def rotate_keys(self):
"""Call this function to rotate the cluster keys. This is worth
performing periodically to ensure that the system remains
secure - this will also rotate the cluster secret
"""
if self.is_null():
return
if Cluster._is_running_service():
raise PermissionError("Only the client Cluster can rotate keys")
passphrase = self.passphrase("set_cluster")
from Acquire.Crypto import PrivateKey as _PrivateKey
self._oldkeys.append(self._private_key)
self._private_key = _PrivateKey()
self._public_key = self._private_key.public_key()
self._secret = _PrivateKey.random_passphrase()
args = {"passphrase": passphrase,
"cluster": self.to_data()}
self.compute_service().call_function(function="set_cluster",
args=args)
def create(service_url=None, service_uid=None, user=None):
"""Create a new cluster"""
if Cluster._is_running_service():
raise PermissionError(
"You cannot create a Cluster on a running service")
from Acquire.Client import PrivateKey as _PrivateKey
from Acquire.ObjectStore import create_uid as _create_uid
from Acquire.Client import Wallet as _Wallet
wallet = _Wallet()
compute_service = wallet.get_service(service_url=service_url,
service_uid=service_uid)
if not compute_service.is_compute_service():
raise TypeError(
"You can only create a cluster that will communicate "
"with a valid compute service - not %s" % compute_service)
cluster = Cluster()
cluster._uid = _create_uid()
cluster._private_key = _PrivateKey()
cluster._public_key = cluster._private_key.public_key()
cluster._compute_service = compute_service
cluster._secret = _PrivateKey.random_passphrase()
cluster._oldkeys = []
if user is not None:
Cluster.set_cluster(cluster=cluster, user=user)
return cluster
def _create_wallet_key(self, filename):
"""Create a new wallet key for the user"""
password = _get_wallet_password(confirm_password=True)
from Acquire.Client import PrivateKey as _PrivateKey
key = _PrivateKey(name="wallet_key")
bytes = key.bytes(password)
with open(filename, "wb") as FILE:
FILE.write(bytes)
return key
def request_login(self, login_message=None):
"""Request to authenticate as this user. This returns a login URL that
you must connect to to supply your login credentials
If 'login_message' is supplied, then this is passed to
the identity service so that it can be displayed
when the user accesses the login page. This helps
the user validate that they have accessed the correct
login page. Note that if the message is None,
then a random message will be generated.
"""
self._check_for_error()
from Acquire.Client import LoginError
if not self.is_empty():
raise LoginError("You cannot try to log in twice using the same "
"User object. Create another object if you want "
"to try to log in again.")
if self._username is None or len(self._username) == 0:
raise LoginError("Please supply a valid username!")
# first, create a private key that will be used
# to sign all requests and identify this login
from Acquire.Client import PrivateKey as _PrivateKey
session_key = _PrivateKey(name="user_session_key %s" % self._username)
signing_key = _PrivateKey(name="user_session_cert %s" % self._username)
args = {"username": self._username,
"public_key": session_key.public_key().to_data(),
"public_certificate": signing_key.public_key().to_data(),
"scope": self._scope,
"permissions": self._permissions
}
# get information from the local machine to help
# the user validate that the login details are correct
try:
hostname = _socket.gethostname()
ipaddr = _socket.gethostbyname(hostname)
args["hostname"] = hostname
args["ipaddr"] = ipaddr
except:
pass
if login_message is None:
try:
login_message = _get_random_sentence()
except:
pass
if login_message is not None:
args["login_message"] = login_message
identity_service = self.identity_service()
result = identity_service.call_function(
function="request_login", args=args)
try:
login_url = result["login_url"]
except:
login_url = None
if login_url is None:
error = "Failed to login. Could not extract the login URL! " \
"Result is %s" % (str(result))
self._set_error_state(error)
raise LoginError(error)
try:
session_uid = result["session_uid"]
except:
session_uid = None
if session_uid is None:
error = "Failed to login. Could not extract the login " \
"session UID! Result is %s" % (str(result))
self._set_error_state(error)
raise LoginError(error)
# now save all of the needed data
self._login_url = result["login_url"]
self._session_key = session_key
self._signing_key = signing_key
self._session_uid = session_uid
self._status = _LoginStatus.LOGGING_IN
self._user_uid = None
_output("Login by visiting: %s" % self._login_url)
if login_message is not None:
_output("(please check that this page displays the message '%s')"
% login_message)
from Acquire.Identity import LoginSession as _LoginSession
return {"login_url": self._login_url,
"session_uid": session_uid,
"short_uid": _LoginSession.to_short_uid(session_uid)}