def test_get_secret(self, *_):
cert_manager = CertificateManager(self.tempdir)
cert_manager.generate_secrets()
assert all(
cert_manager.get_secret(x) == "secret"
for x in cert_manager.CrossbarUsers.__members__.values())
def test_generate_secrets(self):
cert_manager = CertificateManager(self.tempdir)
cert_manager.generate_secrets()
assert set(os.listdir(cert_manager.secrets_path)) == \
set(f"{x}.{cert_manager.SECRET_EXT}"
for x in cert_manager.CrossbarUsers.__members__.keys())
def test_generate_if_needed_windows(self, create_cert, gen_key_pair,
gen_dh_params, *_):
cert_manager = CertificateManager(self.tempdir)
with patch('builtins.open'):
cert_manager.generate_if_needed()
assert gen_dh_params.called
assert gen_key_pair.called
assert create_cert.called
def generate_rpc_certificate(datadir: str):
from golem.rpc.cert import CertificateManager
from golem.rpc.common import CROSSBAR_DIR
cert_dir = os.path.join(datadir, CROSSBAR_DIR)
os.makedirs(cert_dir, exist_ok=True)
cert_manager = CertificateManager(cert_dir)
cert_manager.generate_if_needed()
def test_generate_if_needed_no_fw_secrecy(self, create_cert, gen_key_pair,
gen_dh_params, *_):
cert_manager = CertificateManager(self.tempdir,
setup_forward_secrecy=False)
with patch('builtins.open'):
cert_manager.generate_if_needed()
assert not gen_dh_params.called
assert gen_key_pair.called
assert create_cert.called
def test_create_and_sign_certificate(self):
cert_manager = CertificateManager(self.tempdir)
cert_manager._generate_key_pair(cert_manager.key_path, bits=1024)
key = cert_manager.read_key()
cert_manager._create_and_sign_certificate(key, cert_manager.cert_path)
assert cert_manager.read_certificate()
def test_init_with_forward_secrecy(self):
cert_manager = CertificateManager(self.tempdir,
setup_forward_secrecy=True)
assert cert_manager.forward_secrecy
assert cert_manager.key_path.startswith(self.tempdir)
assert cert_manager.cert_path.startswith(self.tempdir)
assert cert_manager.dh_path.startswith(self.tempdir)
def __init__(self,
datadir: str,
host: str = CROSSBAR_HOST,
port: int = CROSSBAR_PORT,
realm: str = CROSSBAR_REALM,
ssl: bool = True) -> None:
address = WebSocketAddress(host, port, realm, ssl)
cert_manager = CertificateManager(
os.path.join(get_local_datadir(datadir), CROSSBAR_DIR))
crsb_user = cert_manager.CrossbarUsers.golemcli
secret = cert_manager.get_secret(crsb_user)
self.session = Session(
address,
crsb_user=crsb_user,
crsb_user_secret=secret,
)
def __init__(
self,
cli, # pylint: disable=too-many-arguments
cert_manager: CertificateManager,
host: str = CROSSBAR_HOST,
port: int = CROSSBAR_PORT,
realm: str = CROSSBAR_REALM,
ssl: bool = True) -> None:
address = WebSocketAddress(host, port, realm, ssl)
self.cli = cli
crsb_user = cert_manager.CrossbarUsers.golemcli
self.session = Session(
address,
crsb_user=crsb_user,
crsb_user_secret=cert_manager.get_secret(crsb_user))
def _users_config(cert_manager: cert.CertificateManager):
# configuration for crsb_users with admin priviliges
admin_role: str = CrossbarRouter.CrossbarRoles.admin.name
docker_role: str = CrossbarRouter.CrossbarRoles.docker.name
user_roles = {
cert_manager.CrossbarUsers.golemapp: admin_role,
cert_manager.CrossbarUsers.golemcli: admin_role,
cert_manager.CrossbarUsers.electron: admin_role,
cert_manager.CrossbarUsers.docker: docker_role,
}
crsb_users = {}
for user, role in user_roles.items():
entry = {}
entry['secret'] = cert_manager.get_secret(user)
entry['role'] = role
crsb_users[user.name] = entry
return crsb_users
def start():
freeze_support()
delete_reactor()
flags = dict(interactive=('-i', '--interactive'),
mainnet=('-m', '--mainnet'),
address=('-a', '--address'),
port=('-p', '--port'),
trust=('-t', '--verify-trust'),
datadir=("-d", "--datadir"))
flag_options = dict(
interactive=dict(dest="interactive",
action="store_true",
default=False,
help="Enter interactive mode"),
mainnet=dict(dest="mainnet",
action="store_true",
default=False,
help="Use mainnet chain"),
address=dict(dest="address",
type=str,
default=CROSSBAR_HOST,
help="Golem node's RPC address"),
port=dict(dest="port",
type=int,
default=CROSSBAR_PORT,
help="Golem node's RPC port"),
datadir=dict(dest="datadir",
default=None,
type=click.Path(
exists=True,
file_okay=False,
readable=True,
),
help="Golem node's data dir"),
trust=dict(dest="verify_trust",
action="store_true",
default=False,
help="Verify Golem node's certificate"),
)
# process initial arguments
parser = argparse.ArgumentParser(add_help=False)
for flag_name, flag in flags.items():
parser.add_argument(*flag, **flag_options[flag_name])
args = sys.argv[1:]
parsed, forwarded = parser.parse_known_args(args)
install_reactor()
# platform trust settings
if not parsed.verify_trust:
disable_platform_trust()
# setup logging if in interactive mode
interactive = parsed.interactive
if interactive:
config_logging("_cli")
cli = CLI()
else:
import logging
logging.raiseExceptions = 0
cli = CLI(main_parser=parser, main_parser_options=flag_options)
check_golem_running(parsed.datadir, parsed.mainnet)
if parsed.mainnet:
set_environment('mainnet', None)
datadir = get_local_datadir('default', root_dir=parsed.datadir)
working_dir = os.path.join(datadir, CROSSBAR_DIR)
# run the cli
ws_cli = WebSocketCLI(cli,
CertificateManager(working_dir),
host=parsed.address,
port=parsed.port)
ws_cli.execute(forwarded, interactive=interactive)
def test_generate_key_pair(self):
cert_manager = CertificateManager(self.tempdir)
cert_manager._generate_key_pair(cert_manager.key_path, bits=64)
assert isinstance(cert_manager.read_key(), crypto.PKey)
def test_generate_dh_params(self):
cert_manager = CertificateManager(self.tempdir,
setup_forward_secrecy=True)
cert_manager._generate_dh_params(cert_manager.dh_path, bits=16)
with open(cert_manager.dh_path, 'rb') as f:
assert f.read()
def test_init_windows(self, *_):
cert_manager = CertificateManager(self.tempdir)
assert not cert_manager.forward_secrecy
assert cert_manager.key_path.startswith(self.tempdir)
assert cert_manager.cert_path.startswith(self.tempdir)
assert cert_manager.dh_path.startswith(self.tempdir)