Ejemplo n.º 1
0
def run_server():
    endpoint = 'tcp://0.0.0.0:5555'
    print("endpoint: {}".format(endpoint))
    srv = zerorpc.Server(Service())

    ctx = zerorpc.Context.get_instance()
    auth = ThreadAuthenticator(ctx)
    auth.start()
    auth.allow('127.0.0.1')
    # Tell authenticator to use the certificate in a directory
    auth.configure_curve(domain='*', location=public_keys_dir)

    zmq_socket = srv._events._socket

    server_secret_file = os.path.join(secret_keys_dir, "server.key_secret")
    server_public, server_secret = zmq.auth.load_certificate(server_secret_file)
    if SECURE:
        print("Secure transport")
        zmq_socket.curve_secretkey = server_secret
        zmq_socket.curve_publickey = server_public
        zmq_socket.curve_server = True

    srv.bind(endpoint)
    srv_task = gevent.spawn(srv.run)
    srv_task.join()
Ejemplo n.º 2
0
def pyzmq_authenticator(pyzmq_context):
    auth = ThreadAuthenticator(pyzmq_context)
    auth.start()
    auth.allow('127.0.0.1')
    auth.configure_curve(domain='*', location=zmq.auth.CURVE_ALLOW_ANY)
    yield
    auth.stop()
Ejemplo n.º 3
0
    def test_blacklist_whitelist(self):
        """test threaded auth - Blacklist and Whitelist"""
        self.auth = auth = zmq.auth.ThreadedAuthenticator(self.context)
        auth.start()

        # Blacklist 127.0.0.1, connection should fail
        auth.deny("127.0.0.1")
        server = self.socket(zmq.PUSH)
        # By setting a domain we switch on authentication for NULL sockets,
        # though no policies are configured yet.
        server.zap_domain = b"global"
        client = self.socket(zmq.PULL)
        self.assertFalse(self.can_connect(server, client))
        client.close()
        server.close()

        # Whitelist 127.0.0.1, which overrides the blacklist, connection should pass"
        auth.allow("127.0.0.1")
        server = self.socket(zmq.PUSH)
        # By setting a domain we switch on authentication for NULL sockets,
        # though no policies are configured yet.
        server.zap_domain = b"global"
        client = self.socket(zmq.PULL)
        self.assertTrue(self.can_connect(server, client))
        client.close()
        server.close()

        auth.stop()
Ejemplo n.º 4
0
def pyzmq_authenticator(pyzmq_context):
    auth = ThreadAuthenticator(pyzmq_context)
    auth.start()
    auth.allow('127.0.0.1')
    auth.configure_curve(domain='*', location=zmq.auth.CURVE_ALLOW_ANY)
    yield
    auth.stop()
Ejemplo n.º 5
0
def run_server():
    endpoint = 'tcp://0.0.0.0:5555'
    print("endpoint: {}".format(endpoint))
    srv = zerorpc.Server(Service())

    ctx = zerorpc.Context.get_instance()
    auth = ThreadAuthenticator(ctx)
    auth.start()
    auth.allow('127.0.0.1')
    # Tell authenticator to use the certificate in a directory
    auth.configure_curve(domain='*', location=public_keys_dir)

    zmq_socket = srv._events._socket

    server_secret_file = os.path.join(secret_keys_dir, "server.key_secret")
    server_public, server_secret = zmq.auth.load_certificate(
        server_secret_file)
    if SECURE:
        print("Secure transport")
        zmq_socket.curve_secretkey = server_secret
        zmq_socket.curve_publickey = server_public
        zmq_socket.curve_server = True

    srv.bind(endpoint)
    srv_task = gevent.spawn(srv.run)
    srv_task.join()
Ejemplo n.º 6
0
def run():
    """Run Ironhouse example"""

    # These directories are generated by the generate_certificates script
    base_dir = os.path.dirname(__file__)
    keys_dir = os.path.join(base_dir, 'certificates')
    public_keys_dir = os.path.join(base_dir, 'public_keys')
    secret_keys_dir = os.path.join(base_dir, 'private_keys')

    if not (os.path.exists(keys_dir) and
            os.path.exists(public_keys_dir) and
            os.path.exists(secret_keys_dir)):
        logging.critical("Certificates are missing - run generate_certificates.py script first")
        sys.exit(1)

    ctx = zmq.Context.instance()

    # Start an authenticator for this context.
    auth = ThreadAuthenticator(ctx)
    auth.start()
    auth.allow('127.0.0.1')
    # Tell authenticator to use the certificate in a directory
    auth.configure_curve(domain='*', location=public_keys_dir)

    server = ctx.socket(zmq.PUSH)

    server_secret_file = os.path.join(secret_keys_dir, "server.key_secret")
    server_public, server_secret = zmq.auth.load_certificate(server_secret_file)
    server.curve_secretkey = server_secret
    server.curve_publickey = server_public
    server.curve_server = True  # must come before bind
    server.bind('tcp://*:9000')

    client = ctx.socket(zmq.PULL)

    # We need two certificates, one for the client and one for
    # the server. The client must know the server's public key
    # to make a CURVE connection.
    client_secret_file = os.path.join(secret_keys_dir, "client.key_secret")
    client_public, client_secret = zmq.auth.load_certificate(client_secret_file)
    client.curve_secretkey = client_secret
    client.curve_publickey = client_public

    server_public_file = os.path.join(public_keys_dir, "server.key")
    server_public, _ = zmq.auth.load_certificate(server_public_file)
    # The client must know the server's public key to make a CURVE connection.
    client.curve_serverkey = server_public
    client.connect('tcp://127.0.0.1:9000')

    server.send(b"Hello")

    if client.poll(1000):
        msg = client.recv()
        if msg == b"Hello":
            logging.info("Ironhouse test OK")
    else:
        logging.error("Ironhouse test FAIL")

    # stop auth thread
    auth.stop()
Ejemplo n.º 7
0
def run():
    """Run Ironhouse example"""

    # These direcotries are generated by the generate_certificates script
    base_dir = os.path.dirname(__file__)
    keys_dir = os.path.join(base_dir, "certificates")
    public_keys_dir = os.path.join(base_dir, "public_keys")
    secret_keys_dir = os.path.join(base_dir, "private_keys")

    if not (os.path.exists(keys_dir) and os.path.exists(public_keys_dir) and os.path.exists(secret_keys_dir)):
        logging.critical("Certificates are missing - run generate_certificates script first")
        sys.exit(1)

    # Start an authenticator for this context.
    auth = IOLoopAuthenticator()
    auth.allow("127.0.0.1")
    # Tell authenticator to use the certificate in a directory
    auth.configure_curve(domain="*", location=public_keys_dir)

    server_secret_file = os.path.join(secret_keys_dir, "server.key_secret")
    server = setup_server(server_secret_file)
    server_public_file = os.path.join(public_keys_dir, "server.key")
    client_secret_file = os.path.join(secret_keys_dir, "client.key_secret")
    client = setup_client(client_secret_file, server_public_file)
    client.send(b"Hello")

    auth.start()
    ioloop.IOLoop.instance().start()
Ejemplo n.º 8
0
def run():
    ''' Run Ironhouse example '''

    # These directories are generated by the generate_certificates script
    base_dir = os.path.dirname(__file__)
    keys_dir = os.path.join(base_dir, 'certificates')
    public_keys_dir = os.path.join(base_dir, 'public_keys')
    secret_keys_dir = os.path.join(base_dir, 'private_keys')

    if not (os.path.exists(keys_dir) and
            os.path.exists(public_keys_dir) and
            os.path.exists(secret_keys_dir)):
        logging.critical("Certificates are missing - run generate_certificates.py script first")
        sys.exit(1)

    ctx = zmq.Context.instance()

    # Start an authenticator for this context.
    auth = ThreadAuthenticator(ctx)
    auth.start()
    auth.allow('127.0.0.1')
    # Tell authenticator to use the certificate in a directory
    auth.configure_curve(domain='*', location=public_keys_dir)

    server = ctx.socket(zmq.PUSH)

    server_secret_file = os.path.join(secret_keys_dir, "server.key_secret")
    server_public, server_secret = zmq.auth.load_certificate(server_secret_file)
    server.curve_secretkey = server_secret
    server.curve_publickey = server_public
    server.curve_server = True  # must come before bind
    server.bind('tcp://*:9000')

    client = ctx.socket(zmq.PULL)

    # We need two certificates, one for the client and one for
    # the server. The client must know the server's public key
    # to make a CURVE connection.
    client_secret_file = os.path.join(secret_keys_dir, "client.key_secret")
    client_public, client_secret = zmq.auth.load_certificate(client_secret_file)
    client.curve_secretkey = client_secret
    client.curve_publickey = client_public

    server_public_file = os.path.join(public_keys_dir, "server.key")
    server_public, _ = zmq.auth.load_certificate(server_public_file)
    # The client must know the server's public key to make a CURVE connection.
    client.curve_serverkey = server_public
    client.connect('tcp://127.0.0.1:9000')

    server.send(b"Hello")

    if client.poll(1000):
        msg = client.recv()
        if msg == b"Hello":
            logging.info("Ironhouse test OK")
    else:
        logging.error("Ironhouse test FAIL")

    # stop auth thread
    auth.stop()
Ejemplo n.º 9
0
def run():
    '''Run Ironhouse example'''

    # These direcotries are generated by the generate_certificates script
    base_dir = os.path.dirname(__file__)
    keys_dir = os.path.join(base_dir, 'certificates')
    public_keys_dir = os.path.join(base_dir, 'public_keys')
    secret_keys_dir = os.path.join(base_dir, 'private_keys')

    if not (os.path.exists(keys_dir) and os.path.exists(public_keys_dir)
            and os.path.exists(secret_keys_dir)):
        logging.critical(
            "Certificates are missing - run generate_certificates script first"
        )
        sys.exit(1)

    # Start an authenticator for this context.
    auth = IOLoopAuthenticator()
    auth.allow('127.0.0.1')
    # Tell authenticator to use the certificate in a directory
    auth.configure_curve(domain='*', location=public_keys_dir)

    server_secret_file = os.path.join(secret_keys_dir, "server.key_secret")
    server = setup_server(server_secret_file)
    server_public_file = os.path.join(public_keys_dir, "server.key")
    client_secret_file = os.path.join(secret_keys_dir, "client.key_secret")
    client = setup_client(client_secret_file, server_public_file)
    client.send(b'Hello')

    auth.start()
    ioloop.IOLoop.instance().start()
Ejemplo n.º 10
0
def run():
    ''' Run Ironhouse example '''

    # These directories are generated by the generate_certificates script
    keys_dir = os.path.dirname(__file__)

    ctx = zmq.Context.instance()

    # Start an authenticator for this context.
    auth = ThreadAuthenticator(ctx)
    auth.start()
    auth.allow('127.0.0.1')
    # Tell authenticator to use the certificate in a directory
    print(keys_dir)
    #auth.configure_curve(domain='*', location=keys_dir)
    auth.configure_curve(domain='*', location=".")

    server_key_file = os.path.join(keys_dir, "server.key")
    server_public, server_secret = zmq.auth.load_certificate(server_key_file)

    server = ctx.socket(zmq.PUSH)
    server.curve_secretkey = server_secret
    server.curve_publickey = server_public
    server.curve_server = True  # must come before bind
    server.bind('tcp://*:9000')

    server.send(b"Hello")
    # Make sure that there is time to finish the handshake
    time.sleep(2)

    # stop auth thread
    auth.stop()
Ejemplo n.º 11
0
    def test_curve_configured_server(self):
        """test ioloop auth - CURVE, configured server"""

        self.auth = auth = zmq.auth.IOLoopAuthenticator(self.context, io_loop=self.io_loop)
        auth.start()
        auth.allow("127.0.0.1")

        base_dir, public_keys_dir, secret_keys_dir = self.create_certs()
        certs = self.load_certs(secret_keys_dir)
        server_public, server_secret, client_public, client_secret = certs

        auth.configure_curve(domain="*", location=public_keys_dir)

        self.server.curve_publickey = server_public
        self.server.curve_secretkey = server_secret
        self.server.curve_server = True

        self.client.curve_publickey = client_public
        self.client.curve_secretkey = client_secret
        self.client.curve_serverkey = server_public
        self.pullstream.on_recv(self.on_message_succeed)

        t = self.io_loop.time()
        self.io_loop.add_timeout(t + 0.1, self.attempt_connection)
        self.io_loop.add_timeout(t + 0.2, self.send_msg)
        # Timeout the test so the test case can complete even if no message
        # is received.
        self.io_loop.add_timeout(t + 0.5, self.on_test_timeout_fail)

        self.io_loop.start()

        if not (self.test_result == True):
            self.fail(self.test_result)

        self.remove_certs(base_dir)
Ejemplo n.º 12
0
def run():
    '''Run strawhouse client'''

    allow_test_pass = False
    deny_test_pass = False

    ctx = zmq.Context().instance()

    # Start an authenticator for this context.
    auth = ThreadAuthenticator(ctx)
    auth.start()

    # Part 1 - demonstrate allowing clients based on IP address
    auth.allow('127.0.0.1')

    server = ctx.socket(zmq.PUSH)
    server.zap_domain = b'global'  # must come before bind
    server.bind('tcp://*:9000')

    client_allow = ctx.socket(zmq.PULL)
    client_allow.connect('tcp://127.0.0.1:9000')

    server.send(b"Hello")

    msg = client_allow.recv()
    if msg == b"Hello":
        allow_test_pass = True

    client_allow.close()

    # Part 2 - demonstrate denying clients based on IP address
    auth.stop()
    
    auth = ThreadAuthenticator(ctx)
    auth.start()
    
    auth.deny('127.0.0.1')

    client_deny = ctx.socket(zmq.PULL)
    client_deny.connect('tcp://127.0.0.1:9000')
    
    if server.poll(50, zmq.POLLOUT):
        server.send(b"Hello")

        if client_deny.poll(50):
            msg = client_deny.recv()
        else:
            deny_test_pass = True
    else:
        deny_test_pass = True

    client_deny.close()

    auth.stop()  # stop auth thread

    if allow_test_pass and deny_test_pass:
        logging.info("Strawhouse test OK")
    else:
        logging.error("Strawhouse test FAIL")
def main(args):

    context = zmq.Context()
    socket = context.socket(zmq.PUB)

    auth = ThreadAuthenticator(context)
    auth.start()
    auth.allow('127.0.0.1')

    if args.public_key and args.private_key:
        auth.configure_curve(domain='*', location=zmq.auth.CURVE_ALLOW_ANY)

        server_public_file = args.public_key
        server_secret_file = args.private_key
        server_public, server_secret = zmq.auth.load_certificate(
            server_secret_file)

        socket.curve_secretkey = server_secret
        socket.curve_publickey = server_public
        socket.curve_server = True

    socket.bind("tcp://*:%s" % args.port)

    miseq_run_dir_regex = ".+/\d{6}_[A-Z0-9]{6}_\d{4}_\d{9}-[A-Z0-9]{5}$"
    miseq_sample_sheet_regex = ".+/\d{6}_[A-Z0-9]{6}_\d{4}_\d{9}-[A-Z0-9]{5}/SampleSheet.csv$"
    miseq_run_completion_status_regex = ".+/\d{6}_[A-Z0-9]{6}_\d{4}_\d{9}-[A-Z0-9]{5}/RunCompletionStatus.xml$"
    illumina_run_dir_regexes = [
        miseq_sample_sheet_regex,
        miseq_run_dir_regex,
        miseq_run_completion_status_regex,
    ]

    run_dir_event_handler = RunDirEventHandler(
        socket,
        regexes=illumina_run_dir_regexes,
        print_messages=args.print_messages)

    observers = []
    for path in args.path:
        observer = Observer()
        observer.schedule(run_dir_event_handler, path, recursive=True)
        observer.start()
        observers.append(observer)

    heartbeat_thread = threading.Thread(
        target=heartbeat,
        args=([socket, args.heartbeat_interval, args.print_heartbeat]),
        daemon=True)
    heartbeat_thread.start()

    try:
        while True:
            time.sleep(1)
    except KeyboardInterrupt:
        for observer in observers:
            observer.stop()
            observer.join()
        auth.stop()
Ejemplo n.º 14
0
def run():
    '''Run woodhouse example'''

    valid_client_test_pass = False
    invalid_client_test_pass = False

    ctx = zmq.Context().instance()

    # Start an authenticator for this context.
    auth = ThreadAuthenticator(ctx)
    auth.start()
    auth.allow('127.0.0.1')
    # Instruct authenticator to handle PLAIN requests
    auth.configure_plain(domain='*', passwords={'admin': 'secret'})

    server = ctx.socket(zmq.PUSH)
    server.plain_server = True  # must come before bind
    server.bind('tcp://*:9000')

    client = ctx.socket(zmq.PULL)
    client.plain_username = b'admin'
    client.plain_password = b'secret'
    client.connect('tcp://127.0.0.1:9000')

    server.send(b"Hello")

    if client.poll():
        msg = client.recv()
        if msg == b"Hello":
            valid_client_test_pass = True

    client.close()


    # now use invalid credentials - expect no msg received
    client2 = ctx.socket(zmq.PULL)
    client2.plain_username = b'admin'
    client2.plain_password = b'bogus'
    client2.connect('tcp://127.0.0.1:9000')

    server.send(b"World")

    if client2.poll(50):
        msg = client.recv()
        if msg == "World":
            invalid_client_test_pass = False
    else:
        # no message is expected
        invalid_client_test_pass = True

    # stop auth thread
    auth.stop()

    if valid_client_test_pass and invalid_client_test_pass:
        logging.info("Woodhouse test OK")
    else:
        logging.error("Woodhouse test FAIL")
Ejemplo n.º 15
0
def run():
    '''Run woodhouse example'''

    valid_client_test_pass = False
    invalid_client_test_pass = False

    ctx = zmq.Context.instance()

    # Start an authenticator for this context.
    auth = ThreadAuthenticator(ctx)
    auth.start()
    auth.allow('127.0.0.1')
    # Instruct authenticator to handle PLAIN requests
    auth.configure_plain(domain='*', passwords={'admin': 'secret'})

    server = ctx.socket(zmq.PUSH)
    server.plain_server = True  # must come before bind
    server.bind('tcp://*:9000')

    client = ctx.socket(zmq.PULL)
    client.plain_username = b'admin'
    client.plain_password = b'secret'
    client.connect('tcp://127.0.0.1:9000')

    server.send(b"Hello")

    if client.poll():
        msg = client.recv()
        if msg == b"Hello":
            valid_client_test_pass = True

    client.close()

    # now use invalid credentials - expect no msg received
    client2 = ctx.socket(zmq.PULL)
    client2.plain_username = b'admin'
    client2.plain_password = b'bogus'
    client2.connect('tcp://127.0.0.1:9000')

    server.send(b"World")

    if client2.poll(50):
        msg = client.recv()
        if msg == "World":
            invalid_client_test_pass = False
    else:
        # no message is expected
        invalid_client_test_pass = True

    # stop auth thread
    auth.stop()

    if valid_client_test_pass and invalid_client_test_pass:
        logging.info("Woodhouse test OK")
    else:
        logging.error("Woodhouse test FAIL")
Ejemplo n.º 16
0
def _init_auth(ctx, only_localhost, config: Configuration):
    auth = ThreadAuthenticator(ctx)
    auth.start()

    if only_localhost:
        auth.allow('127.0.0.1')
    else:
        auth.allow('*')

    auth.configure_curve(domain='*', location=config.zmq_public_keys_dir())
Ejemplo n.º 17
0
 def init(self):
     srv = zerorpc.Server(self.methods)
     ctx = zerorpc.Context.get_instance()
     auth = ThreadAuthenticator(ctx)
     auth.start()
     auth.allow(*self.whitelist)
     auth.configure_curve(domain='*', location=self.public_keys_dir)
     zmq_socket = srv._events._socket
     zmq_socket.curve_secretkey = self.server_secret
     zmq_socket.curve_publickey = self.server_public
     zmq_socket.curve_server = True
     return srv
Ejemplo n.º 18
0
    def run(self):
        ''' Run Ironhouse example '''

        # These directories are generated by the generate_certificates script
        keys_dir = self.config['certs']['certs']
        public_keys_dir = self.config['certs']['public']
        secret_keys_dir = self.config['certs']['private']
        if not (util.check_dir(keys_dir) and util.check_dir(public_keys_dir) and util.check_dir(secret_keys_dir)):
            logging.critical("Certificates are missing - run generate_certificates.py script first")
            sys.exit(1)
        logger.info("Keys: %s  |  Public: %s  |  Secret: %s", keys_dir, public_keys_dir, secret_keys_dir)

        ctx = zmq.Context.instance()

        # Start an authenticator for this context.
        auth = ThreadAuthenticator(ctx)
        auth.start()
        for ip in self.config['server']['auth']:
            auth.allow(ip)

        # Tell authenticator to use the certificate in a directory
        auth.configure_curve(domain='*', location=public_keys_dir)

        server = ctx.socket(zmq.REP)

        server_secret_file = os.path.join(secret_keys_dir, "server.key_secret")
        server_public, server_secret = zmq.auth.load_certificate(server_secret_file)
        server.curve_secretkey = server_secret
        server.curve_publickey = server_public
        server.curve_server = True  # must come before bind
        bind_info = 'tcp://%s:%s' % (self.config['server']['listen'], self.config['server']['port'])
        server.bind(bind_info)
        logger.info("Server bound to: %s", bind_info)

        self.load_plugins()
        logger.info("Starting reciever.")

        while True:
            msg = server.recv()
            self.handle_msg(msg)
            server.send("ack")

        auth.stop()
Ejemplo n.º 19
0
def run():
    ''' Run Stonehouse example '''

    # These directories are generated by the generate_certificates script
    keys_dir = os.path.dirname(__file__)

    ctx = zmq.Context.instance()

    # Start an authenticator for this context.
    auth = ThreadAuthenticator(ctx)
    auth.start()
    auth.allow('127.0.0.1')
    # Tell the authenticator how to handle CURVE requests
    auth.configure_curve(domain='*', location=zmq.auth.CURVE_ALLOW_ANY)

    client = ctx.socket(zmq.PULL)
    # We need two certificates, one for the client and one for
    # the server. The client must know the server's public key
    # to make a CURVE connection.
    client_secret_file = os.path.join(keys_dir, "client.key")
    client_public, client_secret = zmq.auth.load_certificate(
        client_secret_file)
    client.curve_secretkey = client_secret
    client.curve_publickey = client_public

    # The client must know the server's public key to make a CURVE connection.
    server_public_file = os.path.join(keys_dir, "server.key")
    server_public, _ = zmq.auth.load_certificate(server_public_file)
    client.curve_serverkey = server_public

    client.connect('tcp://127.0.0.1:9000')

    if client.poll(100000):
        msg = client.recv()
        if msg == b"Hello":
            logging.info("Stonehouse test OK")
    else:
        logging.error("Stonehouse test FAIL")

    # stop auth thread
    auth.stop()
Ejemplo n.º 20
0
def run():

    base_dir = os.path.dirname(__file__)
    server_dir = os.path.join(base_dir, 'server')
    key_dir = os.path.join(server_dir, 'certificates')
    authorized_keys = os.path.join(server_dir, 'authorized')

    make_clean_dirs([server_dir, authorized_keys])
    generate_keys(server_dir)

    ctx = zmq.Context.instance()
    auth = ThreadAuthenticator(ctx, 'utf-8', logging.getLogger('utf'))
    auth.start()
    auth.allow('127.0.0.1')
    authenticator_refresher = ctx.socket(zmq.PULL)
    authenticator_refresher.bind("tcp://*:9010")
    auth.configure_curve(domain='*', location=authorized_keys)

    server = ctx.socket(zmq.REP)
    server_secret_file = os.path.join(key_dir, "id.key_secret")
    server_public, server_secret = zmq.auth.load_certificate(
        server_secret_file)
    server.curve_secretkey = server_secret
    server.curve_publickey = server_public
    server.curve_server = True
    server.bind('tcp://*:9000')

    authenticator_refresher.recv()
    auth.configure_curve(domain='*', location=authorized_keys)

    req = server.recv()
    print(req)
    if req == b"hi":
        server.send(b"hello")
    else:
        print("wrong request: " + req)

    auth.stop()
Ejemplo n.º 21
0
def run():
    """ Run Ironhouse example """

    # These directories are generated by the generate_certificates script
    base_dir = os.path.dirname(__file__)
    keys_dir = os.path.join(base_dir, "certificates")
    public_keys_dir = os.path.join(base_dir, "public_keys")
    secret_keys_dir = os.path.join(base_dir, "private_keys")

    if not (os.path.exists(keys_dir) and os.path.exists(public_keys_dir) and os.path.exists(secret_keys_dir)):
        logging.critical("Certificates are missing - run generate_certificates.py script first")
        sys.exit(1)

    ctx = zmq.Context.instance()

    # Start an authenticator for this context.
    auth = ThreadAuthenticator(ctx)
    auth.start()
    auth.allow("127.0.0.1")
    # Tell authenticator to use the certificate in a directory
    auth.configure_curve(domain="*", location=public_keys_dir)

    server = ctx.socket(zmq.PUSH)

    server_secret_file = os.path.join(secret_keys_dir, "server.key_secret")
    server_public, server_secret = zmq.auth.load_certificate(server_secret_file)
    server.curve_secretkey = server_secret
    server.curve_publickey = server_public
    server.curve_server = True  # must come before bind
    server.bind("tcp://*:9000")

    server_public_file = os.path.join(public_keys_dir, "server.key")
    server_public, _ = zmq.auth.load_certificate(server_public_file)
    # The client must know the server's public key to make a CURVE connection.

    server.send('{AdvisorId" : "71864", "Phone": "952-921-4972"}')
Ejemplo n.º 22
0
async def run():
    ''' Run Ironhouse example '''

    # These directories are generated by the generate_certificates script
    base_dir = Path(__file__).parent
    keys_dir = base_dir / 'certificates'
    public_keys_dir = base_dir / 'public_keys'
    secret_keys_dir = base_dir / 'private_keys'

    if not keys_dir.is_dir() or not public_keys_dir.is_dir(
    ) or not secret_keys_dir.is_dir():
        logging.critical(
            "Certificates are missing - run generate_certificates.py script first"
        )
        sys.exit(1)

    ctx = Context.instance()

    # Start an authenticator for this context.
    auth = AsyncioAuthenticator(ctx)
    auth.start()
    auth.allow('127.0.0.1')
    # Tell authenticator to use the certificate in a directory
    auth.configure_curve(domain='*', location=public_keys_dir)

    server = ctx.socket(zmq.PUSH)

    server_secret_file = secret_keys_dir / "server.key_secret"
    server_public, server_secret = zmq.auth.load_certificate(
        server_secret_file)
    server.curve_secretkey = server_secret
    server.curve_publickey = server_public
    server.curve_server = True  # must come before bind
    server.bind('tcp://*:9000')

    client = ctx.socket(zmq.PULL)

    # We need two certificates, one for the client and one for
    # the server. The client must know the server's public key
    # to make a CURVE connection.
    client_secret_file = secret_keys_dir / "client.key_secret"
    client_public, client_secret = zmq.auth.load_certificate(
        client_secret_file)
    client.curve_secretkey = client_secret
    client.curve_publickey = client_public

    server_public_file = public_keys_dir / "server.key"
    server_public, _ = zmq.auth.load_certificate(server_public_file)
    # The client must know the server's public key to make a CURVE connection.
    client.curve_serverkey = server_public
    client.connect('tcp://127.0.0.1:9000')

    await server.send(b"Hello")

    if await client.poll(1000):
        msg = await client.recv()
        if msg == b"Hello":
            logging.info("Ironhouse test OK")
    else:
        logging.error("Ironhouse test FAIL")

    # close sockets
    server.close()
    client.close()
    # stop auth task
    auth.stop()
Ejemplo n.º 23
0
    def __init__(self,
                 address=None,
                 port=None,
                 protocol=None,
                 pattern=0,
                 receive_mode=False,
                 logging=False,
                 **options):

        try:
            # import PyZMQ library
            import zmq

            # import ZMQError
            from zmq.error import ZMQError

            # assign values to global variable for further use
            self.__zmq = zmq
            self.__ZMQError = ZMQError
        except ImportError as error:
            # raise error
            raise ImportError(
                "[NetGear:ERROR] :: pyzmq python library not installed. Kindly install it with `pip install pyzmq` command."
            )

        # enable logging if specified
        self.__logging = False
        if logging:
            self.__logging = logging

        # define valid messaging patterns => `0`: zmq.PAIR, `1`:(zmq.REQ,zmq.REP), and `1`:(zmq.SUB,zmq.PUB)
        valid_messaging_patterns = {
            0: (zmq.PAIR, zmq.PAIR),
            1: (zmq.REQ, zmq.REP),
            2: (zmq.PUB, zmq.SUB),
        }

        # initialize messaging pattern
        msg_pattern = None
        # check whether user-defined messaging pattern is valid
        if isinstance(pattern, int) and pattern in valid_messaging_patterns:
            # assign value
            msg_pattern = valid_messaging_patterns[pattern]
            self.__pattern = pattern  # add it to global variable for further use
        else:
            # otherwise default to 0:`zmq.PAIR`
            self.__pattern = 0
            msg_pattern = valid_messaging_patterns[self.__pattern]
            # log it
            if self.__logging:
                logger.warning(
                    "Wrong pattern value, Defaulting to `zmq.PAIR`! Kindly refer Docs for more Information."
                )

        # check  whether user-defined messaging protocol is valid
        if not (protocol in ["tcp", "ipc"]):
            # else default to `tcp` protocol
            protocol = "tcp"
            # log it
            if self.__logging:
                logger.warning(
                    "Protocol is invalid or not provided. Defaulting to `tcp` protocol!"
                )

        # generate random device id
        self.__id = "".join(
            random.choice("0123456789ABCDEF") for i in range(5))

        self.__msg_flag = 0  # handles connection flags
        self.__msg_copy = False  # handles whether to copy data
        self.__msg_track = False  # handles whether to track packets

        self.__multiserver_mode = False  # handles multiserver_mode state
        recv_filter = ""  # user-defined filter to allow specific port/servers only in multiserver_mode

        # define bi-directional data transmission mode
        self.__bi_mode = False  # handles bi_mode state
        self.__bi_data = None  # handles return data

        # define valid  ZMQ security mechanisms => `0`: Grasslands, `1`:StoneHouse, and `1`:IronHouse
        valid_security_mech = {
            0: "Grasslands",
            1: "StoneHouse",
            2: "IronHouse"
        }
        self.__secure_mode = 0  # handles ZMQ security layer status
        auth_cert_dir = ""  # handles valid ZMQ certificates dir
        self.__auth_publickeys_dir = ""  # handles valid ZMQ public certificates dir
        self.__auth_secretkeys_dir = ""  # handles valid ZMQ private certificates dir
        overwrite_cert = False  # checks if certificates overwriting allowed
        custom_cert_location = ""  # handles custom ZMQ certificates path

        # handle force socket termination if there's latency in network
        self.__force_close = False

        # define stream compression handlers
        self.__compression = ""  # disabled by default
        self.__compression_params = None

        # reformat dict
        options = {str(k).strip(): v for k, v in options.items()}

        # assign values to global variables if specified and valid
        for key, value in options.items():
            if key == "multiserver_mode" and isinstance(value, bool):
                if pattern > 0:
                    # multi-server mode
                    self.__multiserver_mode = value
                else:
                    self.__multiserver_mode = False
                    logger.critical("Multi-Server is disabled!")
                    raise ValueError(
                        "[NetGear:ERROR] :: `{}` pattern is not valid when Multi-Server Mode is enabled. Kindly refer Docs for more Information."
                        .format(pattern))
            elif key == "filter" and isinstance(value, str):
                # custom filter in multi-server mode
                recv_filter = value

            elif (key == "secure_mode" and isinstance(value, int)
                  and (value in valid_security_mech)):
                # secure mode
                assert zmq.zmq_version_info() >= (
                    4,
                    0,
                ), "[NetGear:ERROR] :: ZMQ Security feature is not supported in libzmq version < 4.0."
                self.__secure_mode = value
            elif key == "custom_cert_location" and isinstance(value, str):
                # custom auth certificates path
                assert os.access(
                    value, os.W_OK
                ), "[NetGear:ERROR] :: Permission Denied!, cannot write ZMQ authentication certificates to '{}' directory!".format(
                    value)
                assert os.path.isdir(
                    os.path.abspath(value)
                ), "[NetGear:ERROR] :: `custom_cert_location` value must be the path to a valid directory!"
                custom_cert_location = os.path.abspath(value)
            elif key == "overwrite_cert" and isinstance(value, bool):
                # enable/disable auth certificate overwriting
                overwrite_cert = value

            # handle encoding and decoding if specified
            elif (key == "compression_format" and isinstance(value, str)
                  and value.lower().strip()
                  in [".jpg", ".jpeg", ".bmp", ".png"]):  # few are supported
                # enable encoding
                if not (receive_mode):
                    self.__compression = value.lower().strip()
            elif key == "compression_param":
                # specify encoding/decoding params
                if receive_mode and isinstance(value, int):
                    self.__compression_params = value
                    if self.__logging:
                        logger.debug("Decoding flag: {}.".format(value))
                elif not (receive_mode) and isinstance(value, (list, tuple)):
                    if self.__logging:
                        logger.debug("Encoding parameters: {}.".format(value))
                    self.__compression_params = list(value)
                else:
                    if self.__logging:
                        logger.warning(
                            "Invalid compression parameters: {} skipped!".
                            format(value))
                    self.__compression_params = (
                        cv2.IMREAD_COLOR if receive_mode else []
                    )  # skip to defaults

            # enable bi-directional data transmission if specified
            elif key == "bidirectional_mode" and isinstance(value, bool):
                # check if pattern is valid
                if pattern < 2:
                    self.__bi_mode = True
                else:
                    self.__bi_mode = False
                    logger.critical(
                        "Bi-Directional data transmission is disabled!")
                    raise ValueError(
                        "[NetGear:ERROR] :: `{}` pattern is not valid when Bi-Directional Mode is enabled. Kindly refer Docs for more Information."
                        .format(pattern))

            # enable force socket closing if specified
            elif key == "force_terminate" and isinstance(value, bool):
                # check if address is local
                if address is None:
                    self.__force_close = False
                    logger.critical(
                        "Force termination is disabled for local servers!")
                else:
                    self.__force_close = True
                    if self.__logging:
                        logger.warning(
                            "Force termination is enabled for this connection!"
                        )

            # various ZMQ flags
            elif key == "flag" and isinstance(value, int):
                self.__msg_flag = value
            elif key == "copy" and isinstance(value, bool):
                self.__msg_copy = value
            elif key == "track" and isinstance(value, bool):
                self.__msg_track = value
            else:
                pass

        # handle secure mode
        if self.__secure_mode:
            # import important libs
            import zmq.auth
            from zmq.auth.thread import ThreadAuthenticator

            # log if overwriting is enabled
            if overwrite_cert:
                if not receive_mode:
                    if self.__logging:
                        logger.warning(
                            "Overwriting ZMQ Authentication certificates over previous ones!"
                        )
                else:
                    overwrite_cert = False
                    if self.__logging:
                        logger.critical(
                            "Overwriting ZMQ Authentication certificates is disabled for Client-end!"
                        )

            # generate and validate certificates path
            try:
                # check if custom certificates path is specified
                if custom_cert_location:
                    (
                        auth_cert_dir,
                        self.__auth_secretkeys_dir,
                        self.__auth_publickeys_dir,
                    ) = generate_auth_certificates(custom_cert_location,
                                                   overwrite=overwrite_cert,
                                                   logging=logging)
                else:
                    # otherwise auto-generate suitable path
                    from os.path import expanduser

                    (
                        auth_cert_dir,
                        self.__auth_secretkeys_dir,
                        self.__auth_publickeys_dir,
                    ) = generate_auth_certificates(
                        os.path.join(expanduser("~"), ".vidgear"),
                        overwrite=overwrite_cert,
                        logging=logging,
                    )

                # log it
                if self.__logging:
                    logger.debug(
                        "`{}` is the default location for storing ZMQ authentication certificates/keys."
                        .format(auth_cert_dir))
            except Exception as e:
                # catch if any error occurred
                logger.exception(str(e))
                # also disable secure mode
                self.__secure_mode = 0
                logger.critical(
                    "ZMQ Security Mechanism is disabled for this connection!")
        else:
            # log if disabled
            if self.__logging:
                logger.warning(
                    "ZMQ Security Mechanism is disabled for this connection!")

        # handle bi_mode
        if self.__bi_mode:
            # disable bi_mode if multi-server is enabled
            if self.__multiserver_mode:
                self.__bi_mode = False
                logger.critical(
                    "Bi-Directional Data Transmission is disabled when Multi-Server Mode is Enabled due to incompatibility!"
                )
            else:
                # enable force termination by default
                self.__force_close = True
                if self.__logging:
                    logger.warning(
                        "Force termination is enabled for this connection by default!"
                    )
                    logger.debug(
                        "Bi-Directional Data Transmission is enabled for this connection!"
                    )

        # initialize termination flag
        self.__terminate = False

        # initialize exit_loop flag
        self.__exit_loop = False

        # initialize and assign receive mode to global variable
        self.__receive_mode = receive_mode

        # define messaging context instance
        self.__msg_context = zmq.Context.instance()

        # check whether `receive_mode` is enabled by user
        if receive_mode:

            # if does than define connection address
            if address is None:
                address = "*"  # define address

            # check if multiserver_mode is enabled
            if self.__multiserver_mode:
                # check if unique server port address list/tuple is assigned or not in multiserver_mode
                if port is None or not isinstance(port, (tuple, list)):
                    # raise error if not
                    raise ValueError(
                        "[NetGear:ERROR] :: Incorrect port value! Kindly provide a list/tuple of ports while Multi-Server mode is enabled. For more information refer VidGear docs."
                    )
                else:
                    # otherwise log it
                    logger.debug(
                        "Enabling Multi-Server Mode at PORTS: {}!".format(
                            port))
                # create port address buffer for keeping track of incoming server's port
                self.__port_buffer = []
            else:
                # otherwise assign local port address if None
                if port is None:
                    port = "5555"

            try:
                # initiate and handle secure mode
                if self.__secure_mode > 0:
                    # start an authenticator for this context
                    auth = ThreadAuthenticator(self.__msg_context)
                    auth.start()
                    auth.allow(str(address))  # allow current address

                    # check if `IronHouse` is activated
                    if self.__secure_mode == 2:
                        # tell authenticator to use the certificate from given valid dir
                        auth.configure_curve(
                            domain="*", location=self.__auth_publickeys_dir)
                    else:
                        # otherwise tell the authenticator how to handle the CURVE requests, if `StoneHouse` is activated
                        auth.configure_curve(domain="*",
                                             location=zmq.auth.CURVE_ALLOW_ANY)

                # initialize and define thread-safe messaging socket
                self.__msg_socket = self.__msg_context.socket(msg_pattern[1])
                if self.__pattern == 2 and not (self.__secure_mode):
                    self.__msg_socket.set_hwm(1)

                if self.__multiserver_mode:
                    # if multiserver_mode is enabled, then assign port addresses to zmq socket
                    for pt in port:
                        # enable specified secure mode for the zmq socket
                        if self.__secure_mode > 0:
                            # load server key
                            server_secret_file = os.path.join(
                                self.__auth_secretkeys_dir,
                                "server.key_secret")
                            server_public, server_secret = zmq.auth.load_certificate(
                                server_secret_file)
                            # load  all CURVE keys
                            self.__msg_socket.curve_secretkey = server_secret
                            self.__msg_socket.curve_publickey = server_public
                            # enable CURVE connection for this socket
                            self.__msg_socket.curve_server = True

                        # define socket options
                        if self.__pattern == 2:
                            self.__msg_socket.setsockopt_string(
                                zmq.SUBSCRIBE, recv_filter)

                        # bind socket to given server protocol, address and ports
                        self.__msg_socket.bind(protocol + "://" +
                                               str(address) + ":" + str(pt))

                    # define socket optimizer
                    self.__msg_socket.setsockopt(zmq.LINGER, 0)

                else:
                    # enable specified secure mode for the zmq socket
                    if self.__secure_mode > 0:
                        # load server key
                        server_secret_file = os.path.join(
                            self.__auth_secretkeys_dir, "server.key_secret")
                        server_public, server_secret = zmq.auth.load_certificate(
                            server_secret_file)
                        # load  all CURVE keys
                        self.__msg_socket.curve_secretkey = server_secret
                        self.__msg_socket.curve_publickey = server_public
                        # enable CURVE connection for this socket
                        self.__msg_socket.curve_server = True

                    # define exclusive socket options for patterns
                    if self.__pattern == 2:
                        self.__msg_socket.setsockopt_string(zmq.SUBSCRIBE, "")

                    # bind socket to given protocol, address and port normally
                    self.__msg_socket.bind(protocol + "://" + str(address) +
                                           ":" + str(port))

                    # define socket optimizer
                    self.__msg_socket.setsockopt(zmq.LINGER, 0)

            except Exception as e:
                logger.exception(str(e))
                # otherwise raise value error if errored
                if self.__secure_mode:
                    logger.warning(
                        "Failed to activate ZMQ Security Mechanism: `{}` for this address!"
                        .format(valid_security_mech[self.__secure_mode]))
                if self.__multiserver_mode:
                    raise ValueError(
                        "[NetGear:ERROR] :: Multi-Server Mode, failed to connect to ports: {} with pattern: {}! Kindly recheck all parameters."
                        .format(str(port), pattern))
                else:
                    raise ValueError(
                        "[NetGear:ERROR] :: Failed to bind address: {} and pattern: {}! Kindly recheck all parameters."
                        .format((protocol + "://" + str(address) + ":" +
                                 str(port)), pattern))

            # log and enable threaded queue mode
            if self.__logging:
                logger.debug(
                    "Threaded Queue Mode is enabled by default for NetGear.")
            # define deque and assign it to global var
            self.__queue = deque(maxlen=96)  # max len 96 to check overflow

            # initialize and start threading instance
            self.__thread = Thread(target=self.__update,
                                   name="NetGear",
                                   args=())
            self.__thread.daemon = True
            self.__thread.start()

            if self.__logging:
                # finally log progress
                logger.debug(
                    "Successfully Binded to address: {} with pattern: {}.".
                    format((protocol + "://" + str(address) + ":" + str(port)),
                           pattern))
                if self.__secure_mode:
                    logger.debug(
                        "Enabled ZMQ Security Mechanism: `{}` for this address, Successfully!"
                        .format(valid_security_mech[self.__secure_mode]))
                logger.debug(
                    "Multi-threaded Receive Mode is enabled Successfully!")
                logger.debug("Device Unique ID is {}.".format(self.__id))
                logger.debug("Receive Mode is activated successfully!")
        else:
            # otherwise default to `Send Mode`
            if address is None:
                address = "localhost"  # define address

            # check if multiserver_mode is enabled
            if self.__multiserver_mode:
                # check if unique server port address is assigned or not in multiserver_mode
                if port is None:
                    # raise error is not
                    raise ValueError(
                        "[NetGear:ERROR] :: Kindly provide a unique & valid port value at Server-end. For more information refer VidGear docs."
                    )
                else:
                    # otherwise log it
                    logger.debug(
                        "Enabling Multi-Server Mode at PORT: {} on this device!"
                        .format(port))
                    # assign value to global variable
                    self.port = port
            else:
                # otherwise assign local port address if None
                if port is None:
                    port = "5555"

            try:
                # initiate and handle secure mode
                if self.__secure_mode > 0:
                    # start an authenticator for this context
                    auth = ThreadAuthenticator(self.__msg_context)
                    auth.start()
                    auth.allow(str(address))  # allow current address

                    # check if `IronHouse` is activated
                    if self.__secure_mode == 2:
                        # tell authenticator to use the certificate from given valid dir
                        auth.configure_curve(
                            domain="*", location=self.__auth_publickeys_dir)
                    else:
                        # otherwise tell the authenticator how to handle the CURVE requests, if `StoneHouse` is activated
                        auth.configure_curve(domain="*",
                                             location=zmq.auth.CURVE_ALLOW_ANY)

                # initialize and define thread-safe messaging socket
                self.__msg_socket = self.__msg_context.socket(msg_pattern[0])

                if self.__pattern == 1:
                    # if pattern is 1, define additional flags
                    self.__msg_socket.REQ_RELAXED = True
                    self.__msg_socket.REQ_CORRELATE = True
                if self.__pattern == 2 and not (self.__secure_mode):
                    self.__msg_socket.set_hwm(
                        1)  # if pattern is 2, define additional optimizer

                # enable specified secure mode for the zmq socket
                if self.__secure_mode > 0:
                    # load client key
                    client_secret_file = os.path.join(
                        self.__auth_secretkeys_dir, "client.key_secret")
                    client_public, client_secret = zmq.auth.load_certificate(
                        client_secret_file)
                    # load  all CURVE keys
                    self.__msg_socket.curve_secretkey = client_secret
                    self.__msg_socket.curve_publickey = client_public
                    # load server key
                    server_public_file = os.path.join(
                        self.__auth_publickeys_dir, "server.key")
                    server_public, _ = zmq.auth.load_certificate(
                        server_public_file)
                    # inject public key to make a CURVE connection.
                    self.__msg_socket.curve_serverkey = server_public

                # connect socket to given protocol, address and port
                self.__msg_socket.connect(protocol + "://" + str(address) +
                                          ":" + str(port))

                # define socket options
                self.__msg_socket.setsockopt(zmq.LINGER, 0)

            except Exception as e:
                logger.exception(str(e))
                # log if errored
                if self.__secure_mode:
                    logger.warning(
                        "Failed to activate ZMQ Security Mechanism: `{}` for this address!"
                        .format(valid_security_mech[self.__secure_mode]))
                # raise value error
                raise ValueError(
                    "[NetGear:ERROR] :: Failed to connect address: {} and pattern: {}! Kindly recheck all parameters."
                    .format(
                        (protocol + "://" + str(address) + ":" + str(port)),
                        pattern))

            if self.__logging:
                # finally log progress
                logger.debug(
                    "Successfully connected to address: {} with pattern: {}.".
                    format((protocol + "://" + str(address) + ":" + str(port)),
                           pattern))
                if self.__secure_mode:
                    logger.debug(
                        "Enabled ZMQ Security Mechanism: `{}` for this address, Successfully!"
                        .format(valid_security_mech[self.__secure_mode]))
                logger.debug("This device Unique ID is {}.".format(self.__id))
                logger.debug(
                    "Send Mode is successfully activated and ready to send data!"
                )
Ejemplo n.º 24
0
    def test_curve(self):
        """test threaded auth - CURVE"""
        self.auth = auth = zmq.auth.ThreadedAuthenticator(self.context)
        auth.start()

        # Create temporary CURVE keypairs for this test run. We create all keys in a
        # temp directory and then move them into the appropriate private or public
        # directory.

        base_dir = tempfile.mkdtemp()
        keys_dir = os.path.join(base_dir, "certificates")
        public_keys_dir = os.path.join(base_dir, "public_keys")
        secret_keys_dir = os.path.join(base_dir, "private_keys")

        os.mkdir(keys_dir)
        os.mkdir(public_keys_dir)
        os.mkdir(secret_keys_dir)

        server_public_file, server_secret_file = zmq.auth.create_certificates(keys_dir, "server")
        client_public_file, client_secret_file = zmq.auth.create_certificates(keys_dir, "client")

        for key_file in os.listdir(keys_dir):
            if key_file.endswith(".key"):
                shutil.move(os.path.join(keys_dir, key_file), os.path.join(public_keys_dir, "."))

        for key_file in os.listdir(keys_dir):
            if key_file.endswith(".key_secret"):
                shutil.move(os.path.join(keys_dir, key_file), os.path.join(secret_keys_dir, "."))

        server_secret_file = os.path.join(secret_keys_dir, "server.key_secret")
        client_secret_file = os.path.join(secret_keys_dir, "client.key_secret")

        server_public, server_secret = zmq.auth.load_certificate(server_secret_file)
        client_public, client_secret = zmq.auth.load_certificate(client_secret_file)

        auth.allow("127.0.0.1")

        # Try CURVE authentication - without configuring server, connection should fail
        server = self.socket(zmq.PUSH)
        server.curve_publickey = server_public
        server.curve_secretkey = server_secret
        server.curve_server = True
        client = self.socket(zmq.PULL)
        client.curve_publickey = client_public
        client.curve_secretkey = client_secret
        client.curve_serverkey = server_public
        self.assertFalse(self.can_connect(server, client))
        client.close()
        server.close()

        # Try CURVE authentication - with server configured to CURVE_ALLOW_ANY, connection should pass
        auth.configure_curve(domain="*", location=zmq.auth.CURVE_ALLOW_ANY)
        server = self.socket(zmq.PUSH)
        server.curve_publickey = server_public
        server.curve_secretkey = server_secret
        server.curve_server = True
        client = self.socket(zmq.PULL)
        client.curve_publickey = client_public
        client.curve_secretkey = client_secret
        client.curve_serverkey = server_public
        self.assertTrue(self.can_connect(server, client))
        client.close()
        server.close()

        # Try CURVE authentication - with server configured, connection should pass
        auth.configure_curve(domain="*", location=public_keys_dir)
        server = self.socket(zmq.PUSH)
        server.curve_publickey = server_public
        server.curve_secretkey = server_secret
        server.curve_server = True
        client = self.socket(zmq.PULL)
        client.curve_publickey = client_public
        client.curve_secretkey = client_secret
        client.curve_serverkey = server_public
        self.assertTrue(self.can_connect(server, client))
        client.close()
        server.close()

        # Remove authenticator and check that a normal connection works
        auth.stop()
        del auth

        # Try connecting using NULL and no authentication enabled, connection should pass
        server = self.socket(zmq.PUSH)
        client = self.socket(zmq.PULL)
        self.assertTrue(self.can_connect(server, client))
        client.close()
        server.close()

        shutil.rmtree(base_dir)
Ejemplo n.º 25
0
    else:
        print "Unknown argument: %s" % sys.argv[1]
        sys.exit()

    # certificates
    base_dir = os.path.dirname(__file__)
    public_keys_dir = os.path.join(base_dir, 'public_keys')
    secret_keys_dir = os.path.join(base_dir, 'private_keys')

    # zmq setup
    context = zmq.Context()

    # auth setup
    auth = ThreadAuthenticator(context)
    auth.start()
    auth.allow('127.0.0.1')
    auth.configure_curve(domain='*', location=public_keys_dir)

    # will accept incoming connections
    frontend = context.socket(zmq.ROUTER)

    # server auth setup
    server_secret_file = os.path.join(secret_keys_dir, "server.key_secret")
    server_public, server_secret = zmq.auth.load_certificate(server_secret_file)

    frontend.curve_secretkey = server_secret
    frontend.curve_publickey = server_public
    frontend.curve_server = True
    frontend.bind("tcp://*:5555")

    # will connect to the worker threads
Ejemplo n.º 26
0
async def run():
    ''' Run Ironhouse example '''

    # These directories are generated by the generate_certificates script
    base_dir = Path(__file__).parent
    keys_dir = base_dir / 'certificates'
    public_keys_dir = base_dir / 'public_keys'
    secret_keys_dir = base_dir / 'private_keys'

    if (
        not keys_dir.is_dir()
        or not public_keys_dir.is_dir()
        or not secret_keys_dir.is_dir()
    ):
        logging.critical(
            "Certificates are missing - run generate_certificates.py script first"
        )
        sys.exit(1)

    ctx = Context.instance()

    # Start an authenticator for this context.
    auth = AsyncioAuthenticator(ctx)
    auth.start()
    auth.allow('127.0.0.1')
    # Tell authenticator to use the certificate in a directory
    auth.configure_curve(domain='*', location=public_keys_dir)

    server = ctx.socket(zmq.ROUTER)

    server_secret_file = secret_keys_dir / "server.key_secret"
    server_public, server_secret = zmq.auth.load_certificate(server_secret_file)
    server.curve_secretkey = server_secret
    server.curve_publickey = server_public
    server.curve_server = True  # must come before bind
    server.bind('tcp://*:9000')

    client = ctx.socket(zmq.DEALER)

    # We need two certificates, one for the client and one for
    # the server. The client must know the server's public key
    # to make a CURVE connection.
    client_secret_file = secret_keys_dir / "client.key_secret"
    client_public, client_secret = zmq.auth.load_certificate(client_secret_file)
    client.curve_secretkey = client_secret
    client.curve_publickey = client_public

    server_public_file = public_keys_dir / "server.key"
    server_public, _ = zmq.auth.load_certificate(server_public_file)
    # The client must know the server's public key to make a CURVE connection.
    client.curve_serverkey = server_public
    client.connect('tcp://127.0.0.1:9000')

    await client.send(b"Hello")

    if await server.poll(1000):
        # use copy=False to allow access to message properties via the zmq.Frame API
        # default recv(copy=True) returns only bytes, discarding properties
        identity, msg = await server.recv_multipart(copy=False)
        logging.info(f"Received {msg.bytes} from {msg['User-Id']!r}")
        if msg.bytes == b"Hello":
            logging.info("Ironhouse test OK")
    else:
        logging.error("Ironhouse test FAIL")

    # close sockets
    server.close()
    client.close()
    # stop auth task
    auth.stop()
Ejemplo n.º 27
0
import zmq
import zmq.auth
from zmq.auth.thread import ThreadAuthenticator
context = zmq.Context()
server = context.socket(zmq.REP)

auth = ThreadAuthenticator(context)
auth.start()
auth.allow('127.0.0.1')
auth.configure_plain(domain='*', passwords={'admin': 'password'})
server.plain_server = True
server.setsockopt(zmq.PLAIN_SERVER, 1)
server.connect('tcp://127.0.0.1:5556')

msg = server.recv_string()
server.send(b'Authenticated')

auth.stop()