Current File : //opt/imunify360/venv/lib64/python3.11/site-packages/defence360agent/plugins/check_license.py |
import asyncio
from contextlib import suppress
import logging
from subprocess import TimeoutExpired
import time
from random import randint
from defence360agent.contracts.config import ANTIVIRUS_MODE, CustomBilling
from defence360agent.contracts.hook_events import HookEvent
from defence360agent.contracts.license import LicenseCLN, AV_DEFAULT_ID
from defence360agent.contracts.plugins import MessageSource
from defence360agent.internals.cln import CLN, CLNError
from defence360agent.internals.iaid import APIError, IndependentAgentIDAPI
from defence360agent.subsys.panels import hosting_panel
from defence360agent.subsys.panels.base import PanelException
from defence360agent.utils import await_for, recurring_check, retry_on
from defence360agent.utils.common import DAY, HOUR
logger = logging.getLogger(__name__)
class CheckLicense(MessageSource):
TOKEN_UPDATE_PERIOD = DAY
RETRY_TIMEOUT = HOUR
HOOK_CHECK_TIMEOUT = DAY
HOOK_EXPIRING_TIME_DELTA = 3 * DAY
def __init__(self):
self.loop = None
self.sink = None
self.check_hooks_task = None
self.check_license_task = None
self.check_iaid_token_task = None
self.expiring_called = False
self.expired_called = False
async def create_source(self, loop, sink):
self.loop = loop
self.sink = sink
self.check_hooks_task = self.loop.create_task(self.check_hooks())
self.check_license_task = self.loop.create_task(
self._recurring_check()
)
async def shutdown(self):
self.check_hooks_task.cancel()
self.check_license_task.cancel()
if self.check_iaid_token_task:
self.check_iaid_token_task.cancel()
with suppress(asyncio.CancelledError):
await self.check_license_task
await self.check_hooks_task
await self.check_iaid_token_task
async def _recurring_check(self):
while True:
try:
await asyncio.sleep(await self._check())
except asyncio.CancelledError:
break
except TimeoutExpired:
logger.error("Token signatures verification timeout expired")
await asyncio.sleep(self.RETRY_TIMEOUT)
except Exception: # NOSONAR pylint:W0703
logger.exception("An exception occurred during license check")
await asyncio.sleep(self.RETRY_TIMEOUT)
async def _register_by_ip(self):
if ANTIVIRUS_MODE and not CustomBilling.IP_LICENSE:
if CustomBilling.UPGRADE_URL or CustomBilling.UPGRADE_URL_360:
return self.TOKEN_UPDATE_PERIOD
try:
await CLN.register("IPL")
return self.TOKEN_UPDATE_PERIOD + randint(
0, self.TOKEN_UPDATE_PERIOD // 2
)
except CLNError as e:
logger.warning("Failed to register by ip: %s", e)
return self.TOKEN_UPDATE_PERIOD
except asyncio.CancelledError:
raise
except Exception as e:
logger.error("Failed to register by ip: %s", e)
return self.RETRY_TIMEOUT
@retry_on(APIError, on_error=await_for(seconds=HOUR), timeout=DAY - HOUR)
async def _iaid_token_check(self):
await IndependentAgentIDAPI.ensure_is_activated_and_valid()
async def _check(self):
# Instead of checking users count every time license is checked
# (and trying to update license if user limit exceeded)
# we only detect number of users during checkin.
# This way, if we exceeded user limit, we will get extended license
# from cln immediately
logger.info("Checkin IAID token")
if (
self.check_iaid_token_task
and not self.check_iaid_token_task.done()
):
self.check_iaid_token_task.cancel()
with suppress(asyncio.CancelledError):
await self.check_iaid_token_task
if self.loop:
# for unit-tests where loop is not initialized
self.check_iaid_token_task = self.loop.create_task(
self._iaid_token_check()
)
logger.info("Checking token")
panel = hosting_panel.HostingPanel()
try:
LicenseCLN.users_count = await panel.users_count()
except PanelException as e:
logger.error("Failed to get users count: %s", e)
return self.RETRY_TIMEOUT
LicenseCLN.get_token.cache_clear()
if not LicenseCLN.is_registered():
logger.info("Server is not registered, skipping checkin")
# Trying to get ip-based license
return await self._register_by_ip()
else:
now = time.time()
token = LicenseCLN.get_token()
# For paid license if less then 2 days or user limit exceeded than
# refreshing token
logger.info("Checking token expiration %r", token)
token_will_be_expired = token["token_expire_utc"] - now
if (
token["id"] != AV_DEFAULT_ID
and (token_will_be_expired < self.TOKEN_UPDATE_PERIOD)
or (LicenseCLN.users_count > token["limit"])
):
try:
if (await CLN.refresh_token(token)) is None:
# license is invalid
return self.TOKEN_UPDATE_PERIOD
except CLNError as e:
logger.warning("CLN API error: %s", e)
if not LicenseCLN.is_registered():
# if we have an error, we will try to register by ip
return await self._register_by_ip()
else:
return self.RETRY_TIMEOUT
else:
# check token again not earlier than half of the token
# expiration or half of the day
# and no later than the token expiration (3/4 exp_time)
# or a day
now = time.time()
token_will_be_expired = (
LicenseCLN()
.get_token()
.get(
"token_expire_utc", now + self.TOKEN_UPDATE_PERIOD
)
- now
)
if token_will_be_expired <= 0:
# Try another time in a day
return self.TOKEN_UPDATE_PERIOD
if token_will_be_expired > self.TOKEN_UPDATE_PERIOD:
token_will_be_expired = int(self.TOKEN_UPDATE_PERIOD)
return token_will_be_expired // 2 + randint(
0, token_will_be_expired // 4
)
else:
# more then a day, sleeping
return self.TOKEN_UPDATE_PERIOD
@recurring_check(HOOK_CHECK_TIMEOUT)
async def check_hooks(self):
time_now_utc = int(time.time())
exp_time = LicenseCLN().get_token().get("license_expire_utc")
if exp_time is None:
return
if exp_time <= time_now_utc:
if not self.expired_called:
hook = HookEvent.LicenseExpired(exp_time=exp_time)
await self.sink.process_message(hook)
self.expired_called = True
elif (
exp_time - self.HOOK_EXPIRING_TIME_DELTA < time_now_utc < exp_time
):
if not self.expiring_called:
hook = HookEvent.LicenseExpiring(exp_time=exp_time)
await self.sink.process_message(hook)
self.expiring_called = True