def write_certs_trc_keys(isd_as, instance_path):
"""
Writes the certificate and the keys for the given service
instance of the given AS.
:param ISD_AS isd_as: ISD the AS belongs to.
:param str instance_path: Location (in the file system) to write
the configuration into.
"""
try:
as_obj = AD.objects.get(isd_id=isd_as[0], as_id=isd_as[1])
except AD.DoesNotExist:
logger.error("AS %s-%s was not found." % (isd_as[0], isd_as[1]))
return
# write keys
sig_path = get_sig_key_file_path(instance_path)
enc_path = get_enc_key_file_path(instance_path)
write_file(sig_path, as_obj.sig_priv_key)
write_file(enc_path, as_obj.enc_priv_key)
# write cert
cert_chain_path = get_cert_chain_file_path(
instance_path, isd_as, INITIAL_CERT_VERSION)
write_file(cert_chain_path, as_obj.certificate)
# write trc
trc_path = get_trc_file_path(instance_path, isd_as[0], INITIAL_TRC_VERSION)
write_file(trc_path, as_obj.trc)
def _gen_as_keys(self, topo_id, as_conf):
sig_pub, sig_priv = generate_sign_keypair()
enc_pub, enc_priv = generate_enc_keypair()
self.sig_priv_keys[topo_id] = sig_priv
self.sig_pub_keys[topo_id] = sig_pub
self.enc_pub_keys[topo_id] = enc_pub
self.enc_priv_keys[topo_id] = enc_priv
sig_path = get_sig_key_file_path("")
enc_path = get_enc_key_file_path("")
self.cert_files[topo_id][sig_path] = base64.b64encode(sig_priv).decode()
self.cert_files[topo_id][enc_path] = base64.b64encode(enc_priv).decode()
if self.is_core(as_conf):
# generate_sign_key_pair uses Ed25519
on_root_pub, on_root_priv = generate_sign_keypair()
off_root_pub, off_root_priv = generate_sign_keypair()
core_sig_pub, core_sig_priv = generate_sign_keypair()
self.pub_online_root_keys[topo_id] = on_root_pub
self.priv_online_root_keys[topo_id] = on_root_priv
self.pub_offline_root_keys[topo_id] = off_root_pub
self.priv_offline_root_keys[topo_id] = off_root_priv
self.pub_core_sig_keys[topo_id] = core_sig_pub
self.priv_core_sig_keys[topo_id] = core_sig_priv
online_key_path = get_online_key_file_path("")
offline_key_path = get_offline_key_file_path("")
core_sig_path = get_core_sig_key_file_path("")
self.cert_files[topo_id][online_key_path] = base64.b64encode(on_root_priv).decode()
self.cert_files[topo_id][offline_key_path] = base64.b64encode(off_root_priv).decode()
self.cert_files[topo_id][core_sig_path] = base64.b64encode(core_sig_priv).decode()
def _load_credentials(as_path, isd_as):
print("Updating AS%s" % isd_as)
# The element to get the credentials from.
# We assume that the beacon server exists in every AS configuration.
key_dict = {}
core_key_dict = {}
as_path = os.path.join(PROJECT_ROOT, GEN_PATH, 'ISD%s/AS%s' % (isd_as.isd_str(), isd_as.as_file_fmt()))
instance_id = "bs%s-%s-1" % (isd_as.isd_str(), isd_as.as_file_fmt())
instance_path = os.path.join(as_path, instance_id)
topo_path = os.path.join(instance_path, TOPO_FILE)
# Credential files for all ASes
as_key_path = {
'cert_path': get_cert_chain_file_path(instance_path, isd_as, INITIAL_CERT_VERSION),
'trc_path': get_trc_file_path(instance_path, isd_as[0], INITIAL_TRC_VERSION),
'enc_key_path': get_enc_key_file_path(instance_path),
'sig_key_path': get_sig_key_file_path(instance_path),
'sig_key_raw_path': get_sig_key_raw_file_path(instance_path),
'as_config_path': os.path.join(instance_path, AS_CONF_FILE),
}
# Credential files for core ASes
core_key_path = {
'core_sig_key_path': get_core_sig_key_file_path(instance_path),
'core_sig_key_raw_path': get_core_sig_key_raw_file_path(instance_path),
'online_key_path': get_online_key_file_path(instance_path),
'online_key_raw_path': get_online_key_raw_file_path(instance_path),
'offline_key_path': get_offline_key_file_path(instance_path),
'offline_key_raw_path': get_offline_key_raw_file_path(instance_path),
}
for key, path in as_key_path.items():
try:
if key.startswith('cert'):
cert = _json_file_to_str(path)
elif key.startswith('trc'):
trc = _json_file_to_str(path)
elif key.startswith('as'):
as_config_dict = _yaml_file_to_dict(path)
key_dict['master_as_key'] = as_config_dict['MasterASKey']
else:
key_name = key[:len(key)-5]
key_dict[key_name] = read_file(path)[:-1]
except IOError as err:
print("IOError({0}): {1}" % (err, path))
exit(1)
tp = Topology.from_file(topo_path)
if tp.is_core_as:
for key, path in core_key_path.items():
try:
key_name = key[:len(key)-5]
core_key_dict[key_name] = read_file(path)[:-1]
except IOError as err:
print("IOError({0}): {1}" % (err, path))
exit(1)
return ASCredential(cert, trc, key_dict, core_key_dict)
def _write_keys(archive, elem_dir, as_):
archive.write_text(get_sig_key_file_path(elem_dir), as_.sig_priv_key)
archive.write_text(get_enc_key_file_path(elem_dir), as_.enc_priv_key)
archive.write_text(get_master_key_file_path(elem_dir, MASTER_KEY_0),
as_.master_as_key)
archive.write_text(get_master_key_file_path(elem_dir, MASTER_KEY_1),
as_.master_as_key) # TODO
if as_.is_core:
archive.write_text(get_core_sig_key_file_path(elem_dir),
as_.core_sig_priv_key)
archive.write_text(get_online_key_file_path(elem_dir),
as_.core_online_priv_key)
archive.write_text(get_offline_key_file_path(elem_dir),
as_.core_offline_priv_key)
def _write_keys(self, elem_dir):
as_ = self.AS
archive = self.archive
archive.write_text(get_sig_key_file_path(elem_dir), as_.sig_priv_key)
archive.write_text(get_enc_key_file_path(elem_dir), as_.enc_priv_key)
archive.write_text(get_master_key_file_path(elem_dir, MASTER_KEY_0),
as_.master_as_key)
archive.write_text(get_master_key_file_path(elem_dir, MASTER_KEY_1),
as_.master_as_key)
if as_.is_core:
archive.write_text(get_core_sig_key_file_path(elem_dir),
as_.core_sig_priv_key)
archive.write_text(get_online_key_file_path(elem_dir),
as_.core_online_priv_key)
archive.write_text(get_offline_key_file_path(elem_dir),
as_.core_offline_priv_key)
def write_certs_trc_keys(isd_as, as_obj, instance_path):
"""
Writes the certificate and the keys for the given service
instance of the given AS.
:param ISD_AS isd_as: ISD the AS belongs to.
:param str instance_path: Location (in the file system) to write
the configuration into.
"""
# write keys
sig_path = get_sig_key_file_path(instance_path)
enc_path = get_enc_key_file_path(instance_path)
write_file(sig_path, as_obj.sig_priv_key)
write_file(enc_path, as_obj.enc_priv_key)
# write cert
cert_chain_path = get_cert_chain_file_path(instance_path, isd_as,
INITIAL_CERT_VERSION)
write_file(cert_chain_path, as_obj.certificate)
# write trc
trc_path = get_trc_file_path(instance_path, isd_as[0], INITIAL_TRC_VERSION)
write_file(trc_path, as_obj.trc)
def write_certs_trc_keys(isd_as, as_obj, instance_path):
"""
Writes the certificate and the keys for the given service
instance of the given AS.
:param ISD_AS isd_as: ISD the AS belongs to.
:param obj as_obj: An object that stores crypto information for AS
:param str instance_path: Location (in the file system) to write
the configuration into.
"""
# write keys
as_key_path = {
'cert':
get_cert_chain_file_path(instance_path, isd_as, INITIAL_CERT_VERSION),
'trc':
get_trc_file_path(instance_path, isd_as[0], INITIAL_TRC_VERSION),
'enc_key':
get_enc_key_file_path(instance_path),
'sig_key':
get_sig_key_file_path(instance_path),
'sig_key_raw':
get_sig_key_raw_file_path(instance_path),
}
core_key_path = {
'core_sig_key': get_core_sig_key_file_path(instance_path),
'core_sig_key_raw': get_core_sig_key_raw_file_path(instance_path),
'online_key': get_online_key_file_path(instance_path),
'online_key_raw': get_online_key_raw_file_path(instance_path),
'offline_key': get_offline_key_file_path(instance_path),
'offline_key_raw': get_offline_key_raw_file_path(instance_path),
}
for key, path in as_key_path.items():
if key == 'cert': # write certificates
write_file(path, as_obj.certificate)
elif key == 'trc': # write trc
write_file(path, as_obj.trc)
else: # write keys
write_file(path, as_obj.keys[key])
if as_obj.core_keys:
for key, path in core_key_path.items():
write_file(path, as_obj.core_keys[key])