%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /opt/imunify360/venv/lib64/python3.11/site-packages/defence360agent/plugins/
Upload File :
Create Path :
Current File : //opt/imunify360/venv/lib64/python3.11/site-packages/defence360agent/plugins/check_license.py

import asyncio
from contextlib import suppress
import logging
from subprocess import TimeoutExpired
import time

from random import randint

from defence360agent.contracts.config import ANTIVIRUS_MODE, CustomBilling
from defence360agent.contracts.hook_events import HookEvent
from defence360agent.contracts.license import LicenseCLN, AV_DEFAULT_ID
from defence360agent.contracts.plugins import MessageSource
from defence360agent.internals.cln import CLN, CLNError
from defence360agent.internals.iaid import APIError, IndependentAgentIDAPI
from defence360agent.subsys.panels import hosting_panel
from defence360agent.subsys.panels.base import PanelException
from defence360agent.utils import await_for, recurring_check, retry_on
from defence360agent.utils.common import DAY, HOUR

logger = logging.getLogger(__name__)


class CheckLicense(MessageSource):
    TOKEN_UPDATE_PERIOD = DAY
    RETRY_TIMEOUT = HOUR
    HOOK_CHECK_TIMEOUT = DAY
    HOOK_EXPIRING_TIME_DELTA = 3 * DAY

    def __init__(self):
        self.loop = None
        self.sink = None
        self.check_hooks_task = None
        self.check_license_task = None
        self.check_iaid_token_task = None
        self.expiring_called = False
        self.expired_called = False

    async def create_source(self, loop, sink):
        self.loop = loop
        self.sink = sink
        self.check_hooks_task = self.loop.create_task(self.check_hooks())
        self.check_license_task = self.loop.create_task(
            self._recurring_check()
        )

    async def shutdown(self):
        self.check_hooks_task.cancel()
        self.check_license_task.cancel()
        if self.check_iaid_token_task:
            self.check_iaid_token_task.cancel()
        with suppress(asyncio.CancelledError):
            await self.check_license_task
            await self.check_hooks_task
            await self.check_iaid_token_task

    async def _recurring_check(self):
        while True:
            try:
                await asyncio.sleep(await self._check())
            except asyncio.CancelledError:
                break
            except TimeoutExpired:
                logger.error("Token signatures verification timeout expired")
                await asyncio.sleep(self.RETRY_TIMEOUT)
            except Exception:  # NOSONAR pylint:W0703
                logger.exception("An exception occurred during license check")
                await asyncio.sleep(self.RETRY_TIMEOUT)

    async def _register_by_ip(self):
        if ANTIVIRUS_MODE and not CustomBilling.IP_LICENSE:
            if CustomBilling.UPGRADE_URL or CustomBilling.UPGRADE_URL_360:
                return self.TOKEN_UPDATE_PERIOD
        try:
            await CLN.register("IPL")
            return self.TOKEN_UPDATE_PERIOD + randint(
                0, self.TOKEN_UPDATE_PERIOD // 2
            )
        except CLNError as e:
            logger.warning("Failed to register by ip: %s", e)
            return self.TOKEN_UPDATE_PERIOD
        except asyncio.CancelledError:
            raise
        except Exception as e:
            logger.error("Failed to register by ip: %s", e)
            return self.RETRY_TIMEOUT

    @retry_on(APIError, on_error=await_for(seconds=HOUR), timeout=DAY - HOUR)
    async def _iaid_token_check(self):
        await IndependentAgentIDAPI.ensure_is_activated_and_valid()

    async def _check(self):
        # Instead of checking users count every time license is checked
        # (and trying to update license if user limit exceeded)
        # we only detect number of users during checkin.
        # This way, if we exceeded user limit, we will get extended license
        # from cln immediately
        logger.info("Checkin IAID token")
        if (
            self.check_iaid_token_task
            and not self.check_iaid_token_task.done()
        ):
            self.check_iaid_token_task.cancel()
            with suppress(asyncio.CancelledError):
                await self.check_iaid_token_task
        if self.loop:
            # for unit-tests where loop is not initialized
            self.check_iaid_token_task = self.loop.create_task(
                self._iaid_token_check()
            )

        logger.info("Checking token")
        panel = hosting_panel.HostingPanel()
        try:
            LicenseCLN.users_count = await panel.users_count()
        except PanelException as e:
            logger.error("Failed to get users count: %s", e)
            return self.RETRY_TIMEOUT

        LicenseCLN.get_token.cache_clear()
        if not LicenseCLN.is_registered():
            logger.info("Server is not registered, skipping checkin")
            # Trying to get ip-based license
            return await self._register_by_ip()
        else:
            now = time.time()
            token = LicenseCLN.get_token()
            # For paid license if less then 2 days or user limit exceeded than
            # refreshing token
            logger.info("Checking token expiration %r", token)
            token_will_be_expired = token["token_expire_utc"] - now
            if (
                token["id"] != AV_DEFAULT_ID
                and (token_will_be_expired < self.TOKEN_UPDATE_PERIOD)
                or (LicenseCLN.users_count > token["limit"])
            ):
                try:
                    if (await CLN.refresh_token(token)) is None:
                        # license is invalid
                        return self.TOKEN_UPDATE_PERIOD
                except CLNError as e:
                    logger.warning("CLN API error: %s", e)
                    if not LicenseCLN.is_registered():
                        # if we have an error, we will try to register by ip
                        return await self._register_by_ip()
                    else:
                        return self.RETRY_TIMEOUT
                else:
                    # check token again not earlier than half of the token
                    # expiration or half of the day
                    # and no later than the token expiration (3/4 exp_time)
                    # or a day
                    now = time.time()
                    token_will_be_expired = (
                        LicenseCLN()
                        .get_token()
                        .get(
                            "token_expire_utc", now + self.TOKEN_UPDATE_PERIOD
                        )
                        - now
                    )
                    if token_will_be_expired <= 0:
                        # Try another time in a day
                        return self.TOKEN_UPDATE_PERIOD
                    if token_will_be_expired > self.TOKEN_UPDATE_PERIOD:
                        token_will_be_expired = int(self.TOKEN_UPDATE_PERIOD)
                    return token_will_be_expired // 2 + randint(
                        0, token_will_be_expired // 4
                    )
            else:
                # more then a day, sleeping
                return self.TOKEN_UPDATE_PERIOD

    @recurring_check(HOOK_CHECK_TIMEOUT)
    async def check_hooks(self):
        time_now_utc = int(time.time())
        exp_time = LicenseCLN().get_token().get("license_expire_utc")
        if exp_time is None:
            return

        if exp_time <= time_now_utc:
            if not self.expired_called:
                hook = HookEvent.LicenseExpired(exp_time=exp_time)
                await self.sink.process_message(hook)
                self.expired_called = True
        elif (
            exp_time - self.HOOK_EXPIRING_TIME_DELTA < time_now_utc < exp_time
        ):
            if not self.expiring_called:
                hook = HookEvent.LicenseExpiring(exp_time=exp_time)
                await self.sink.process_message(hook)
                self.expiring_called = True

Zerion Mini Shell 1.0