We Keep Coding

Python - Error in configuring config sync in clusters registered with Anthos

I am trying to configure Anthos Config Management feature in one of the GKE cluster registered with Google Anthos using python SDK. But unable to figure out the CreateFeatureRequest object to create the request. Can anyone help?
Python Version - 3.8.5
Libraries used - google-cloud-gke-hub==1.4.1
And getting the below error
Traceback (most recent call last):
File "list_config.py", line 62, in <module>
create_feature(client, parent, membership_name)
File "list_config.py", line 28, in create_feature
member_spec = MembershipFeatureSpec(
File "pythonProjectAnthos\venv\lib\site-packages\proto\message.py", line 585, in __init__
super().__setattr__("_pb", self._meta.pb(**params))
TypeError: Parameter to MergeFrom() must be instance of same class: expected google.cloud.gkehub.configmanagement.v1.MembershipSpec got MembershipSpec.
Python Code
from google.cloud import gkehub_v1
from google.oauth2 import service_account
from google.cloud.gkehub_v1.types import MembershipFeatureSpec
from google.cloud.gkehub_v1.types import feature
from google.cloud.gkehub_v1 import configmanagement_v1
projectId = 'xxxxxx'
location = 'global'
def create_feature(client, parent, name):
git_config = configmanagement_v1.GitConfig(
sync_repo="https://github.com/GoogleCloudPlatform/anthos-config-management-samples",
sync_branch="main",
policy_dir="multi-environments-kustomize/config-source/overlays/dev",
secret_type=None
)
config_sync = configmanagement_v1.ConfigSync(
git=git_config,
source_format='unstructured'
)
configmanagement = configmanagement_v1.MembershipSpec(
config_sync=config_sync,
version='1.11.2'
)
member_spec = MembershipFeatureSpec(
configmanagement=configmanagement
)
feature_spec = feature.Feature(
name=name,
membership_specs={
name: member_spec
}
)
logger.info("Creating feature")
# Initialize request argument(s)
request = gkehub_v1.CreateFeatureRequest(
parent=parent,
feature_id='configmanagement',
resource=feature_spec
)
# Make the request
operation = client.create_feature(request=request)
print("Waiting for operation to complete...")
response = operation.result()
print(response)
# Handle the response
print(response.pb)
cluster_name = 'xxxxxxxxxx'
credentials = service_account.Credentials.from_service_account_file('credentials.json')
client = gkehub_v1.GkeHubClient(credentials=credentials)
parent = 'projects/%s/locations/%s' % (projectId, location)
membership_name = '%s/memberships/%s' % (parent, cluster_name)
create_feature(client, parent, membership_name)

Python cryptography -- How to include X509 extensions for "Subject Key Identifier" and "Authority Key Identifier" in a self-signed cert?

I am using the "cryptography" module in Python to create self-signed certificates for testing.
I followed the examples here "https://cryptography.io/en/latest/x509/tutorial.html" and "https://gist.github.com/bloodearnest/9017111a313777b9cce5", and have the following code so far --
def generate_selfsigned_cert(hostname, san_list=None):
"""Generates self signed certificate for a hostname, and optional IP addresses."""
from cryptography import x509
from cryptography.x509.oid import NameOID
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import rsa
from datetime import datetime
from datetime import timedelta
import ipaddress
# Generate pvt key
key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048
)
# Write key to file
pvt_key = self.log_directory + '/server.key.pem'
with open(pvt_key, 'wb') as f:
f.write(key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption(),
))
# Create cert
subject = issuer = x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME, hostname),
x509.NameAttribute(NameOID.COUNTRY_NAME, 'X'),
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, 'X'),
x509.NameAttribute(NameOID.LOCALITY_NAME, 'X'),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, 'X'),
x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, 'X'),
x509.NameAttribute(NameOID.EMAIL_ADDRESS, 'X')
])
# best practice seem to be to include the hostname in the SAN, which *SHOULD* mean COMMON_NAME is ignored.
alt_names = [x509.DNSName(hostname)]
# allow addressing by IP, for when you don't have real DNS (common in most testing scenarios)
if san_list:
for addr in san_list:
# openssl wants DNSnames for ips...
alt_names.append(x509.DNSName(addr))
# ... whereas golang's crypto/tls is stricter, and needs IPAddresses
# note: older versions of cryptography do not understand ip_address objects
alt_names.append(x509.IPAddress(ipaddress.ip_address(addr)))
san = x509.SubjectAlternativeName(alt_names)
# path_len=0 means this cert can only sign itself, not other certs.
basic_contraints = x509.BasicConstraints(ca=True, path_length=0)
key_usage = x509.KeyUsage(digital_signature=True, key_encipherment=True, key_cert_sign=True,
key_agreement=False, content_commitment=False, data_encipherment=False,
crl_sign=False, encipher_only=False, decipher_only=False)
extended_key_usage = x509.ExtendedKeyUsage([x509.oid.ExtendedKeyUsageOID.SERVER_AUTH])
subject_key = x509.SubjectKeyIdentifier(digest=key.public_key())
authority_key = x509.AuthorityKeyIdentifier(key_identifier=key.public_key(), authority_cert_issuer=None, authority_cert_serial_number=None)**
cert = x509.CertificateBuilder()\
.subject_name(subject)\
.issuer_name(issuer)\
.public_key(key.public_key())\
.serial_number(x509.random_serial_number())\
.not_valid_before(datetime.utcnow())\
.not_valid_after(datetime.utcnow() + timedelta(days=10 * 365))\
.add_extension(basic_contraints, False)\
.add_extension(san, False)\
.add_extension(key_usage, True)\
.add_extension(extended_key_usage, False)\
.sign(key, hashes.SHA256())
** .add_extension(subject_key, False)
.add_extension(authority_key, False)**
# Write cert to file
server_cert = self.log_directory + '/server.cert.pem'
with open(server_cert, 'wb') as f:
f.write(cert.public_bytes(encoding=serialization.Encoding.PEM))
When I run this, I get an error --
> File
> "/teams/subhish/pyuniti/projects/sqa/scripts/BSL/TC_31v03_03_01_02_01_ASCG_configuration_and_bring_up.py",
> line 219, in generate_selfsigned_cert
> x509.CertificateBuilder() File "/venvs/subhish/lib/python3.8/site-packages/cryptography/x509/base.py",
> line 723, in sign
> return backend.create_x509_certificate(self, private_key, algorithm) File
> "/venvs/subhish/lib/python3.8/site-packages/cryptography/hazmat/backends/openssl/backend.py",
> line 1035, in create_x509_certificate
> self._create_x509_extensions( File "/venvs/subhish/lib/python3.8/site-packages/cryptography/hazmat/backends/openssl/backend.py",
> line 1141, in _create_x509_extensions
> x509_extension = self._create_x509_extension(handlers, extension) File
> "/venvs/subhish/lib/python3.8/site-packages/cryptography/hazmat/backends/openssl/backend.py",
> line 1182, in _create_x509_extension
> ext_struct = encode(self, extension.value) File "/venvs/subhish/lib/python3.8/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.py",
> line 393, in _encode_subject_key_identifier
> return _encode_asn1_str_gc(backend, ski.digest) File "/venvs/subhish/lib/python3.8/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.py",
> line 74, in _encode_asn1_str_gc
> s = _encode_asn1_str(backend, data) File "/venvs/subhish/lib/python3.8/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.py",
> line 54, in _encode_asn1_str
> res = backend._lib.ASN1_OCTET_STRING_set(s, data, len(data)) TypeError: object of type '_RSAPublicKey' has no len()
The documentation says this --
digest
Type: bytes
The binary value of the identifier. An alias of key_identifier.
But I can't figure out how to generate the key_identifier with python/cryptography. It is my understanding this value needs to be generated from the public_key as per RFC5280 (4.2.1.2, 4.2.1.1) from the private_key.
In the end I want to generate a certificate with the following X509 extensions --
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:38:62:01:AA:0D:AA:EC:18:55:E4:A6:93:36:32:F5:97:F2:5F:88
X509v3 Authority Key Identifier:
keyid:CA:38:62:01:AA:0D:AA:EC:18:55:E4:A6:93:36:32:F5:97:F2:5F:88
X509v3 Basic Constraints:
CA:TRUE, pathlen:0
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Certificate Sign
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Subject Alternative Name:
DNS:abcd.xyz.net
Any help would be greatly appreciated. Thanks - Subhish

SubjectKeyIdentifier and AuthorityKeyIdentifier do not take the public key in their constructors. If you want to construct a typical identifier via the public key then you should use AuthorityKeyIdentifier.from_issuer_public_key and SubjectKeyIdentifier.from_public_key.

Yep, that worked.
Modified the lines like this --
subject_key = x509.SubjectKeyIdentifier.from_public_key(key.public_key())
authority_key = x509.AuthorityKeyIdentifier.from_issuer_public_key(key.public_key())
Thanks Paul!

How to Encrpyt message using PGPY in Python3

I have tried following code to encrypt plaintext message using public key and getting an error.
import pgpy
key,_ = pgpy.PGPKey.from_file('public_key.asc')
data = "This is simple message"
msg = pgpy.PGPMessage.new(data, cleartext=True)
encrypted_message = key.encrypt(msg)
print (encrypted_message)
Error -
Traceback (most recent call last):
File "pgp_encrypt.py", line 8, in <module>
encrypted_message = key.encrypt(msg)
File "/home/<path>/.local/lib/python3.8/site-packages/pgpy/decorators.py", line 125, in _action
with self.usage(key, kwargs.get('user', None)) as _key:
File "/usr/lib/python3.8/contextlib.py", line 113, in __enter__
return next(self.gen)
File "/home/<path>/.local/lib/python3.8/site-packages/pgpy/decorators.py", line 96, in usage
raise PGPError("Key {keyid:s} does not have the required usage flag {flags:s}".format(**em))
pgpy.errors.PGPError: Key 2F0B2A386761A2B8 does not have the required usage flag EncryptStorage, EncryptCommunications
I have followed examples from this link - https://pgpy.readthedocs.io/en/latest/examples.html

Only private key is being used to both decrypt and encrypt in this example.
To encrypt a simple message:
import pgpy
from pgpy.constants import PubKeyAlgorithm, KeyFlags, HashAlgorithm, SymmetricKeyAlgorithm, CompressionAlgorithm
import json
import warnings
key_decrypt,_ = pgpy.PGPKey.from_file('priv.asc')
data = "Encrypt this"
def pgpy_create_key(key):
warnings.filterwarnings("ignore")
uid = pgpy.PGPUID.new('user', email='user#example.gov')
with key.unlock(""):
key.add_uid(uid, usage={KeyFlags.Sign, KeyFlags.EncryptCommunications, KeyFlags.EncryptStorage},
hashes=[HashAlgorithm.SHA256, HashAlgorithm.SHA384, HashAlgorithm.SHA512, HashAlgorithm.SHA224],
ciphers=[SymmetricKeyAlgorithm.AES256, SymmetricKeyAlgorithm.AES192, SymmetricKeyAlgorithm.AES128],
compression=[CompressionAlgorithm.ZLIB, CompressionAlgorithm.BZ2, CompressionAlgorithm.ZIP, CompressionAlgorithm.Uncompressed])
return key
key_encrypt = pgpy_create_key(key_decrypt)
def pgpy_encrypt(key, data):
message = pgpy.PGPMessage.new(data)
enc_message = key.pubkey.encrypt(message)
return bytes(enc_message)
pgpy_enc = pgpy_encrypt(key_encrypt, json.dumps(data))
print (pgpy_enc)
To decrypt a message:
import pgpy
import json
key_decrypt,_ = pgpy.PGPKey.from_file('priv.asc')
encrypted_data =b"\xc1\xc0L\x03/\x0b*8ga\xa2\xb8\x01\x07\xfb\x074\xf3\x06\x17Cu\xcf\xc7q\xe0\xbcn`}\xcc\xb1\xbe\x02\xd0\xf9X^\xbf\x836{-9\xd6\x0b\xe3\x9f\x82\xf0\xfc4\x83\xec\xcb\x95\x06\x9e\xd5e\xf5\x7fo\xf2\x99\x07\xa9\xe5\x958\x88\xf5U\x83\x00\xa8\x99\xa38\x1ec\x8a\x87d\xf9\xd7\x94\xeb\xfej\xf5G\xa2\xd6\xc9\xde[N|1\x08Lb\x95\xc6\x1c\xf6!\xb1\xe4TL\x08\x9a:\xbd5\xa3\xfc\xb5m\x94\xea\xff\r\x07Z3\xe7Q\xb9\x05ya!\xab\x1d_H\x82\xa4\x91\xeb\n \xe6\xe4\x90h\x1f\x8f\xcbA\xff\xcau\xa0i\xb35)\xe6\x1b\x07\x18_\xdf\x8a\x12EH\xbaec\xd9^\xbf\xa5\x88\xe26T\x94\xc8AS(\xc0\xbd\x1b\xba\xff\xd2a\xe4q\xa2\x850\xca\xc88-#3\xd3<\xfc\xe1\xce\xd3\xbf\x1d`JoK#\xb7%\x93\xb2\xb8nZ\xdfs\xf8\xae\xf4\xff\xc9\xf9Kl\x0f\xf9v\x1a{\xa2N\x82X\xb7D\x0e\xf9\xef~\x9b\xa56\x11\xf2\x8f\x0c?*\xa1\n\xd5\xad\x13\x08\x8ak\xeb6_\xac\xd2D\x01\xae)a[+3c*\xd1'\n\n\x06\xa9J\n\x8a\xe2\xca{\xa7\x8b$\xd9\xa6\xbas\xeb\xb4d-\x10\xd7\xeb\xc5\xb4\x12\xa89\xda\xec\xc6\x89g\xf9\xf9\xf9-'\xc0\xc2\xba\xaei\x03\r\xaa\xfc\xfa\x0e\x08\x9a\xc3\x8c\xa9A-"
def pgpy_decrypt(key, enc_data):
message = pgpy.PGPMessage.from_blob(enc_data)
with key.unlock(""):
return (key.decrypt(message).message)
decrypted_data = pgpy_decrypt(key_decrypt, encrypted_data)
print (decrypted_data)

To add to the above, here's an example that works in a single run and that doesn't require saving the key to a file. Of course, in real life, you would want to save the key to a file as #krishna reddy has assumed. But if you just want to see how the API is utilized I recommend looking at the following:
from pgpy import PGPUID, PGPKey, PGPMessage
from pgpy.constants import (
PubKeyAlgorithm,
KeyFlags,
HashAlgorithm,
SymmetricKeyAlgorithm,
CompressionAlgorithm,
)
# 1. Recipient sets up user, and generates a key for that user
uid = PGPUID.new("Abraham Lincoln", comment="Honest Abe", email="abraham.lincoln#whitehouse.gov")
key = PGPKey.new(PubKeyAlgorithm.RSAEncryptOrSign, 4096)
key.add_uid(
uid,
usage={KeyFlags.Sign, KeyFlags.EncryptCommunications, KeyFlags.EncryptStorage},
hashes=[HashAlgorithm.SHA256, HashAlgorithm.SHA384, HashAlgorithm.SHA512, HashAlgorithm.SHA224],
ciphers=[SymmetricKeyAlgorithm.AES256, SymmetricKeyAlgorithm.AES192, SymmetricKeyAlgorithm.AES128],
compression=[
CompressionAlgorithm.ZLIB,
CompressionAlgorithm.BZ2,
CompressionAlgorithm.ZIP,
CompressionAlgorithm.Uncompressed,
],
)
# Typically, recipient then saves the key information to a file on their server
# 2. Recipient publishes the public key.
print(f"public key:\n{key.pubkey}")
# 3. Sender retrieves pubkey.
# Here we use `from_blob`. But typically you'd use `from_file`:
pubkey, _ = PGPKey.from_blob(str(key.pubkey))
# 4. Sender prepares a message
message = PGPMessage.new("Hello PGP! You're so Clever!!!!")
print(f"plaintext: [{message.message}]")
# 5. Sender encrypts the message using the public key
ciphertext = str(pubkey.encrypt(message))
print(f"cipherbytes: [{ciphertext}]")
# 6. Sender sends the ciphertext
# ...
# key below would typically be reconstructed from its saved file
# 7. Recipient decrypts the cyphertext
cipher_msg = PGPMessage.from_blob(ciphertext)
decrypted = key.decrypt(cipher_msg).message
print(f"decrypted: [{decrypted}]")
assert decrypted == message.message
Running the script results in output like the following:
public key:
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsFNBGFMqcABEADJaKvhmgNVqwWOAL8h/tdD9ESlGd0PUquJDenbvEwv1VH7EIWa
nB8fOb/klBeauN9RSzL7VGaCpMvm5Rjz+Z8Cx4mB5yGkABtEdGSvdR3U8z11L5bF
... etc ...
nq/nCRHynRTk7WDnm5AM29mdGE5dd7C9wH6OodY7jXFnPAJZM7a75++XHsCwgoc+
2XdmnSXkFKQT9JIP4VEfV8pqKgBiwE5pQTYPGQ==
=cfgq
-----END PGP PUBLIC KEY BLOCK-----
plaintext: [Hello PGP! You're so Clever!!!!]
ciphertext: [<IntegrityProtectedSKEDataV1 [tag 18][v1] at 0x1021b81f0>]
decrypted: [Hello PGP! You're so Clever!!!!]

AttributeError: type object 'ManagerWithFind' has no attribute 'client'

I am new to python and openstack so please don't lose your cool :)
Here I am trying to instantiate BareMetalNodeManager class object (from np_orchestration.py).
np_orchestration.py
from baremetal import BareMetalNodeManager
from novaclient import base
class np_orchestration:
def provisionNodes(self):
obj = BareMetalNodeManager(base.ManagerWithFind);
var = obj.create(self,"192.168.XXX.XXX",1,514,1,"00:0C:29:XX:XX:XX","192.168.XXX.XXX","XXXX","XXXX")
print var
obj = np_orchestration()
obj.provisionNodes()
This class (located in baremetal.py) requires base.ManagerWithFind as parameter (which is an abstract class)
baremetal.py
class BareMetalNodeManager(base.ManagerWithFind):
"""
Manage :class:`BareMetalNode` resources.
"""
resource_class = BareMetalNode
def create(self,
service_host,
cpus,
memory_mb,
local_gb,
prov_mac_address,
pm_address=None,
pm_user=None,
pm_password=None,
terminal_port=None):
"""
Create a baremetal node.
:param service_host: Name of controlling compute host
:param cpus: Number of CPUs in the node
:param memory_mb: Megabytes of RAM in the node
:param local_gb: Gigabytes of local storage in the node
:param pm_address: Power management IP for the node
:param pm_user: Username for the node's power management
:param pm_password: Password for the node's power management
:param prov_mac_address: MAC address to provision the node
:param terminal_port: ShellInABox port
:rtype: :class:`BareMetalNode`
"""
body = {'node': {'service_host': service_host,
'cpus': cpus,
'memory_mb': memory_mb,
'local_gb': local_gb,
'pm_address': pm_address,
'pm_user': pm_user,
'pm_password': pm_password,
'prov_mac_address': prov_mac_address,
'terminal_port': terminal_port}}
return self._create('/os-baremetal-nodes', body, 'node')
I get the following error when I try to do so:
farooqui#ubuntu:/projects/kenobi$ python np_orchestration.py
Traceback (most recent call last):
File "np_orchestration.py", line 15, in <module>
obj.provisionNodes()
File "np_orchestration.py", line 11, in provisionNodes
var = obj.create(self,"192.168.42.134",1,514,1,"00:0C:29:CF:E6:D9","192.168.42.225","admin","abc")
File "/projects/kenobi/baremetal.py", line 82, in create
return self._create('/os-baremetal-nodes', body, 'node')
File "/opt/stack/python-novaclient/novaclient/base.py", line 100, in _create
_resp, body = self.api.client.post(url, body=body)
AttributeError: type object 'ManagerWithFind' has no attribute 'client'
farooqui#ubuntu:/projects/kenobi$
full version of baremetal.py can be found here:
https://github.com/openstack/python-novaclient/blob/master/novaclient/v1_1/contrib/baremetal.py

import json
from baremetal import BareMetalNodeManager
from novaclient import base, client
import os
config_file = open('config.json')
config_data = json.load(config_file)
class np_orchestration:
def __init__(self):
self.os_auth_url = config_data["config"]["OS_AUTH_URL"]
self.os_username = config_data["config"]["OS_USER"]
self.os_password = config_data["config"]["OS_PASSWORD"]
self.os_tenant_name = config_data["config"]["OS_TENANT_NAME"]
self.os_tenant_id = config_data["config"]["OS_TENANT_ID"]
self.client = client._construct_http_client(self.os_username, self.os_password, project_id=None,
auth_url= self.os_auth_url, endpoint_type='publicURL',
service_type='compute',
auth_system='keystone', auth_plugin=None,
auth_token=None, cacert=None, tenant_id= self.os_tenant_id)
def provisionNodes(self):
obj = BareMetalNodeManager(self);
var = obj.create(self,"192.168.XXX.XXX",1,514,1,"00:0C:29:XX:XX:XX","192.168.XXX.XXX","XXXX","XXXX")
print var
obj = np_orchestration()
obj.provisionNodes()

Accessing unregistered COM objects from python via a registered TLB

I have three pieces of code that i'm working with at the moment:
A closed source application (Main.exe)
A closed source VB COM object implemented as a dll (comobj.dll)
Code that I am developing in Python
comobj.dll hosts a COM object (lets say, 'MainInteract') that I would like to use from Python. I can already use this object perfectly fine from IronPython, but due to other requirements I need to use it from regular Python. I believe the best method here is to use win32com, but I can't quite make any headway at all.
First, some working IronPython code:
import clr
import os
import sys
__dir__ = os.path.dirname(os.path.realpath(__file__))
sys.path.insert(0, __dir__)
sys.path.append(r"C:\Path\To\comobj.dll") #This is where the com object dll actually is
clr.AddReferenceToFileAndPath(os.path.join(__dir__, r'comobj_1_1.dll')) #This is the .NET interop assembly that was created automatically via SharpDevelop's COM Inspector
from comobj_1_1 import clsMainInteract
o = clsMainInteract()
o.DoStuff(True)
And now the code that I attempted in regular Python:
>>> import win32com.client
>>> win32com.client.Dispatch("{11111111-comobj_guid_i_got_from_com_inspector}")
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "C:\Python26\lib\site-packages\win32com\client\__init__.py", line 95, in Dispatch
dispatch, userName = dynamic._GetGoodDispatchAndUserName(dispatch,userName,clsctx)
File "C:\Python26\lib\site-packages\win32com\client\dynamic.py", line 104, in _GetGoodDispatchAndUserName
return (_GetGoodDispatch(IDispatch, clsctx), userName)
File "C:\Python26\lib\site-packages\win32com\client\dynamic.py", line 84, in _GetGoodDispatch
IDispatch = pythoncom.CoCreateInstance(IDispatch, None, clsctx, pythoncom.IID_IDispatch)
pywintypes.com_error: (-2147221164, 'Class not registered', None, None)
I have also attempted using the friendly name of the TLB:
>>> import win32com.client
>>> win32com.client.Dispatch("Friendly TLB Name I Saw")
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "C:\Python26\lib\site-packages\win32com\client\__init__.py", line 95, in Dispatch
dispatch, userName = dynamic._GetGoodDispatchAndUserName(dispatch,userName,clsctx)
File "C:\Python26\lib\site-packages\win32com\client\dynamic.py", line 104, in _GetGoodDispatchAndUserName
return (_GetGoodDispatch(IDispatch, clsctx), userName)
File "C:\Python26\lib\site-packages\win32com\client\dynamic.py", line 84, in _GetGoodDispatch
IDispatch = pythoncom.CoCreateInstance(IDispatch, None, clsctx, pythoncom.IID_IDispatch)
pywintypes.com_error: (-2147221005, 'Invalid class string', None, None)
In fact, the only success I've had was this:
import pythoncom
tlb = pythoncom.LoadRegTypeLib("{11111111-comobj_guid_i_got_from_com_inspector}",1,1,0)
>>> tlb
<PyITypeLib at 0x00AD7D78 with obj at 0x0025EDF0>
>>> tlb.GetDocumentation(1)
(u'clsMainInteract', None, 0, None)
But i'm not sure how to go from there to getting an object. I think my problem is that I need to load the dll into my process and get it to register itself with my process's COM source, so I can properly CoCreateInstance / win32com.client.Dispatch() on it.
I have also seen Activation Contexts referenced, especially when talking about 'no registration COM', but typically in a sentences like "Windows will create a context for you if you specify the right stuff in your .manifest files". I'd like to avoid manifest files if possible, as one would be required in the same folder as the (closed source) COM object dll, and i'd rather not drop any files in that directory if I can avoid it.
Thanks for the help.

What I did to access Free Download Manager's type library was the following:
import pythoncom, win32com.client
fdm = pythoncom.LoadTypeLib('fdm.tlb')
downloads_stat = None
for index in xrange(0, fdm.GetTypeInfoCount()):
type_name = fdm.GetDocumentation(index)[0]
if type_name == 'FDMDownloadsStat':
type_iid = fdm.GetTypeInfo(index).GetTypeAttr().iid
downloads_stat = win32com.client.Dispatch(type_iid)
break
downloads_stat.BuildListOfDownloads(True, True)
print downloads_stat.Download(0).Url
The code above will print the URL of the first download.

Here is a method I devised to load a COM object from a DLL. It was based on a lot of reading about COM, etc. I'm not 100% sure about the last lines, specifically d=. I think that only works if IID_Dispatch is passed in (which you can see if the default param).
In addition, I believe this code leaks - for one, the DLL is never unloaded (use ctypes.windll.kernel32.FreeLibraryW) and I believe the COM ref counts for the initial class factory are off by one, and thus never get released. But still, this works for my application.
import pythoncom
import win32com.client
def CreateInstanceFromDll(dll, clsid_class, iid_interface=pythoncom.IID_IDispatch, pUnkOuter=None, dwClsContext=pythoncom.CLSCTX_SERVER):
from uuid import UUID
from ctypes import OleDLL, c_long, byref
e = OleDLL(dll)
clsid_class = UUID(clsid_class).bytes_le
iclassfactory = UUID(str(pythoncom.IID_IClassFactory)).bytes_le
com_classfactory = c_long(0)
hr = e.DllGetClassObject(clsid_class, iclassfactory, byref(com_classfactory))
MyFactory = pythoncom.ObjectFromAddress(com_classfactory.value, pythoncom.IID_IClassFactory)
i = MyFactory.CreateInstance(pUnkOuter, iid_interface)
d = win32com.client.__WrapDispatch(i)
return d

For a useful utility module that wraps the object-from-DLL case, as well as others, see https://gist.github.com/4219140
__all__ = (
####### Class Objects
#CoGetClassObject - Normal, not wrapped
'CoDllGetClassObject', #Get ClassObject from a DLL file
####### ClassFactory::CreateInstance Wrappers
'CoCreateInstanceFromFactory', #Create an object via IClassFactory::CreateInstance
'CoCreateInstanceFromFactoryLicenced', #Create a licenced object via IClassFactory2::CreateInstanceLic
###### Util
'CoReleaseObject', #Calls Release() on a COM object
###### Main Utility Methods
#'CoCreateInstance', #Not wrapped, normal call
'CoCreateInstanceLicenced', #CoCreateInstance, but with a licence key
###### Hacky DLL methods for reg-free COM without Activation Contexts, manifests, etc
'CoCreateInstanceFromDll', #Given a dll, a clsid, and an iid, create an object
'CoCreateInstanceFromDllLicenced', #Given a dll, a clsid, an iid, and a license key, create an object
)
IID_IClassFactory2 = "{B196B28F-BAB4-101A-B69C-00AA00341D07}"
from uuid import UUID
from ctypes import OleDLL, WinDLL, c_ulong, byref, WINFUNCTYPE, POINTER, c_char_p, c_void_p
from ctypes.wintypes import HRESULT
import pythoncom
import win32com.client
import logging
log = logging.getLogger(__name__)
def _raw_guid(guid):
"""Given a string GUID, or a pythoncom IID, return the GUID laid out in memory suitable for passing to ctypes"""
return UUID(str(guid)).bytes_le
proto_icf2_base = WINFUNCTYPE(HRESULT,
c_ulong,
c_ulong,
c_char_p,
c_ulong,
POINTER(c_ulong),
)
IClassFactory2__CreateInstanceLic = proto_icf2_base(7, 'CreateInstanceLic', (
(1, 'pUnkOuter'),
(1 | 4, 'pUnkReserved'),
(1, 'riid'),
(1, 'bstrKey'),
(2, 'ppvObj'),
), _raw_guid(IID_IClassFactory2))
#--------------------------------
#--------------------------------
def _pc_wrap(iptr, resultCLSID=None):
#return win32com.client.__WrapDispatch(iptr)
log.debug("_pc_wrap: %s, %s"%(iptr, resultCLSID))
disp = win32com.client.Dispatch(iptr, resultCLSID=resultCLSID)
log.debug("_pc_wrap: %s (%s)", disp.__class__.__name__, disp)
return disp
def CoCreateInstanceFromFactory(factory_ptr, iid_interface=pythoncom.IID_IDispatch, pUnkOuter=None):
"""Given a factory_ptr whose interface is IClassFactory, create the instance of clsid_class with the specified interface"""
ClassFactory = pythoncom.ObjectFromAddress(factory_ptr.value, pythoncom.IID_IClassFactory)
i = ClassFactory.CreateInstance(pUnkOuter, iid_interface)
return i
def CoCreateInstanceFromFactoryLicenced(factory_ptr, key, iid_interface=pythoncom.IID_IDispatch, pUnkOuter=None):
"""Given a factory_ptr whose interface is IClassFactory2, create the instance of clsid_class with the specified interface"""
requested_iid = _raw_guid(iid_interface)
ole_aut = WinDLL("OleAut32.dll")
key_bstr = ole_aut.SysAllocString(unicode(key))
try:
obj = IClassFactory2__CreateInstanceLic(factory_ptr, pUnkOuter or 0, c_char_p(requested_iid), key_bstr)
disp_obj = pythoncom.ObjectFromAddress(obj, iid_interface)
return disp_obj
finally:
if key_bstr:
ole_aut.SysFreeString(key_bstr)
#----------------------------------
def CoReleaseObject(obj_ptr):
"""Calls Release() on a COM object. obj_ptr should be a c_void_p"""
if not obj_ptr:
return
IUnknown__Release = WINFUNCTYPE(HRESULT)(2, 'Release', (), pythoncom.IID_IUnknown)
IUnknown__Release(obj_ptr)
#-----------------------------------
def CoCreateInstanceLicenced(clsid_class, key, pythoncom_iid_interface=pythoncom.IID_IDispatch, dwClsContext=pythoncom.CLSCTX_SERVER, pythoncom_wrapdisp=True, wrapas=None):
"""Uses IClassFactory2::CreateInstanceLic to create a COM object given a licence key."""
IID_IClassFactory2 = "{B196B28F-BAB4-101A-B69C-00AA00341D07}"
ole = OleDLL("Ole32.dll")
clsid_class_raw = _raw_guid(clsid_class)
iclassfactory2 = _raw_guid(IID_IClassFactory2)
com_classfactory = c_void_p(0)
ole.CoGetClassObject(clsid_class_raw, dwClsContext, None, iclassfactory2, byref(com_classfactory))
try:
iptr = CoCreateInstanceFromFactoryLicenced(
factory_ptr = com_classfactory,
key=key,
iid_interface=pythoncom_iid_interface,
pUnkOuter=None,
)
if pythoncom_wrapdisp:
return _pc_wrap(iptr, resultCLSID=wrapas or clsid_class)
return iptr
finally:
if com_classfactory:
CoReleaseObject(com_classfactory)
#-----------------------------------------------------------
#DLLs
def CoDllGetClassObject(dll_filename, clsid_class, iid_factory=pythoncom.IID_IClassFactory):
"""Given a DLL filename and a desired class, return the factory for that class (as a c_void_p)"""
dll = OleDLL(dll_filename)
clsid_class = _raw_guid(clsid_class)
iclassfactory = _raw_guid(iid_factory)
com_classfactory = c_void_p(0)
dll.DllGetClassObject(clsid_class, iclassfactory, byref(com_classfactory))
return com_classfactory
def CoCreateInstanceFromDll(dll, clsid_class, iid_interface=pythoncom.IID_IDispatch, pythoncom_wrapdisp=True, wrapas=None):
iclassfactory_ptr = CoDllGetClassObject(dll, clsid_class)
try:
iptr = CoCreateInstanceFromFactory(iclassfactory_ptr, iid_interface)
if pythoncom_wrapdisp:
return _pc_wrap(iptr, resultCLSID=wrapas or clsid_class)
return iptr
finally:
CoReleaseObject(iclassfactory_ptr)
def CoCreateInstanceFromDllLicenced(dll, clsid_class, key, iid_interface=pythoncom.IID_IDispatch, pythoncom_wrapdisp=True, wrapas=None):
iclassfactory2_ptr = CoDllGetClassObject(dll, clsid_class, iid_factory=IID_IClassFactory2)
try:
iptr = CoCreateInstanceFromFactoryLicenced(iclassfactory2_ptr, key, iid_interface)
if pythoncom_wrapdisp:
return _pc_wrap(iptr, resultCLSID=wrapas or clsid_class)
return iptr
finally:
CoReleaseObject(iclassfactory2_ptr)