_fails, self.test_signal2) + ] + return self.addCallbackChain(cb_chain) + + def run_second_checks_fail(self): + cb_chain = [ + (self._check_that_passes, self.test_signal1), + (self._check_that_fails, self.test_signal2), + (self._second_check_that_passes, self.test_signal1) + ] + return self.addCallbackChain(cb_chain) + + def run_third_checks_fail(self): + cb_chain = [ + (self._check_that_passes, self.test_signal1), + (self._check_that_fails, None) + ] + return self.addCallbackChain(cb_chain) + + +class AbstractBootstrapperTest(UsesQApplication, BasicPySlotCase): + def setUp(self): + UsesQApplication.setUp(self) + BasicPySlotCase.setUp(self) + + self.tbt = TesterBootstrapper() + self.called1 = self.called2 = 0 + + @deferred() + def test_all_checks_executed_once(self): + self.tbt._check_that_passes = mock.MagicMock() + self.tbt._second_check_that_passes = mock.MagicMock() + + d = self.tbt.run_checks_pass() + + def check(*args): + self.tbt._check_that_passes.assert_called_once_with() + self.tbt._second_check_that_passes.\ + assert_called_once_with(None) + + d.addCallback(check) + return d + + ####################################################################### + # Dummy callbacks that test the arguments expected from a certain + # signal and only allow being called once + + def cb1(self, *args): + if tuple(self.args1) == args: + self.called1 += 1 + else: + raise ValueError('Invalid arguments for callback') + + def cb2(self, *args): + if tuple(self.args2) == args: + self.called2 += 1 + else: + raise ValueError('Invalid arguments for callback') + + # + ####################################################################### + + def _check_cb12_once(self, *args): + self.assertEquals(self.called1, 1) + self.assertEquals(self.called2, 1) + + @deferred() + def test_emits_correct(self): + self.tbt.test_signal1.connect(self.cb1) + self.tbt.test_signal2.connect(self.cb2) + d = self.tbt.run_checks_pass() + + self.args1 = [{ + AbstractBootstrapper.PASSED_KEY: True, + AbstractBootstrapper.ERROR_KEY: "" + }] + + self.args2 = self.args1 + + d.addCallback(self._check_cb12_once) + return d + + @deferred() + def test_emits_failed(self): + self.tbt.test_signal1.connect(self.cb1) + self.tbt.test_signal2.connect(self.cb2) + d = self.tbt.run_checks_fail() + + self.args1 = [{ + AbstractBootstrapper.PASSED_KEY: True, + AbstractBootstrapper.ERROR_KEY: "" + }] + + self.args2 = [{ + AbstractBootstrapper.PASSED_KEY: False, + AbstractBootstrapper.ERROR_KEY: + TesterBootstrapper.ERROR_MSG + }] + + d.addCallback(self._check_cb12_once) + return d + + @deferred() + def test_emits_failed_and_stops(self): + self.tbt.test_signal1.connect(self.cb1) + self.tbt.test_signal2.connect(self.cb2) + self.tbt.test_signal3.connect(self.cb1) + d = self.tbt.run_second_checks_fail() + + self.args1 = [{ + AbstractBootstrapper.PASSED_KEY: True, + AbstractBootstrapper.ERROR_KEY: "" + }] + + self.args2 = [{ + AbstractBootstrapper.PASSED_KEY: False, + AbstractBootstrapper.ERROR_KEY: + TesterBootstrapper.ERROR_MSG + }] + + d.addCallback(self._check_cb12_once) + return d + + @deferred() + def test_failed_without_signal(self): + d = self.tbt.run_third_checks_fail() + return d + + @deferred() + def test_sucess_without_signal(self): + d = self.tbt.run_second_checks_pass() + return d diff --git a/src/leap/services/tx.py b/src/leap/services/tx.py new file mode 100644 index 00000000..ef08fcc6 --- /dev/null +++ b/src/leap/services/tx.py @@ -0,0 +1,46 @@ +# -*- coding: utf-8 -*- +# twisted.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +""" +Twisted services launched by the client +""" +import logging + +from twisted.application.service import Application +from twisted.internet.task import LoopingCall + +logger = logging.getLogger(__name__) + + +def task(): + """ + stub periodic task, mainly for tests. + DELETE-ME when there's real meat here :) + """ + from datetime import datetime + logger.debug("hi there %s", datetime.now()) + + +def leap_services(): + """ + Check which twisted services are enabled and + register them. + """ + logger.debug('starting leap services') + application = Application("LEAP Client Local Services") + #lc = LoopingCall(task) + #lc.start(5) + return application diff --git a/src/leap/testing/basetest.py b/src/leap/testing/basetest.py deleted file mode 100644 index 3186e1eb..00000000 --- a/src/leap/testing/basetest.py +++ /dev/null @@ -1,85 +0,0 @@ -import os -import platform -import shutil -import tempfile - -try: - import unittest2 as unittest -except ImportError: - import unittest - -from leap.base.config import get_username, get_groupname -from leap.util.fileutil import mkdir_p, check_and_fix_urw_only - -_system = platform.system() - - -class BaseLeapTest(unittest.TestCase): - - __name__ = "leap_test" - - @classmethod - def setUpClass(cls): - cls.old_path = os.environ['PATH'] - cls.old_home = os.environ['HOME'] - cls.tempdir = tempfile.mkdtemp(prefix="leap_tests-") - cls.home = cls.tempdir - bin_tdir = os.path.join( - cls.tempdir, - 'bin') - os.environ["PATH"] = bin_tdir - os.environ["HOME"] = cls.tempdir - - @classmethod - def tearDownClass(cls): - os.environ["PATH"] = cls.old_path - os.environ["HOME"] = cls.old_home - # safety check - assert cls.tempdir.startswith('/tmp/leap_tests-') - shutil.rmtree(cls.tempdir) - - # you have to override these methods - # this way we ensure we did not put anything - # here that you can forget to call. - - def setUp(self): - raise NotImplementedError("abstract base class") - - def tearDown(self): - raise NotImplementedError("abstract base class") - - # - # helper methods - # - - def get_tempfile(self, filename): - return os.path.join(self.tempdir, filename) - - def get_username(self): - return get_username() - - def get_groupname(self): - return get_groupname() - - def _missing_test_for_plat(self, do_raise=False): - if do_raise: - raise NotImplementedError( - "This test is not implemented " - "for the running platform: %s" % - _system) - - def touch(self, filepath): - folder, filename = os.path.split(filepath) - if not os.path.isdir(folder): - mkdir_p(folder) - # XXX should move to test_basetest - self.assertTrue(os.path.isdir(folder)) - - with open(filepath, 'w') as fp: - fp.write(' ') - - # XXX should move to test_basetest - self.assertTrue(os.path.isfile(filepath)) - - def chmod600(self, filepath): - check_and_fix_urw_only(filepath) diff --git a/src/leap/testing/cacert.pem b/src/leap/testing/cacert.pem deleted file mode 100644 index 6989c480..00000000 --- a/src/leap/testing/cacert.pem +++ /dev/null @@ -1,23 +0,0 @@ ------BEGIN CERTIFICATE----- -MIID1TCCAr2gAwIBAgIJAOv0BS09D8byMA0GCSqGSIb3DQEBBQUAMIGAMQswCQYD -VQQGEwJVUzETMBEGA1UECAwKY3liZXJzcGFjZTEnMCUGA1UECgweTEVBUCBFbmNy -eXB0aW9uIEFjY2VzcyBQcm9qZWN0MRYwFAYDVQQDDA10ZXN0cy1sZWFwLnNlMRsw -GQYJKoZIhvcNAQkBFgxpbmZvQGxlYXAuc2UwHhcNMTIwODMxMTYyNjMwWhcNMTUw -ODMxMTYyNjMwWjCBgDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCmN5YmVyc3BhY2Ux -JzAlBgNVBAoMHkxFQVAgRW5jcnlwdGlvbiBBY2Nlc3MgUHJvamVjdDEWMBQGA1UE -AwwNdGVzdHMtbGVhcC5zZTEbMBkGCSqGSIb3DQEJARYMaW5mb0BsZWFwLnNlMIIB -IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1pU7OU+abrUXFZwp6X0LlF0f -xQvC1Nmr5sFH7N9RTu3bdwY2t57ECP2TPkH6+x7oOvCTgAMxIE1scWEEkfgKViqW -FH/Om1UW1PMaiDYGtFuqEuxM95FvaYxp2K6rzA37WNsedA28sCYzhRD+/5HqbCNT -3rRS2cPaVO8kXI/5bgd8bUk3009pWTg4SvTtOW/9MWJbBH5f5JWmMn7Ayt6hIdT/ -E6npofEK/UCqAlEscARYFXSB/F8nK1whjo9mGFjMUd7d/25UbFHqOk4K7ishD4DH -F7LaS84rS+Sjwn3YtDdDQblGghJfz8X1AfPSGivGnvLVdkmMF9Y2hJlSQ7+C5wID -AQABo1AwTjAdBgNVHQ4EFgQUnpJEv4FnlqKbfm7mprudKdrnOAowHwYDVR0jBBgw -FoAUnpJEv4FnlqKbfm7mprudKdrnOAowDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B -AQUFAAOCAQEAGW66qwdK/ATRVZkTpI2sgi+2dWD5tY4VyZuJIrRwfXsGPeVvmdsa -zDmwW5dMkth1Of5yO6o7ijvUvfnw/UCLNLNICKZhH5G0DHstfBeFc0jnP2MqOZCp -puRGPBlO2nxUCvoGcPRUKGQK9XSYmxcmaSFyzKVDMLnmH+Lakj5vaY9a8ZAcZTz7 -T5qePxKAxg+RIlH8Ftc485QP3fhqPYPrRsL3g6peiqCvIRshoP1MSoh19boI+1uX -wHQ/NyDkL5ErKC5JCSpaeF8VG1ek570kKWQLuQAbnlXZw+Sqfu35CIdizHaYGEcx -xA8oXH4L2JaT2x9GKDSpCmB2xXy/NVamUg== ------END CERTIFICATE----- diff --git a/src/leap/testing/https_server.py b/src/leap/testing/https_server.py deleted file mode 100644 index 21191c32..00000000 --- a/src/leap/testing/https_server.py +++ /dev/null @@ -1,68 +0,0 @@ -from BaseHTTPServer import HTTPServer -import os -import ssl -import SocketServer -import threading -import unittest - -_where = os.path.split(__file__)[0] - - -def where(filename): - return os.path.join(_where, filename) - - -class HTTPSServer(HTTPServer): - def server_bind(self): - SocketServer.TCPServer.server_bind(self) - self.socket = ssl.wrap_socket( - self.socket, server_side=True, - certfile=where("leaptestscert.pem"), - keyfile=where("leaptestskey.pem"), - ca_certs=where("cacert.pem"), - ssl_version=ssl.PROTOCOL_SSLv23) - - -class TestServerThread(threading.Thread): - def __init__(self, test_object, request_handler): - threading.Thread.__init__(self) - self.request_handler = request_handler - self.test_object = test_object - - def run(self): - self.server = HTTPSServer(('localhost', 0), self.request_handler) - host, port = self.server.socket.getsockname() - self.test_object.HOST, self.test_object.PORT = host, port - self.test_object.server_started.set() - self.test_object = None - try: - self.server.serve_forever(0.05) - finally: - self.server.server_close() - - def stop(self): - self.server.shutdown() - - -class BaseHTTPSServerTestCase(unittest.TestCase): - """ - derived classes need to implement a request_handler - """ - def setUp(self): - self.server_started = threading.Event() - self.thread = TestServerThread(self, self.request_handler) - self.thread.start() - self.server_started.wait() - - def tearDown(self): - self.thread.stop() - - def get_server(self): - host, port = self.HOST, self.PORT - if host == "127.0.0.1": - host = "localhost" - return "%s:%s" % (host, port) - - -if __name__ == "__main__": - unittest.main() diff --git a/src/leap/testing/leaptestscert.pem b/src/leap/testing/leaptestscert.pem deleted file mode 100644 index 65596b1a..00000000 --- a/src/leap/testing/leaptestscert.pem +++ /dev/null @@ -1,84 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - eb:f4:05:2d:3d:0f:c6:f3 - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, ST=cyberspace, O=LEAP Encryption Access Project, CN=tests-leap.se/emailAddress=info@leap.se - Validity - Not Before: Aug 31 16:30:17 2012 GMT - Not After : Aug 31 16:30:17 2013 GMT - Subject: C=US, ST=cyberspace, L=net, O=LEAP Encryption Access Project, CN=localhost/emailAddress=info@leap.se - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:bc:f1:c4:05:ce:4b:d5:9b:9a:fa:c1:a5:0c:89: - 15:7e:05:69:b6:a4:62:38:3a:d6:14:4a:36:aa:3c: - 31:70:54:2e:bf:7d:05:19:ad:7b:0c:a9:a6:7d:46: - be:83:62:cb:ea:b9:48:6c:7d:78:a0:10:0b:ad:8a: - 74:7a:b8:ff:32:85:64:36:90:dc:38:dd:90:6e:07: - 82:70:ae:5f:4e:1f:f4:46:98:f3:98:b4:fa:08:65: - bf:d6:ec:a9:ba:7e:a8:f0:40:a2:d0:1a:cb:e6:fc: - 95:c5:54:63:92:5b:b8:0a:36:cc:26:d3:2b:ad:16: - ff:49:53:f4:65:7c:64:27:9a:f5:12:75:11:a5:0c: - 5a:ea:1e:e4:31:f3:a6:2b:db:0e:4a:5d:aa:47:3a: - f0:5e:2a:d5:6f:74:b6:f8:bc:9a:73:d0:fa:8a:be: - a8:69:47:9b:07:45:d9:b5:cd:1c:9b:c5:41:9a:65: - cc:99:a0:bd:bf:b5:e8:9f:66:5f:69:c9:6d:c8:68: - 50:68:74:ae:8e:12:7e:9c:24:4f:dc:05:61:b7:8a: - 6d:2a:95:43:d9:3f:fe:d8:c9:a7:ae:63:cd:30:d5: - 95:84:18:2d:12:b5:2d:a6:fe:37:dd:74:b8:f8:a5: - 59:18:8f:ca:f7:ae:63:0d:9d:66:51:7d:9c:40:48: - 9b:a1 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Comment: - OpenSSL Generated Certificate - X509v3 Subject Key Identifier: - B2:50:B4:C6:38:8F:BA:C4:3B:69:4C:6B:45:7C:CF:08:48:36:02:E0 - X509v3 Authority Key Identifier: - keyid:9E:92:44:BF:81:67:96:A2:9B:7E:6E:E6:A6:BB:9D:29:DA:E7:38:0A - - Signature Algorithm: sha1WithRSAEncryption - aa:ab:d4:27:e3:cb:42:05:55:fd:24:b3:e5:55:7d:fb:ce:6c: - ff:c7:96:f0:7d:30:a1:53:4a:04:eb:a4:24:5e:96:ee:65:ef: - e5:aa:08:47:9d:aa:95:2a:bb:6a:28:9f:51:62:63:d9:7d:1a: - 81:a0:72:f7:9f:33:6b:3b:f4:dc:85:cd:2a:ee:83:a9:93:3d: - 75:53:91:fa:0b:1b:10:83:11:2c:03:4e:ac:bf:c3:e6:25:74: - 9f:14:13:4a:43:66:c2:d7:1c:6c:94:3e:a6:f3:a5:bd:01:2c: - 9f:20:29:2e:62:82:12:d8:8b:70:1b:88:2b:18:68:5a:45:80: - 46:2a:6a:d5:df:1f:d3:e8:57:39:0a:be:1a:d8:b0:3e:e5:b6: - c3:69:b7:5e:c0:7b:b3:a8:a6:78:ee:0a:3d:a0:74:40:fb:42: - 9f:f4:98:7f:47:cc:15:28:eb:b1:95:77:82:a8:65:9b:46:c3: - 4f:f9:f4:72:be:bd:24:28:5c:0d:b3:89:e4:13:71:c8:a7:54: - 1b:26:15:f3:c1:b2:a9:13:77:54:c2:b9:b0:c7:24:39:00:4c: - 1a:a7:9b:e7:ad:4a:3a:32:c2:81:0d:13:2d:27:ea:98:00:a9: - 0e:9e:38:3b:8f:80:34:17:17:3d:49:7e:f4:a5:19:05:28:08: - 7d:de:d3:1f ------BEGIN CERTIFICATE----- -MIIECjCCAvKgAwIBAgIJAOv0BS09D8bzMA0GCSqGSIb3DQEBBQUAMIGAMQswCQYD -VQQGEwJVUzETMBEGA1UECAwKY3liZXJzcGFjZTEnMCUGA1UECgweTEVBUCBFbmNy -eXB0aW9uIEFjY2VzcyBQcm9qZWN0MRYwFAYDVQQDDA10ZXN0cy1sZWFwLnNlMRsw -GQYJKoZIhvcNAQkBFgxpbmZvQGxlYXAuc2UwHhcNMTIwODMxMTYzMDE3WhcNMTMw -ODMxMTYzMDE3WjCBijELMAkGA1UEBhMCVVMxEzARBgNVBAgMCmN5YmVyc3BhY2Ux -DDAKBgNVBAcMA25ldDEnMCUGA1UECgweTEVBUCBFbmNyeXB0aW9uIEFjY2VzcyBQ -cm9qZWN0MRIwEAYDVQQDDAlsb2NhbGhvc3QxGzAZBgkqhkiG9w0BCQEWDGluZm9A -bGVhcC5zZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALzxxAXOS9Wb -mvrBpQyJFX4FabakYjg61hRKNqo8MXBULr99BRmtewyppn1GvoNiy+q5SGx9eKAQ -C62KdHq4/zKFZDaQ3DjdkG4HgnCuX04f9EaY85i0+ghlv9bsqbp+qPBAotAay+b8 -lcVUY5JbuAo2zCbTK60W/0lT9GV8ZCea9RJ1EaUMWuoe5DHzpivbDkpdqkc68F4q -1W90tvi8mnPQ+oq+qGlHmwdF2bXNHJvFQZplzJmgvb+16J9mX2nJbchoUGh0ro4S -fpwkT9wFYbeKbSqVQ9k//tjJp65jzTDVlYQYLRK1Lab+N910uPilWRiPyveuYw2d -ZlF9nEBIm6ECAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3Bl -blNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFLJQtMY4j7rEO2lM -a0V8zwhINgLgMB8GA1UdIwQYMBaAFJ6SRL+BZ5aim35u5qa7nSna5zgKMA0GCSqG -SIb3DQEBBQUAA4IBAQCqq9Qn48tCBVX9JLPlVX37zmz/x5bwfTChU0oE66QkXpbu -Ze/lqghHnaqVKrtqKJ9RYmPZfRqBoHL3nzNrO/Tchc0q7oOpkz11U5H6CxsQgxEs -A06sv8PmJXSfFBNKQ2bC1xxslD6m86W9ASyfICkuYoIS2ItwG4grGGhaRYBGKmrV -3x/T6Fc5Cr4a2LA+5bbDabdewHuzqKZ47go9oHRA+0Kf9Jh/R8wVKOuxlXeCqGWb -RsNP+fRyvr0kKFwNs4nkE3HIp1QbJhXzwbKpE3dUwrmwxyQ5AEwap5vnrUo6MsKB -DRMtJ+qYAKkOnjg7j4A0Fxc9SX70pRkFKAh93tMf ------END CERTIFICATE----- diff --git a/src/leap/testing/leaptestskey.pem b/src/leap/testing/leaptestskey.pem deleted file mode 100644 index fe6291a1..00000000 --- a/src/leap/testing/leaptestskey.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEAvPHEBc5L1Zua+sGlDIkVfgVptqRiODrWFEo2qjwxcFQuv30F -Ga17DKmmfUa+g2LL6rlIbH14oBALrYp0erj/MoVkNpDcON2QbgeCcK5fTh/0Rpjz -mLT6CGW/1uypun6o8ECi0BrL5vyVxVRjklu4CjbMJtMrrRb/SVP0ZXxkJ5r1EnUR -pQxa6h7kMfOmK9sOSl2qRzrwXirVb3S2+Lyac9D6ir6oaUebB0XZtc0cm8VBmmXM -maC9v7Xon2ZfacltyGhQaHSujhJ+nCRP3AVht4ptKpVD2T/+2MmnrmPNMNWVhBgt -ErUtpv433XS4+KVZGI/K965jDZ1mUX2cQEiboQIDAQABAoIBAQCh/+yhSbrtoCgm -PegEsnix/3QfPBxWt+Obq/HozglZlWQrnMbFuF+bgM4V9ZUdU5UhYNF+66mEG53X -orGyE3IDYCmHO3cGbroKDPhDIs7mTjGEYlniIbGLh6oPXgU8uKKis9ik84TGPOUx -NuTUtT07zLYHx+FX3DLwLUKLzTaWWSRgA7nxNwCY8aPqDxCkXEyZHvSlm9KYZnhe -nVevycoHR+chxL6X/ebbBt2FKR7tl4328mlDXvMXr0vahPH94CuXEvfTj+f6ZxZF -OctdikyRfd8O3ebrUw0XjafPYyTsDMH0/rQovEBVlecEHqh6Z9dBFlogRq5DSun9 -jem4bBXRAoGBAPGPi4g21pTQPqTFxpqea8TsPqIfo3csfMDPdzT246MxzALHqCfG -yZi4g2JYJrReSWHulZDORO5skSKNEb5VTA/3xFhKLt8CULZOakKBDLkzRXlnDFXg -Jsu9vtjDWjQcJsdsRx1tc5V6s+hmel70aaUu/maUlEYZnyIXaTe+1SB1AoGBAMg9 -EMEO5YN52pOI5qPH8j7uyVKtZWKRiR6jb5KA5TxWqZalSdPV6YwDqV/e+HjWrZNw -kSEFONY0seKpIHwXchx91aym7rDHUgOoBQfCWufRMYvRXLhfOTBu4X+U52++i8wt -FvKgh6eSmc7VayAaDfHp7yfrIfS03IiN0T35mGj9AoGAPCoXg7a83VW8tId5/trE -VsjMlM6yhSU0cUV7GFsBuYzWlj6qODX/0iTqvFzeTwBI4LZu1CE78/Jgd62RJMnT -5wo8Ag1//RVziuSe/K9tvtbxT9qFrQHmR8qbtRt65Q257uOeFstDBZEJLDIR+oJ/ -qZ+5x0zsXUVWaERSdYr3RF0CgYEApKDgN3oB5Ti4Jnh1984aMver+heptYKmU9RX -lQH4dsVhpQO8UTgcTgtso+/0JZWLHB9+ksFyW1rzrcETfjLglOA4XzzYHeuiWHM5 -v4lhqBpsO+Ij80oHAPUI3RYVud/VnEauCUlGftWfM1hwPPJu6KhHAnDleAWDE5pV -oDinwBkCgYEAnn/OceaqA2fNYp1IRegbFzpewjUlHLq3bXiCIVhO7W/HqsdfUxjE -VVdjEno/pAG7ZCO5j8u+rLkG2ZIVY3qsUENUiXz52Q08qEltgM8nfirK7vIQkfd9 -YISRE3QHYJd+ArY4v+7rNeF1O5eIEyzPAbvG5raeZFcZ6POxy66uWKo= ------END RSA PRIVATE KEY----- diff --git a/src/leap/testing/pyqt.py b/src/leap/testing/pyqt.py deleted file mode 100644 index 6edaf059..00000000 --- a/src/leap/testing/pyqt.py +++ /dev/null @@ -1,52 +0,0 @@ -from PyQt4 import QtCore - -_oldConnect = QtCore.QObject.connect -_oldDisconnect = QtCore.QObject.disconnect -_oldEmit = QtCore.QObject.emit - - -def _wrapConnect(callableObject): - """ - Returns a wrapped call to the old version of QtCore.QObject.connect - """ - @staticmethod - def call(*args): - callableObject(*args) - _oldConnect(*args) - return call - - -def _wrapDisconnect(callableObject): - """ - Returns a wrapped call to the old version of QtCore.QObject.disconnect - """ - @staticmethod - def call(*args): - callableObject(*args) - _oldDisconnect(*args) - return call - - -def enableSignalDebugging(**kwargs): - """ - Call this to enable Qt Signal debugging. This will trap all - connect, and disconnect calls. - """ - - f = lambda *args: None - connectCall = kwargs.get('connectCall', f) - disconnectCall = kwargs.get('disconnectCall', f) - emitCall = kwargs.get('emitCall', f) - - def printIt(msg): - def call(*args): - print msg, args - return call - QtCore.QObject.connect = _wrapConnect(connectCall) - QtCore.QObject.disconnect = _wrapDisconnect(disconnectCall) - - def new_emit(self, *args): - emitCall(self, *args) - _oldEmit(self, *args) - - QtCore.QObject.emit = new_emit diff --git a/src/leap/testing/qunittest.py b/src/leap/testing/qunittest.py deleted file mode 100644 index b89ccec3..00000000 --- a/src/leap/testing/qunittest.py +++ /dev/null @@ -1,302 +0,0 @@ -# -*- coding: utf-8 -*- - -# **qunittest** is an standard Python `unittest` enhancement for PyQt4, -# allowing -# you to test asynchronous code using standard synchronous testing facility. -# -# The source for `qunittest` is available on [GitHub][gh], and released under -# the MIT license. -# -# Slightly modified by The Leap Project. - -### Prerequisites - -# Import unittest2 or unittest -try: - import unittest2 as unittest -except ImportError: - import unittest - -# ... and some standard Python libraries -import sys -import functools -import contextlib -import re - -# ... and several PyQt classes -from PyQt4.QtCore import QTimer -from PyQt4.QtTest import QTest -from PyQt4 import QtGui - -### The code - - -# Override standard main method, by invoking it inside PyQt event loop - -def main(*args, **kwargs): - qapplication = QtGui.QApplication(sys.argv) - - QTimer.singleShot(0, unittest.main(*args, **kwargs)) - qapplication.exec_() - -""" -This main substitute does not integrate with unittest. - -Note about mixing the event loop and unittests: - -Unittest will fail if we keep more than one reference to a QApplication. -(pyqt expects to be and only one). -So, for the things that need a QApplication to exist, do something like: - - self.app = QApplication() - QtGui.qApp = self.app - -in the class setUp, and:: - - QtGui.qApp = None - self.app = None - -in the class tearDown. - -For some explanation about this, see - http://stuvel.eu/blog/127/multiple-instances-of-qapplication-in-one-process -and - http://www.riverbankcomputing.com/pipermail/pyqt/2010-September/027705.html -""" - - -# Helper returning the name of a given signal - -def _signal_name(signal): - s = repr(signal) - name_re = "signal (\w+) of (\w+)" - match = re.search(name_re, s, re.I) - if not match: - return "??" - return "%s#%s" % (match.group(2), match.group(1)) - - -class _SignalConnector(object): - """ Encapsulates signal assertion testing """ - def __init__(self, test, signal, callable_): - self.test = test - self.callable_ = callable_ - self.called_with = None - self.emited = False - self.signal = signal - self._asserted = False - - signal.connect(self.on_signal_emited) - - # Store given parameters and mark signal as `emited` - def on_signal_emited(self, *args, **kwargs): - self.called_with = (args, kwargs) - self.emited = True - - def assertEmission(self): - # Assert once wheter signal was emited or not - was_asserted = self._asserted - self._asserted = True - - if not was_asserted: - if not self.emited: - self.test.fail( - "signal %s not emited" % (_signal_name(self.signal))) - - # Call given callable is necessary - if self.callable_: - args, kwargs = self.called_with - self.callable_(*args, **kwargs) - - def __enter__(self): - # Assert emission when context is entered - self.assertEmission() - return self.called_with - - def __exit__(self, *_): - return False - -### Unit Testing - -# `qunittest` does not force much abould how test should look - it just adds -# several helpers for asynchronous code testing. -# -# Common test case may look like this: -# -# import qunittest -# from calculator import Calculator -# -# class TestCalculator(qunittest.TestCase): -# def setUp(self): -# self.calc = Calculator() -# -# def test_should_add_two_numbers_synchronously(self): -# # given -# a, b = 2, 3 -# -# # when -# r = self.calc.add(a, b) -# -# # then -# self.assertEqual(5, r) -# -# def test_should_calculate_factorial_in_background(self): -# # given -# -# # when -# self.calc.factorial(20) -# -# # then -# self.assertEmited(self.calc.done) with (args, kwargs): -# self.assertEqual([2432902008176640000], args) -# -# if __name__ == "__main__": -# main() -# -# Test can be run by typing: -# -# python test_calculator.py -# -# Automatic test discovery is not supported now, because testing PyQt needs -# an instance of `QApplication` and its `exec_` method is blocking. -# - - -### TestCase class - -class TestCase(unittest.TestCase): - """ - Extends standard `unittest.TestCase` with several PyQt4 testing features - useful for asynchronous testing. - """ - def __init__(self, *args, **kwargs): - super(TestCase, self).__init__(*args, **kwargs) - - self._clearSignalConnectors() - self._succeeded = False - self.addCleanup(self._clearSignalConnectors) - self.tearDown = self._decorateTearDown(self.tearDown) - - ### Protected methods - - def _clearSignalConnectors(self): - self._connectedSignals = [] - - def _decorateTearDown(self, tearDown): - @functools.wraps(tearDown) - def decorator(): - self._ensureEmitedSignals() - return tearDown() - return decorator - - def _ensureEmitedSignals(self): - """ - Checks if signals were acually emited. Raises AssertionError if no. - """ - # TODO: add information about line - for signal in self._connectedSignals: - signal.assertEmission() - - ### Assertions - - def assertEmited(self, signal, callable_=None, timeout=1): - """ - Asserts if given `signal` was emited. Waits 1 second by default, - before asserts signal emission. - - If `callable_` is given, it should be a function which takes two - arguments: `args` and `kwargs`. It will be called after blocking - operation or when assertion about signal emission is made and - signal was emited. - - When timeout is not `False`, method call is blocking, and ends - after `timeout` seconds. After that time, it validates wether - signal was emited. - - When timeout is `False`, method is non blocking, and test should wait - for signals afterwards. Otherwise, at the end of the test, all - signal emissions are checked if appeared. - - Function returns context, which yields to list of parameters given - to signal. It can be useful for testing given parameters. Following - code: - - with self.assertEmited(widget.signal) as (args, kwargs): - self.assertEqual(1, len(args)) - self.assertEqual("Hello World!", args[0]) - - will wait 1 second and test for correct parameters, is signal was - emtied. - - Note that code: - - with self.assertEmited(widget.signal, timeout=False) as (a, k): - # Will not be invoked - - will always fail since signal cannot be emited in the time of its - connection - code inside the context will not be invoked at all. - """ - - connector = _SignalConnector(self, signal, callable_) - self._connectedSignals.append(connector) - if timeout: - self.waitFor(timeout) - connector.assertEmission() - - return connector - - ### Helper methods - - @contextlib.contextmanager - def invokeAfter(self, seconds, callable_=None): - """ - Waits given amount of time and executes the context. - - If `callable_` is given, executes it, instead of context. - """ - self.waitFor(seconds) - if callable_: - callable_() - else: - yield - - def waitFor(self, seconds): - """ - Waits given amount of time. - - self.widget.loadImage(url) - self.waitFor(seconds=10) - """ - QTest.qWait(seconds * 1000) - - def succeed(self, bool_=True): - """ Marks test as suceeded for next `failAfter()` invocation. """ - self._succeeded = self._succeeded or bool_ - - def failAfter(self, seconds, message=None): - """ - Waits given amount of time, and fails the test if `succeed(bool)` - is not called - in most common case, `succeed(bool)` should be called - asynchronously (in signal handler): - - self.widget.signal.connect(lambda: self.succeed()) - self.failAfter(1, "signal not emited?") - - After invocation, test is no longer consider as succeeded. - """ - self.waitFor(seconds) - if not self._succeeded: - self.fail(message) - - self._succeeded = False - -### Credits -# -# * **Who is responsible:** [Dawid Fatyga][df] -# * **Source:** [GitHub][gh] -# * **Doc. generator:** [rocco][ro] -# -# [gh]: https://www.github.com/dejw/qunittest -# [df]: https://github.com/dejw -# [ro]: http://rtomayko.github.com/rocco/ -# diff --git a/src/leap/testing/test_basetest.py b/src/leap/testing/test_basetest.py deleted file mode 100644 index 14d8f8a3..00000000 --- a/src/leap/testing/test_basetest.py +++ /dev/null @@ -1,91 +0,0 @@ -"""becase it's oh so meta""" -try: - import unittest2 as unittest -except ImportError: - import unittest - -import os -import StringIO - -from leap.testing.basetest import BaseLeapTest - -# global for tempdir checking -_tempdir = None - - -class _TestCaseRunner(object): - def run_testcase(self, testcase=None): - if not testcase: - return None - loader = unittest.TestLoader() - suite = loader.loadTestsFromTestCase(testcase) - - # Create runner, and run testcase - io = StringIO.StringIO() - runner = unittest.TextTestRunner(stream=io) - results = runner.run(suite) - return results - - -class TestAbstractBaseLeapTest(unittest.TestCase, _TestCaseRunner): - - def test_abstract_base_class(self): - class _BaseTest(BaseLeapTest): - def test_dummy_method(self): - pass - - def test_tautology(self): - assert True - - results = self.run_testcase(_BaseTest) - - # should be 2 errors: NotImplemented - # raised for setUp/tearDown - self.assertEquals(results.testsRun, 2) - self.assertEquals(len(results.failures), 0) - self.assertEquals(len(results.errors), 2) - - -class TestInitBaseLeapTest(BaseLeapTest): - - def setUp(self): - pass - - def tearDown(self): - pass - - def test_path_is_changed(self): - os_path = os.environ['PATH'] - self.assertTrue(os_path.startswith(self.tempdir)) - - def test_old_path_is_saved(self): - self.assertTrue(len(self.old_path) > 1) - - -class TestCleanedBaseLeapTest(unittest.TestCase, _TestCaseRunner): - - def test_tempdir_is_cleaned_after_tests(self): - class _BaseTest(BaseLeapTest): - def setUp(self): - global _tempdir - _tempdir = self.tempdir - - def tearDown(self): - pass - - def test_tempdir_created(self): - self.assertTrue(os.path.isdir(self.tempdir)) - - def test_tempdir_created_on_setupclass(self): - self.assertEqual(_tempdir, self.tempdir) - - results = self.run_testcase(_BaseTest) - self.assertEquals(results.testsRun, 2) - self.assertEquals(len(results.failures), 0) - self.assertEquals(len(results.errors), 0) - - # did we cleaned the tempdir? - self.assertFalse(os.path.isdir(_tempdir)) - -if __name__ == "__main__": - unittest.main() diff --git a/src/leap/util/__init__.py b/src/leap/util/__init__.py index a70a9a8b..5ceaede5 100644 --- a/src/leap/util/__init__.py +++ b/src/leap/util/__init__.py @@ -1,9 +1,49 @@ -import logging -logger = logging.getLogger(__name__) +# -*- coding: utf-8 -*- +# __init__.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +""" +Initializes version and app info +""" +__version__ = "unknown" try: - import pygeoip - HAS_GEOIP = True + from leap._version import get_versions + __version__ = get_versions()['version'] + del get_versions except ImportError: - logger.debug('PyGeoIP not found. Disabled Geo support.') - HAS_GEOIP = False + #running on a tree that has not run + #the setup.py setver + pass + +__appname__ = "unknown" +try: + from leap._appname import __appname__ +except ImportError: + #running on a tree that has not run + #the setup.py setver + pass + +__full_version__ = __appname__ + '/' + str(__version__) + + +def first(things): + """ + Return the head of a collection. + """ + try: + return things[0] + except TypeError: + return None diff --git a/src/leap/util/certs.py b/src/leap/util/certs.py deleted file mode 100644 index f0f790e9..00000000 --- a/src/leap/util/certs.py +++ /dev/null @@ -1,18 +0,0 @@ -import os -import logging - -logger = logging.getLogger(__name__) - - -def get_mac_cabundle(): - # hackaround bundle error - # XXX this needs a better fix! - f = os.path.split(__file__)[0] - sep = os.path.sep - f_ = sep.join(f.split(sep)[:-2]) - verify = os.path.join(f_, 'cacert.pem') - #logger.error('VERIFY PATH = %s' % verify) - exists = os.path.isfile(verify) - #logger.error('do exist? %s', exists) - if exists: - return verify diff --git a/src/leap/util/coroutines.py b/src/leap/util/coroutines.py deleted file mode 100644 index 0657fc04..00000000 --- a/src/leap/util/coroutines.py +++ /dev/null @@ -1,109 +0,0 @@ -# the problem of watching a stdout pipe from -# openvpn binary: using subprocess and coroutines -# acting as event consumers - -from __future__ import division, print_function - -import logging -from subprocess import PIPE, Popen -import sys -from threading import Thread - -logger = logging.getLogger(__name__) - -ON_POSIX = 'posix' in sys.builtin_module_names - - -# -# Coroutines goodies -# - -def coroutine(func): - def start(*args, **kwargs): - cr = func(*args, **kwargs) - cr.next() - return cr - return start - - -@coroutine -def process_events(callback): - """ - coroutine loop that receives - events sent and dispatch the callback. - :param callback: callback to be called\ -for each event - :type callback: callable - """ - try: - while True: - m = (yield) - if callable(callback): - callback(m) - else: - logger.debug('not a callable passed') - except GeneratorExit: - return - -# -# Threads -# - - -def launch_thread(target, args): - """ - launch and demonize thread. - :param target: target function that will run in thread - :type target: function - :param args: args to be passed to thread - :type args: list - """ - t = Thread(target=target, - args=args) - t.daemon = True - t.start() - return t - - -def watch_output(out, observers): - """ - initializes dict of observer coroutines - and pushes lines to each of them as they are received - from the watched output. - :param out: stdout of a process. - :type out: fd - :param observers: tuple of coroutines to send data\ -for each event - :type observers: tuple - """ - observer_dict = dict(((observer, process_events(observer)) - for observer in observers)) - for line in iter(out.readline, b''): - for obs in observer_dict: - observer_dict[obs].send(line) - out.close() - - -def spawn_and_watch_process(command, args, observers=None): - """ - spawns a subprocess with command, args, and launch - a watcher thread. - :param command: command to be executed in the subprocess - :type command: str - :param args: arguments - :type args: list - :param observers: tuple of observer functions to be called \ -for each line in the subprocess output. - :type observers: tuple - :return: a tuple containing the child process instance, and watcher_thread, - :rtype: (Subprocess, Thread) - """ - subp = Popen([command] + args, - stdout=PIPE, - stderr=PIPE, - bufsize=1, - close_fds=ON_POSIX) - watcher = launch_thread( - watch_output, - (subp.stdout, observers)) - return subp, watcher diff --git a/src/leap/util/dicts.py b/src/leap/util/dicts.py deleted file mode 100644 index 001ca96b..00000000 --- a/src/leap/util/dicts.py +++ /dev/null @@ -1,268 +0,0 @@ -# Backport of OrderedDict() class that runs -# on Python 2.4, 2.5, 2.6, 2.7 and pypy. -# Passes Python2.7's test suite and incorporates all the latest updates. - -try: - from thread import get_ident as _get_ident -except ImportError: - from dummy_thread import get_ident as _get_ident - -try: - from _abcoll import KeysView, ValuesView, ItemsView -except ImportError: - pass - - -class OrderedDict(dict): - 'Dictionary that remembers insertion order' - # An inherited dict maps keys to values. - # The inherited dict provides __getitem__, __len__, __contains__, and get. - # The remaining methods are order-aware. - # Big-O running times for all methods are the same as for regular - # dictionaries. - - # The internal self.__map dictionary maps keys to links in a doubly - # linked list. - # The circular doubly linked list starts and ends with a sentinel element. - # The sentinel element never gets deleted (this simplifies the algorithm). - # Each link is stored as a list of length three: [PREV, NEXT, KEY]. - - def __init__(self, *args, **kwds): - '''Initialize an ordered dictionary. Signature is the same as for - regular dictionaries, but keyword arguments are not recommended - because their insertion order is arbitrary. - - ''' - if len(args) > 1: - raise TypeError('expected at most 1 arguments, got %d' % len(args)) - try: - self.__root - except AttributeError: - self.__root = root = [] # sentinel node - root[:] = [root, root, None] - self.__map = {} - self.__update(*args, **kwds) - - def __setitem__(self, key, value, dict_setitem=dict.__setitem__): - 'od.__setitem__(i, y) <==> od[i]=y' - # Setting a new item creates a new link which goes at the end - # of the linked list, and the inherited dictionary is updated - # with the new key/value pair. - if key not in self: - root = self.__root - last = root[0] - last[1] = root[0] = self.__map[key] = [last, root, key] - dict_setitem(self, key, value) - - def __delitem__(self, key, dict_delitem=dict.__delitem__): - 'od.__delitem__(y) <==> del od[y]' - # Deleting an existing item uses self.__map to find the link which is - # then removed by updating the links in the predecessor and successor - # nodes. - dict_delitem(self, key) - link_prev, link_next, key = self.__map.pop(key) - link_prev[1] = link_next - link_next[0] = link_prev - - def __iter__(self): - 'od.__iter__() <==> iter(od)' - root = self.__root - curr = root[1] - while curr is not root: - yield curr[2] - curr = curr[1] - - def __reversed__(self): - 'od.__reversed__() <==> reversed(od)' - root = self.__root - curr = root[0] - while curr is not root: - yield curr[2] - curr = curr[0] - - def clear(self): - 'od.clear() -> None. Remove all items from od.' - try: - for node in self.__map.itervalues(): - del node[:] - root = self.__root - root[:] = [root, root, None] - self.__map.clear() - except AttributeError: - pass - dict.clear(self) - - def popitem(self, last=True): - '''od.popitem() -> (k, v), return and remove a (key, value) pair. - Pairs are returned in LIFO order if last is true or FIFO order if - false. - ''' - if not self: - raise KeyError('dictionary is empty') - root = self.__root - if last: - link = root[0] - link_prev = link[0] - link_prev[1] = root - root[0] = link_prev - else: - link = root[1] - link_next = link[1] - root[1] = link_next - link_next[0] = root - key = link[2] - del self.__map[key] - value = dict.pop(self, key) - return key, value - - # -- the following methods do not depend on the internal structure -- - - def keys(self): - 'od.keys() -> list of keys in od' - return list(self) - - def values(self): - 'od.values() -> list of values in od' - return [self[key] for key in self] - - def items(self): - 'od.items() -> list of (key, value) pairs in od' - return [(key, self[key]) for key in self] - - def iterkeys(self): - 'od.iterkeys() -> an iterator over the keys in od' - return iter(self) - - def itervalues(self): - 'od.itervalues -> an iterator over the values in od' - for k in self: - yield self[k] - - def iteritems(self): - 'od.iteritems -> an iterator over the (key, value) items in od' - for k in self: - yield (k, self[k]) - - def update(*args, **kwds): - '''od.update(E, **F) -> None. Update od from dict/iterable E and F. - - If E is a dict instance, does: for k in E: od[k] = E[k] - If E has a .keys() method, does: for k in E.keys(): - od[k] = E[k] - Or if E is an iterable of items, does: for k, v in E: od[k] = v - In either case, this is followed by: for k, v in F.items(): - od[k] = v - ''' - - if len(args) > 2: - raise TypeError('update() takes at most 2 positional ' - 'arguments (%d given)' % (len(args),)) - elif not args: - raise TypeError('update() takes at least 1 argument (0 given)') - self = args[0] - # Make progressively weaker assumptions about "other" - other = () - if len(args) == 2: - other = args[1] - if isinstance(other, dict): - for key in other: - self[key] = other[key] - elif hasattr(other, 'keys'): - for key in other.keys(): - self[key] = other[key] - else: - for key, value in other: - self[key] = value - for key, value in kwds.items(): - self[key] = value - - __update = update # let subclasses override update - # without breaking __init__ - - __marker = object() - - def pop(self, key, default=__marker): - '''od.pop(k[,d]) -> v - remove specified key and return the corresponding value. - If key is not found, d is returned if given, - otherwise KeyError is raised. - - ''' - if key in self: - result = self[key] - del self[key] - return result - if default is self.__marker: - raise KeyError(key) - return default - - def setdefault(self, key, default=None): - 'od.setdefault(k[,d]) -> od.get(k,d), also set od[k]=d if k not in od' - if key in self: - return self[key] - self[key] = default - return default - - def __repr__(self, _repr_running={}): - 'od.__repr__() <==> repr(od)' - call_key = id(self), _get_ident() - if call_key in _repr_running: - return '...' - _repr_running[call_key] = 1 - try: - if not self: - return '%s()' % (self.__class__.__name__,) - return '%s(%r)' % (self.__class__.__name__, self.items()) - finally: - del _repr_running[call_key] - - def __reduce__(self): - 'Return state information for pickling' - items = [[k, self[k]] for k in self] - inst_dict = vars(self).copy() - for k in vars(OrderedDict()): - inst_dict.pop(k, None) - if inst_dict: - return (self.__class__, (items,), inst_dict) - return self.__class__, (items,) - - def copy(self): - 'od.copy() -> a shallow copy of od' - return self.__class__(self) - - @classmethod - def fromkeys(cls, iterable, value=None): - '''OD.fromkeys(S[, v]) -> New ordered dictionary with keys from S - and values equal to v (which defaults to None). - - ''' - d = cls() - for key in iterable: - d[key] = value - return d - - def __eq__(self, other): - '''od.__eq__(y) <==> od==y. - Comparison to another OD is order-sensitive - while comparison to a regular mapping is order-insensitive. - ''' - if isinstance(other, OrderedDict): - return len(self) == len(other) and self.items() == other.items() - return dict.__eq__(self, other) - - def __ne__(self, other): - return not self == other - - # -- the following methods are only used in Python 2.7 -- - - def viewkeys(self): - "od.viewkeys() -> a set-like object providing a view on od's keys" - return KeysView(self) - - def viewvalues(self): - "od.viewvalues() -> an object providing a view on od's values" - return ValuesView(self) - - def viewitems(self): - "od.viewitems() -> a set-like object providing a view on od's items" - return ItemsView(self) diff --git a/src/leap/util/fileutil.py b/src/leap/util/fileutil.py deleted file mode 100644 index 820ffe46..00000000 --- a/src/leap/util/fileutil.py +++ /dev/null @@ -1,120 +0,0 @@ -import errno -from itertools import chain -import logging -import os -import platform -import stat - - -logger = logging.getLogger() - - -def is_user_executable(fpath): - st = os.stat(fpath) - return bool(st.st_mode & stat.S_IXUSR) - - -def extend_path(): - ourplatform = platform.system() - if ourplatform == "Linux": - return "/usr/local/sbin:/usr/sbin" - # XXX add mac / win extended search paths? - - -def which(program, path=None): - """ - an implementation of which - that extends the path with - other locations, like sbin - (f.i., openvpn binary is likely to be there) - @param program: a string representing the binary we're looking for. - """ - def is_exe(fpath): - """ - check that path exists, - it's a file, - and is executable by the owner - """ - # we would check for access, - # but it's likely that we're - # using uid 0 + polkitd - - return os.path.isfile(fpath)\ - and is_user_executable(fpath) - - def ext_candidates(fpath): - yield fpath - for ext in os.environ.get("PATHEXT", "").split(os.pathsep): - yield fpath + ext - - def iter_path(pathset): - """ - returns iterator with - full path for a given path list - and the current target bin. - """ - for path in pathset.split(os.pathsep): - exe_file = os.path.join(path, program) - #print 'file=%s' % exe_file - for candidate in ext_candidates(exe_file): - if is_exe(candidate): - yield candidate - - fpath, fname = os.path.split(program) - if fpath: - if is_exe(program): - return program - else: - # extended iterator - # with extra path - if path is None: - path = os.environ['PATH'] - extended_path = chain( - iter_path(path), - iter_path(extend_path())) - for candidate in extended_path: - if candidate is not None: - return candidate - - # sorry bro. - return None - - -def mkdir_p(path): - """ - implements mkdir -p functionality - """ - try: - os.makedirs(path) - except OSError as exc: - if exc.errno == errno.EEXIST: - pass - else: - raise - - -def mkdir_f(path): - folder, fname = os.path.split(path) - mkdir_p(folder) - - -def check_and_fix_urw_only(_file): - """ - test for 600 mode and try - to set it if anything different found - """ - mode = stat.S_IMODE( - os.stat(_file).st_mode) - - if mode != int('600', 8): - try: - logger.warning( - 'bad permission on %s ' - 'attempting to set 600', - _file) - os.chmod(_file, stat.S_IRUSR | stat.S_IWUSR) - except OSError: - logger.error( - 'error while trying to chmod 600 %s', - _file) - raise diff --git a/src/leap/util/geo.py b/src/leap/util/geo.py deleted file mode 100644 index 54b29596..00000000 --- a/src/leap/util/geo.py +++ /dev/null @@ -1,32 +0,0 @@ -""" -experimental geo support. -not yet a feature. -in debian, we rely on the (optional) geoip-database -""" -import os -import platform - -from leap.util import HAS_GEOIP - -GEOIP = None - -if HAS_GEOIP: - import pygeoip # we know we can :) - - GEOIP_PATH = None - - if platform.system() == "Linux": - PATH = "/usr/share/GeoIP/GeoIP.dat" - if os.path.isfile(PATH): - GEOIP_PATH = PATH - GEOIP = pygeoip.GeoIP(GEOIP_PATH, pygeoip.MEMORY_CACHE) - - -def get_country_name(ip): - if not GEOIP: - return - try: - country = GEOIP.country_name_by_addr(ip) - except pygeoip.GeoIPError: - country = None - return country if country else "-" diff --git a/src/leap/util/keyring_helpers.py b/src/leap/util/keyring_helpers.py new file mode 100644 index 00000000..b815d385 --- /dev/null +++ b/src/leap/util/keyring_helpers.py @@ -0,0 +1,35 @@ +# -*- coding: utf-8 -*- +# privilege_policies.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +""" + +""" + +import keyring + +OBSOLETE_KEYRINGS = [ + keyring.backends.file.EncryptedKeyring, + keyring.backends.file.PlaintextKeyring +] + + +def has_keyring(): + """ + + """ + kr = keyring.get_keyring() + return kr is not None and kr.__class__ not in OBSOLETE_KEYRINGS diff --git a/src/leap/util/leap_argparse.py b/src/leap/util/leap_argparse.py index 3412a72c..8300e4d8 100644 --- a/src/leap/util/leap_argparse.py +++ b/src/leap/util/leap_argparse.py @@ -1,9 +1,26 @@ +# -*- coding: utf-8 -*- +# leap_argparse.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + import argparse def build_parser(): """ - all the options for the leap arg parser + All the options for the leap arg parser Some of these could be switched on only if debug flag is present! """ epilog = "Copyright 2012 The LEAP Encryption Access Project" @@ -12,6 +29,8 @@ Launches the LEAP Client""", epilog=epilog) parser.add_argument('-d', '--debug', action="store_true", help=("Launches client in debug mode, writing debug" "info to stdout")) + parser.add_argument('--danger', action="store_true", + help=("Bypasses the certificate check for bootstrap")) parser.add_argument('-l', '--logfile', metavar="LOG FILE", nargs='?', action="store", dest="log_file", #type=argparse.FileType('w'), @@ -20,6 +39,10 @@ Launches the LEAP Client""", epilog=epilog) type=int, action="store", dest="openvpn_verb", help='verbosity level for openvpn logs [1-6]') + parser.add_argument('-s', '--standalone', action="store_true", + help='Makes the client use standalone' + 'directories for configuration and binary' + 'searching') # Not in use, we might want to reintroduce them. #parser.add_argument('-i', '--no-provider-checks', diff --git a/src/leap/util/leap_log_handler.py b/src/leap/util/leap_log_handler.py new file mode 100644 index 00000000..271096d3 --- /dev/null +++ b/src/leap/util/leap_log_handler.py @@ -0,0 +1,149 @@ +# -*- coding: utf-8 -*- +# leap_log_handler.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +""" +Custom handler for the logger window. +""" +import logging + +from PySide import QtCore + + +class LogHandler(logging.Handler): + """ + This is the custom handler that implements our desired formatting + and also keeps a history of all the logged events. + """ + + MESSAGE_KEY = 'message' + RECORD_KEY = 'record' + + def __init__(self, qtsignal): + """ + LogHander initialization. + Calls parent method and keeps a reference to the qtsignal + that will be used to fire the gui update. + """ + # TODO This is going to eat lots of memory after some time. + # Should be pruned at some moment. + self._log_history = [] + + logging.Handler.__init__(self) + self._qtsignal = qtsignal + + def _get_format(self, logging_level): + """ + Sets the log format depending on the parameter. + It uses html and css to set the colors for the logs. + + :param logging_level: the debug level to define the color. + :type logging_level: str. + """ + html_style = { + 'DEBUG': "color: blue", + 'INFO': "color: black", + 'WARNING': "color: black; background: yellow;", + 'ERROR': "color: red", + 'CRITICAL': "color: red; font-weight: bold;" + } + + style_open = "<span style='" + html_style[logging_level] + "'>" + style_close = "</span>" + time = "%(asctime)s" + name = style_open + "%(name)s" + level = "%(levelname)s" + message = "%(message)s" + style_close + format_attrs = [time, name, level, message] + log_format = ' - '.join(format_attrs) + formatter = logging.Formatter(log_format) + + return formatter + + def emit(self, logRecord): + """ + This method is fired every time that a record is logged by the + logging module. + This method reimplements logging.Handler.emit that is fired + in every logged message. + + :param logRecord: the record emitted by the logging module. + :type logRecord: logging.LogRecord. + """ + self.setFormatter(self._get_format(logRecord.levelname)) + log = self.format(logRecord) + log_item = {self.RECORD_KEY: logRecord, self.MESSAGE_KEY: log} + self._log_history.append(log_item) + self._qtsignal(log_item) + + +class HandlerAdapter(object): + """ + New style class that accesses all attributes from the LogHandler. + + Used as a workaround for a problem with multiple inheritance with Pyside + that surfaced under OSX with pyside 1.1.0. + """ + MESSAGE_KEY = 'message' + RECORD_KEY = 'record' + + def __init__(self, qtsignal): + self._handler = LogHandler(qtsignal=qtsignal) + + def setLevel(self, *args, **kwargs): + return self._handler.setLevel(*args, **kwargs) + + def handle(self, *args, **kwargs): + return self._handler.handle(*args, **kwargs) + + @property + def level(self): + return self._handler.level + + +class LeapLogHandler(QtCore.QObject, HandlerAdapter): + """ + Custom logging handler. It emits Qt signals so it can be plugged to a gui. + + Its inner handler also stores an history of logs that can be fetched after + having been connected to a gui. + """ + # All dicts returned are of the form + # {'record': LogRecord, 'message': str} + new_log = QtCore.Signal(dict) + + def __init__(self): + """ + LeapLogHandler initialization. + Initializes parent classes. + """ + QtCore.QObject.__init__(self) + HandlerAdapter.__init__(self, qtsignal=self.qtsignal) + + def qtsignal(self, log_item): + # WARNING: the new-style connection does NOT work because PySide + # translates the emit method to self.emit, and that collides with + # the emit method for logging.Handler + # self.new_log.emit(log_item) + QtCore.QObject.emit( + self, + QtCore.SIGNAL('new_log(PyObject)'), log_item) + + @property + def log_history(self): + """ + Returns the history of the logged messages. + """ + return self._handler._log_history diff --git a/src/leap/util/misc.py b/src/leap/util/misc.py deleted file mode 100644 index d869a1ba..00000000 --- a/src/leap/util/misc.py +++ /dev/null @@ -1,37 +0,0 @@ -""" -misc utils -""" -import psutil - -from leap.base.constants import OPENVPN_BIN - - -class ImproperlyConfigured(Exception): - """ - """ - - -def null_check(value, value_name): - try: - assert value is not None - except AssertionError: - raise ImproperlyConfigured( - "%s parameter cannot be None" % value_name) - - -def get_openvpn_pids(): - # binary name might change - - openvpn_pids = [] - for p in psutil.process_iter(): - try: - # XXX Not exact! - # Will give false positives. - # we should check that cmdline BEGINS - # with openvpn or with our wrapper - # (pkexec / osascript / whatever) - if OPENVPN_BIN in ' '.join(p.cmdline): - openvpn_pids.append(p.pid) - except psutil.error.AccessDenied: - pass - return openvpn_pids diff --git a/src/leap/util/polkit.py b/src/leap/util/polkit.py deleted file mode 100644 index 70671124..00000000 --- a/src/leap/util/polkit.py +++ /dev/null @@ -1,26 +0,0 @@ -import logging - -import sh -from sh import grep -from sh import ps - -logger = logging.getLogger(__name__) - - -def run_polkit_auth_agent(): - logger.debug('launching policykit authentication agent in background...') - polkit = sh.Command('/usr/lib/policykit-1-gnome/' - 'polkit-gnome-authentication-agent-1') - polkit(_bg=True) - - -def check_if_running_polkit_auth(): - """ - check if polkit authentication agent is running - and launch it if it is not - """ - try: - grep(ps('aux'), '[p]olkit-gnome-authentication-agent-1') - except sh.ErrorReturnCode_1: - logger.debug('polkit auth agent not found, trying to launch it...') - run_polkit_auth_agent() diff --git a/src/leap/util/privilege_policies.py b/src/leap/util/privilege_policies.py new file mode 100644 index 00000000..10224bcd --- /dev/null +++ b/src/leap/util/privilege_policies.py @@ -0,0 +1,82 @@ +# -*- coding: utf-8 -*- +# privilege_policies.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +""" +Helpers to determine if the needed policies for privilege escalation +are operative under this client run. +""" +import logging +import os +import platform + +from abc import ABCMeta, abstractmethod + +logger = logging.getLogger(__name__) + + +def is_missing_policy_permissions(): + """ + Returns True if we do not have implemented a policy checker for this + platform, or if the policy checker exists but it cannot find the + appropriate policy mechanisms in place. + + :rtype: bool + """ + _system = platform.system() + platform_checker = _system + "PolicyChecker" + policy_checker = globals().get(platform_checker, None) + if not policy_checker: + # it is true that we miss permission to escalate + # privileges without asking for password each time. + logger.debug("we could not find a policy checker implementation " + "for %s" % (_system,)) + return True + return policy_checker().is_missing_policy_permissions() + + +class PolicyChecker: + """ + Abstract PolicyChecker class + """ + + __metaclass__ = ABCMeta + + @abstractmethod + def is_missing_policy_permissions(self): + """ + Returns True if we could not find any policy mechanisms that + are defined to be in used for this particular platform. + + :rtype: bool + """ + return True + + +class LinuxPolicyChecker(PolicyChecker): + """ + PolicyChecker for Linux + """ + LINUX_POLKIT_FILE = ("/usr/share/polkit-1/actions/" + "net.openvpn.gui.leap.policy") + + def is_missing_policy_permissions(self): + """ + Returns True if we could not find the appropriate policykit file + in place + + :rtype: bool + """ + return not os.path.isfile(self.LINUX_POLKIT_FILE) diff --git a/src/leap/util/pyside_tests_helper.py b/src/leap/util/pyside_tests_helper.py new file mode 100644 index 00000000..5c0eb8d6 --- /dev/null +++ b/src/leap/util/pyside_tests_helper.py @@ -0,0 +1,136 @@ + +'''Helper classes and functions''' + +import os +import unittest + +from random import randint + +from PySide.QtCore import QCoreApplication, QTimer + +try: + from PySide.QtGui import QApplication +except ImportError: + has_gui = False +else: + has_gui = True + + +def adjust_filename(filename, orig_mod_filename): + dirpath = os.path.dirname(os.path.abspath(orig_mod_filename)) + return os.path.join(dirpath, filename) + + +class NoQtGuiError(Exception): + def __init__(self): + Exception.__init__(self, 'No QtGui found') + + +class BasicPySlotCase(object): + '''Base class that tests python slots and signal emissions. + + Python slots are defined as any callable passed to QObject.connect(). + ''' + def setUp(self): + self.called = False + + def tearDown(self): + try: + del self.args + except: + pass + + def cb(self, *args): + '''Simple callback with arbitrary arguments. + + The test function must setup the 'args' attribute with a sequence + containing the arguments expected to be received by this slot. + Currently only a single connection is supported. + ''' + if tuple(self.args) == args: + self.called = True + else: + raise ValueError('Invalid arguments for callback') + + +_instance = None +_timed_instance = None + +if has_gui: + class UsesQApplication(unittest.TestCase): + '''Helper class to provide QApplication instances''' + + qapplication = True + + def setUp(self): + '''Creates the QApplication instance''' + + # Simple way of making instance a singleton + super(UsesQApplication, self).setUp() + global _instance + if _instance is None: + _instance = QApplication([]) + + self.app = _instance + + def tearDown(self): + '''Deletes the reference owned by self''' + del self.app + super(UsesQApplication, self).tearDown() + + class TimedQApplication(unittest.TestCase): + '''Helper class with timed QApplication exec loop''' + + def setUp(self, timeout=100): + '''Setups this Application. + + timeout - timeout in milisseconds''' + global _timed_instance + if _timed_instance is None: + _timed_instance = QApplication([]) + + self.app = _timed_instance + QTimer.singleShot(timeout, self.app.quit) + + def tearDown(self): + '''Delete resources''' + del self.app +else: + class UsesQApplication(unittest.TestCase): + def setUp(self): + raise NoQtGuiError() + + class TimedQapplication(unittest.TestCase): + def setUp(self): + raise NoQtGuiError() + +_core_instance = None + + +class UsesQCoreApplication(unittest.TestCase): + '''Helper class for test cases that require an QCoreApplication + Just connect or call self.exit_app_cb. When called, will ask + self.app to exit. + ''' + + def setUp(self): + '''Set up resources''' + + global _core_instance + if _core_instance is None: + _core_instance = QCoreApplication([]) + + self.app = _core_instance + + def tearDown(self): + '''Release resources''' + del self.app + + def exit_app_cb(self): + '''Quits the application''' + self.app.exit(0) + + +def random_string(size=5): + '''Generate random string with the given size''' + return ''.join(map(chr, [randint(33, 126) for x in range(size)])) diff --git a/src/leap/util/request_helpers.py b/src/leap/util/request_helpers.py new file mode 100644 index 00000000..e06dabb8 --- /dev/null +++ b/src/leap/util/request_helpers.py @@ -0,0 +1,58 @@ +# -*- coding: utf-8 -*- +# request_helpers.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +""" +Request helpers for backward compatible "parsing" of requests +""" + +import time + +import json + +from dateutil import parser as dateparser + + +def get_content(request): + """ + Returns the content by trying to get it from the json + property/function or from content, in that order. + Also returns the mtime for that content if available + + :param request: request as it is given by requests + :type request: Response + + :rtype: tuple (contents, mtime) + """ + + contents = "" + mtime = None + + if request.json: + if callable(request.json): + contents = json.dumps(request.json()) + else: + contents = json.dumps(request.json) + else: + contents = request.content + + mtime = None + last_modified = request.headers.get('last-modified', None) + if last_modified: + dt = dateparser.parse(unicode(last_modified)) + mtime = int(time.mktime(dt.timetuple()) + dt.microsecond / 1000000.0) + + return contents, mtime diff --git a/src/leap/util/requirement_checker.py b/src/leap/util/requirement_checker.py new file mode 100644 index 00000000..1d9b9923 --- /dev/null +++ b/src/leap/util/requirement_checker.py @@ -0,0 +1,101 @@ +# -*- coding: utf-8 -*- +# requirement_checker.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +""" +Utility to check the needed requirements. +""" + +import os +import logging + +from pkg_resources import (DistributionNotFound, + get_distribution, + Requirement, + resource_stream, + VersionConflict) + +logger = logging.getLogger(__name__) + + +def get_requirements(): + """ + This function returns a list with requirements. + It checks either if its running from the source or if its installed. + + :returns: a list with packages names, required for the app. + :return type: list of str. + """ + develop = True + requirements = [] + + try: + # if we are running from the source + from pkg import util + requirements = util.parse_requirements() + except ImportError: + develop = False + + # if we are running from the package + if not develop: + requires_file_name = os.path.join('leap', 'util', 'reqs.txt') + dist_name = Requirement.parse('leap-client') + + try: + with resource_stream(dist_name, requires_file_name) as stream: + requirements = [line.strip() for line in stream] + except Exception, e: + logger.error("Requirements file not found. %r" % (e, )) + + return requirements + + +def check_requirements(): + """ + This function check the dependencies declared in the + requirement(s) file(s) and logs the results. + """ + logger.debug("Checking requirements...") + requirements = get_requirements() + + for package in requirements: + try: + get_distribution(package) + except VersionConflict: + required_package = Requirement.parse(package) + required_version = required_package.specs[0] + required_name = required_package.key + + installed_package = get_distribution(required_name) + installed_version = installed_package.version + installed_location = installed_package.location + + msg = "Error: version not satisfied. " + msg += "Expected %s, installed %s (path: %s)." % ( + required_version, installed_version, installed_location) + + result = "%s ... %s" % (package, msg) + logger.error(result) + except DistributionNotFound: + msg = "Error: package not found!" + result = "%s ... %s" % (package, msg) + logger.error(result) + else: + msg = "OK" + result = "%s ... %s" % (package, msg) + logger.debug(result) + + logger.debug('Done') diff --git a/src/leap/util/tests/test_fileutil.py b/src/leap/util/tests/test_fileutil.py deleted file mode 100644 index f5131b3d..00000000 --- a/src/leap/util/tests/test_fileutil.py +++ /dev/null @@ -1,100 +0,0 @@ -import os -import platform -import shutil -import stat -import tempfile -import unittest - -from leap.util import fileutil - - -class FileUtilTest(unittest.TestCase): - """ - test our file utils - """ - - def setUp(self): - self.system = platform.system() - self.create_temp_dir() - - def tearDown(self): - self.remove_temp_dir() - - # - # helpers - # - - def create_temp_dir(self): - self.tmpdir = tempfile.mkdtemp() - - def remove_temp_dir(self): - shutil.rmtree(self.tmpdir) - - def get_file_path(self, filename): - return os.path.join( - self.tmpdir, - filename) - - def touch_exec_file(self): - fp = self.get_file_path('testexec') - open(fp, 'w').close() - os.chmod( - fp, - stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR) - return fp - - def get_mode(self, fp): - return stat.S_IMODE(os.stat(fp).st_mode) - - # - # tests - # - - def test_is_user_executable(self): - """ - touch_exec_file creates in mode 700? - """ - # XXX could check access X_OK - - fp = self.touch_exec_file() - mode = self.get_mode(fp) - self.assertEqual(mode, int('700', 8)) - - def test_which(self): - """ - which implementation ok? - not a very reliable test, - but I cannot think of anything smarter now - I guess it's highly improbable that copy - """ - # XXX yep, we can change the syspath - # for the test... ! - - if self.system == "Linux": - self.assertEqual( - fileutil.which('cp'), - '/bin/cp') - - def test_mkdir_p(self): - """ - our own mkdir -p implementation ok? - """ - testdir = self.get_file_path( - os.path.join('test', 'foo', 'bar')) - self.assertEqual(os.path.isdir(testdir), False) - fileutil.mkdir_p(testdir) - self.assertEqual(os.path.isdir(testdir), True) - - def test_check_and_fix_urw_only(self): - """ - ensure check_and_fix_urx_only ok? - """ - fp = self.touch_exec_file() - mode = self.get_mode(fp) - self.assertEqual(mode, int('700', 8)) - fileutil.check_and_fix_urw_only(fp) - mode = self.get_mode(fp) - self.assertEqual(mode, int('600', 8)) - -if __name__ == "__main__": - unittest.main() diff --git a/src/leap/util/tests/test_leap_argparse.py b/src/leap/util/tests/test_leap_argparse.py deleted file mode 100644 index 4e2b811f..00000000 --- a/src/leap/util/tests/test_leap_argparse.py +++ /dev/null @@ -1,35 +0,0 @@ -from argparse import Namespace -import unittest - -from leap.util import leap_argparse - - -class LeapArgParseTest(unittest.TestCase): - """ - Test argparse options for eip client - """ - - def setUp(self): - """ - get the parser - """ - self.parser = leap_argparse.build_parser() - - def test_debug_mode(self): - """ - test debug mode option - """ - opts = self.parser.parse_args( - ['--debug']) - self.assertEqual( - opts, - Namespace( - debug=True, - log_file=None, - #config_file=None, - #no_provider_checks=False, - #no_ca_verify=False, - openvpn_verb=None)) - -if __name__ == "__main__": - unittest.main() diff --git a/src/leap/util/tests/test_leap_log_handler.py b/src/leap/util/tests/test_leap_log_handler.py new file mode 100644 index 00000000..ea509ea8 --- /dev/null +++ b/src/leap/util/tests/test_leap_log_handler.py @@ -0,0 +1,118 @@ +# -*- coding: utf-8 -*- +# test_leap_log_handler.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +""" +tests for leap_log_handler +""" + +import unittest + +import logging + +from leap.util.leap_log_handler import LeapLogHandler +from leap.common.testing.basetest import BaseLeapTest +from leap.util.pyside_tests_helper import BasicPySlotCase + +from mock import Mock + + +class LeapLogHandlerTest(BaseLeapTest, BasicPySlotCase): + """ + LeapLogHandlerTest's tests. + """ + def _callback(self, *args): + """ + Simple callback to track if a signal was emitted. + """ + self.called = True + self.emitted_msg = args[0][LeapLogHandler.MESSAGE_KEY] + + def setUp(self): + BasicPySlotCase.setUp(self) + + # Create the logger + level = logging.DEBUG + self.logger = logging.getLogger(name='test') + self.logger.setLevel(level) + + # Create the handler + self.leap_handler = LeapLogHandler() + self.leap_handler.setLevel(level) + self.logger.addHandler(self.leap_handler) + + def tearDown(self): + BasicPySlotCase.tearDown(self) + try: + self.leap_handler.new_log.disconnect() + except Exception: + pass + + def test_history_starts_empty(self): + self.assertEqual(self.leap_handler.log_history, []) + + def test_one_log_captured(self): + self.logger.debug('test') + self.assertEqual(len(self.leap_handler.log_history), 1) + + def test_history_records_order(self): + self.logger.debug('test 01') + self.logger.debug('test 02') + self.logger.debug('test 03') + + logs = [] + for message in self.leap_handler.log_history: + logs.append(message[LeapLogHandler.RECORD_KEY].msg) + + self.assertIn('test 01', logs) + self.assertIn('test 02', logs) + self.assertIn('test 03', logs) + + def test_history_messages_order(self): + self.logger.debug('test 01') + self.logger.debug('test 02') + self.logger.debug('test 03') + + logs = [] + for message in self.leap_handler.log_history: + logs.append(message[LeapLogHandler.MESSAGE_KEY]) + + self.assertIn('test 01', logs[0]) + self.assertIn('test 02', logs[1]) + self.assertIn('test 03', logs[2]) + + def test_emits_signal(self): + log_format = '%(name)s - %(levelname)s - %(message)s' + formatter = logging.Formatter(log_format) + get_format = Mock(return_value=formatter) + self.leap_handler._handler._get_format = get_format + + self.leap_handler.new_log.connect(self._callback) + self.logger.debug('test') + + expected_log_msg = "test - DEBUG - test" + + # signal emitted + self.assertTrue(self.called) + + # emitted message + self.assertEqual(self.emitted_msg, expected_log_msg) + + # Mock called + self.assertTrue(get_format.called) + + +if __name__ == "__main__": + unittest.main() diff --git a/src/leap/util/tests/test_translations.py b/src/leap/util/tests/test_translations.py deleted file mode 100644 index 794daeba..00000000 --- a/src/leap/util/tests/test_translations.py +++ /dev/null @@ -1,22 +0,0 @@ -import unittest - -from leap.util import translations - - -class TrasnlationsTestCase(unittest.TestCase): - """ - tests for translation functions and classes - """ - - def setUp(self): - self.trClass = translations.LEAPTranslatable - - def test_trasnlatable(self): - tr = self.trClass({"en": "house", "es": "casa"}) - eq = self.assertEqual - eq(tr.tr(to="es"), "casa") - eq(tr.tr(to="en"), "house") - - -if __name__ == "__main__": - unittest.main() diff --git a/src/leap/util/translations.py b/src/leap/util/translations.py deleted file mode 100644 index f55c8fba..00000000 --- a/src/leap/util/translations.py +++ /dev/null @@ -1,82 +0,0 @@ -import inspect -import logging - -from PyQt4.QtCore import QCoreApplication -from PyQt4.QtCore import QLocale - -logger = logging.getLogger(__name__) - -""" -here I could not do all that I wanted. -the context is not getting passed to the xml file. -Looks like pylupdate4 is somehow a hack that does not -parse too well the python ast. -I guess we could generate the xml for ourselves as a last recourse. -""" - -# XXX BIG NOTE: -# RESIST the temptation to get the translate function -# more compact, or have the Context argument passed as a variable -# Its name HAS to be explicit due to how the pylupdate parser -# works. - - -qtTranslate = QCoreApplication.translate - - -def translate(*args, **kwargs): - """ - our magic function. - translate(Context, text, comment) - """ - if len(args) == 1: - obj = args[0] - if isinstance(obj, LEAPTranslatable) and hasattr(obj, 'tr'): - return obj.tr() - - klsname = None - try: - # get class value from instance - # using live object inspection - prev_frame = inspect.stack()[1][0] - locals_ = inspect.getargvalues(prev_frame).locals - self = locals_.get('self') - if self: - - # Trying to get the class name - # but this is useless, the parser - # has already got the context. - klsname = self.__class__.__name__ - #print 'KLSNAME -- ', klsname - except: - logger.error('error getting stack frame') - - if klsname and len(args) == 1: - nargs = (klsname,) + args - return qtTranslate(*nargs) - - else: - return qtTranslate(*args) - - -class LEAPTranslatable(dict): - """ - An extended dict that implements a .tr method - so it can be translated on the fly by our - magic translate method - """ - - try: - locale = str(QLocale.system().name()).split('_')[0] - except: - logger.warning("could not get system locale!") - print "could not get system locale!" - locale = "en" - - def tr(self, to=None): - if not to: - to = self.locale - _tr = self.get(to, None) - if not _tr: - _tr = self.get("en", None) - return _tr diff --git a/src/leap/util/web.py b/src/leap/util/web.py deleted file mode 100644 index 15de0561..00000000 --- a/src/leap/util/web.py +++ /dev/null @@ -1,40 +0,0 @@ -""" -web related utilities -""" - - -class UsageError(Exception): - """ """ - - -def get_https_domain_and_port(full_domain): - """ - returns a tuple with domain and port - from a full_domain string that can - contain a colon - """ - full_domain = unicode(full_domain) - if full_domain is None: - return None, None - - https_sch = "https://" - http_sch = "http://" - - if full_domain.startswith(https_sch): - full_domain = full_domain.lstrip(https_sch) - elif full_domain.startswith(http_sch): - raise UsageError( - "cannot be called with a domain " - "that begins with 'http://'") - - domain_split = full_domain.split(':') - _len = len(domain_split) - if _len == 1: - domain, port = full_domain, 443 - elif _len == 2: - domain, port = domain_split - else: - raise UsageError( - "must be called with one only parameter" - "in the form domain[:port]") - return domain, port |