​ PRC (Python iRODS Client) on Windows: Error

[Nyongha Rose]

Hi

I have tested PRC on Linux and Macos (Terminal). This has worked very good as expected.

Now I' m testing it on Windows (in Command Prompt). Unfortunately, I' m getting the error. I ' m wondering why that error only on Windows. Any help would be appreciated.

(I use SSL Certificate signed by trusted CA.)

Below how my test looks:

1) My file for testing:

C:\Users\Rose\Downloads>type testpy.py

import os
import sys
from irods.session import iRODSSession
import ssl

ssl_context = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH, cafile=None, capath=None, cadata=None)
ssl_settings =  {
               "irods_authentication_scheme": "PAM",
               "irods_client_server_negotiation": "request_server_negotiation",
               "irods_client_server_policy": "CS_NEG_REQUIRE",
               "irods_encryption_key_size": 32,
               "irods_encryption_salt_size": 8,
               "irods_encryption_num_hash_rounds": 16,
               "irods_encryption_algorithm": "AES-256-CBC",
               "ssl_context": ssl_context
}
with iRODSSession(host='XXX', port=1247, user='alice', password='alicepassword', zone='Testzone', **ssl_settings) as session:
    coll = session.collections.get('/Testzone/home/alice')
    print(coll)
    print(coll.path)
    print(coll.id)
    print(coll.name)
    print(coll.metadata.items())

sys.exit(0)

2) To run the file:

C:\Users\Rose\Downloads>python3 testpy.py

C:\Users\Rose\Downloads>python3 testpy.py
Traceback (most recent call last):
  File "C:\Users\Rose\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.11_qbz5n2kfra8p0\LocalCache\local-packages\Python311\site-packages\irods\session.py", line 215, in server_version
    return tuple(ast.literal_eval(reported_vsn))
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.11_3.11.752.0_x64__qbz5n2kfra8p0\Lib\ast.py", line 64, in literal_eval
    node_or_string = parse(node_or_string.lstrip(" \t"), mode='eval')
                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.11_3.11.752.0_x64__qbz5n2kfra8p0\Lib\ast.py", line 50, in parse
    return compile(source, filename, mode, flags,
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "<unknown>", line 0

SyntaxError: invalid syntax

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Users\Rose\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.11_qbz5n2kfra8p0\LocalCache\local-packages\Python311\site-packages\irods\session.py", line 221, in __server_version
    conn = next(iter(self.pool.active))
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
StopIteration

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Users\Rose\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.11_qbz5n2kfra8p0\LocalCache\local-packages\Python311\site-packages\irods\pool.py", line 59, in get_connection
    conn = self.idle.pop()
           ^^^^^^^^^^^^^^^
KeyError: 'pop from an empty set'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Users\Rose\Downloads\testpy.py", line 23, in <module>
    coll = session.collections.get('/Testzone/home/alice')
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\Rose\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.11_qbz5n2kfra8p0\LocalCache\local-packages\Python311\site-packages\irods\manager\collection_manager.py", line 21, in get
    query = self.sess.query(Collection).filter(*filters)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\Rose\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.11_qbz5n2kfra8p0\LocalCache\local-packages\Python311\site-packages\irods\session.py", line 193, in query
    return Query(self, *args)
           ^^^^^^^^^^^^^^^^^^
  File "C:\Users\Rose\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.11_qbz5n2kfra8p0\LocalCache\local-packages\Python311\site-packages\irods\query.py", line 44, in __init__
    if self.sess.server_version >= col.min_version:
       ^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\Rose\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.11_qbz5n2kfra8p0\LocalCache\local-packages\Python311\site-packages\irods\session.py", line 217, in server_version
    return self.__server_version()
           ^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\Rose\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.11_qbz5n2kfra8p0\LocalCache\local-packages\Python311\site-packages\irods\session.py", line 224, in __server_version
    conn = self.pool.get_connection()
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\Rose\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.11_qbz5n2kfra8p0\LocalCache\local-packages\Python311\site-packages\irods\pool.py", line 15, in method_
    ret = method(self,*s,**kw)
          ^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\Rose\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.11_qbz5n2kfra8p0\LocalCache\local-packages\Python311\site-packages\irods\pool.py", line 75, in get_connection
    conn = Connection(self, self.account)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\Rose\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.11_qbz5n2kfra8p0\LocalCache\local-packages\Python311\site-packages\irods\connection.py", line 63, in __init__
    self._server_version = self._connect()
                           ^^^^^^^^^^^^^^^
  File "C:\Users\Rose\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.11_qbz5n2kfra8p0\LocalCache\local-packages\Python311\site-packages\irods\connection.py", line 289, in _connect
    self.ssl_startup()
  File "C:\Users\Rose\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.11_qbz5n2kfra8p0\LocalCache\local-packages\Python311\site-packages\irods\connection.py", line 191, in ssl_startup
    wrapped_socket = context.wrap_socket(self.socket,
                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.11_3.11.752.0_x64__qbz5n2kfra8p0\Lib\ssl.py", line 517, in wrap_socket
    return self.sslsocket_class._create(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.11_3.11.752.0_x64__qbz5n2kfra8p0\Lib\ssl.py", line 1075, in _create
    self.do_handshake()
  File "C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.11_3.11.752.0_x64__qbz5n2kfra8p0\Lib\ssl.py", line 1346, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:992)

3) Error in log file:

$ cat /var/log/irods/irods.log

{"log_category":"legacy","log_facility":"local0","log_level":"error","log_message":"[-]\t/irods_source/server/core/src/rodsAgent.cpp:578:int runIrodsAgentFactory(sockaddr_un) :  status [SSL_HANDSHAKE_ERROR]  errno [] -- message [failed to call 'agent start']\n\t[-]\t/irods_source/lib/core/src/sockComm.cpp:129:irods::error sockAgentStart(irods::network_object_ptr) :  status [SSL_HANDSHAKE_ERROR]  errno [] -- message [failed to call 'agent start']\n\t\t[-]\t/irods_source/plugins/network/src/ssl.cpp:764:irods::error ssl_agent_start(irods::plugin_context &) :  status [SSL_HANDSHAKE_ERROR]  errno [] -- message [error calling SSL_accept | error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca]\n\n","server_host":"XXX","server_pid":634333,"server_timestamp":"2023-03-03T12:20:56.647Z","server_type":"agent"}
{"log_category":"legacy","log_facility":"local0","log_level":"error","log_message":"Agent process [634333] exited with status [1]","server_host":"XXX","server_pid":549602,"server_timestamp":"2023-03-03T12:20:56.651Z","server_type":"agent_factory"}

[dmoore.renci]

Hello,

Working on reproducing this error, but it could be a help to know:

  1) If the error is new behavior. if you've tested on any previous releases of the Python iRODS Client.

  2) Which Windows version you're running on.

Thanks!

Daniel Moore - Applications Engineer

iRODS Consortium, RENCI, UNC Chapel Hill, NC, USA

[Nyongha Rose]

Hello,

thanks for this reply.

1) This is my first time testing PRC on Windows. Do you think that this error could be related to the current PRC version? If yes, I will try the previous version.

2) Windows 10 Pro

KR,

Rose

[dmoore.renci]

The current version of PRC, v1.1.6, should be fine.  Just trying to narrow things down....

We also want to make sure this is not iRODS 4.3.0 you're connecting to... if you are using 4.3.0, the authentication method will be different in the environment file:

    "irods_authentication_scheme": "pam_password"

due to the new authentication framework. Please see:

https://github.com/irods/irods_docs/blob/main/docs/plugins/pluggable_authentication.md#pam-pluggable-authentication-module

[Daniel Moore]

(Given that your clients on Linux and MacOS are also using "PAM" for the authentication method, I suspect it's iRODS 4.2 you are using , but I just wanted to make sure!)

--
--
The Integrated Rule-Oriented Data System (iRODS) - https://irods.org
 
iROD-Chat: http://groups.google.com/group/iROD-Chat
---
You received this message because you are subscribed to a topic in the Google Groups "iRODS-Chat" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/irod-chat/LJ7g0uFX1wY/unsubscribe.
To unsubscribe from this group and all its topics, send an email to irod-chat+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/irod-chat/e13cb906-8873-4580-82ef-049a7778c04cn%40googlegroups.com.

[Nyongha Rose]

Hi,

Again thanks.

I' m using irods 4.3.0:

$ ienv
     irods_version - 4.3.0

       ...

I have tried to use "irods_authentication_scheme": "pam_password". Unfortunately, this has not solved my problem.

By using this link https://github.com/irods/python-irodsclient/issues/362, I have changed my file like below. Fortunately, this has solved my problem. It is now working as expected.

C:\Users\Rose\Downloads>type testpy.py
import os
import sys
from irods.session import iRODSSession
import ssl

ssl_context = ssl._create_unverified_context(purpose=ssl.Purpose.SERVER_AUTH, cafile=None, capath=None, cadata=None)
ssl_settings =  {

               "irods_client_server_negotiation": "request_server_negotiation",
               "irods_client_server_policy": "CS_NEG_REQUIRE",
               "irods_encryption_key_size": 32,
               "irods_encryption_salt_size": 8,
               "irods_encryption_num_hash_rounds": 16,
               "irods_encryption_algorithm": "AES-256-CBC",
               "ssl_context": ssl_context
}

with iRODSSession(host='XXX', port=1247, authentication_scheme='PAM', user='alice', password='alicepassword', zone='Testzone', **ssl_settings) as session:

    coll = session.collections.get('/Testzone/home/alice')
    print(coll)
    print(coll.path)
    print(coll.id)
    print(coll.name)
    print(coll.metadata.items())

sys.exit(0)

[dmoore.renci]

Yes, the current PRC (v1.1.6) internally uses _create_unverified_context if an "ssl_context" object is not provided, so ideally you should no longer have to instantiate your own in this way (see the README - link further on in text) , but then again - if this is working for you and you don't need the certificate. that's great ! 

If  you wanted to switch to using your trusted SSL certificate, you might be able to do that on Windows (caveat - I've no Windows/SSL specific knowledge myself) by using settings such as the following in your ssl_settings dict object: "ssl_ca_certificate_file": <CERT_PATH>, 'ssl_verify_server': 'cert' 

The README has an example of how to do connect this way as well, at https://github.com/irods/python-irodsclient/blob/v1.1.6/README.rst#establishing-a-secure-connection , though the explanation is UNIX/Linux-centric, and I'm not sure where these certs would be located on Windows. Although  perhaps it doesn't matter, since we're talking about a client.)

Still a bit confused why your error didn't show on MacOS or Linux with the exact same Python code, however.