def secure_setup(self):
# TODO: handle errors
(sock_pub, sock_priv) = load_certificate(self.secure_setup["self"])
(server_public, _) = load_certificate(self.secure_setup["server"])
self.sock.curve_publickey = sock_pub
self.sock.curve_secretkey = sock_priv
self.sock.curve_serverkey = server_public
def __init__(self, cache):
"""Initialize a LoadBalancer object, which manages workflow execution.
Args:
cache (Cache): The Cache object
"""
server_secret_file = os.path.join(
walkoff.config.Config.ZMQ_PRIVATE_KEYS_PATH, "server.key_secret")
server_public, server_secret = auth.load_certificate(
server_secret_file)
client_secret_file = os.path.join(
walkoff.config.Config.ZMQ_PRIVATE_KEYS_PATH, "client.key_secret")
_, client_secret = auth.load_certificate(client_secret_file)
self.comm_socket = zmq.Context.instance().socket(zmq.PUB)
self.comm_socket.curve_secretkey = server_secret
self.comm_socket.curve_publickey = server_public
self.comm_socket.curve_server = True
self.comm_socket.bind(walkoff.config.Config.ZMQ_COMMUNICATION_ADDRESS)
self.cache = cache
key = PrivateKey(
server_secret[:nacl.bindings.crypto_box_SECRETKEYBYTES])
worker_key = PrivateKey(
client_secret[:nacl.bindings.crypto_box_SECRETKEYBYTES]).public_key
self.box = Box(key, worker_key)
def setUpClass(cls):
Config.load_env_vars()
Config.read_and_set_zmq_keys()
server_secret_file = os.path.join(Config.ZMQ_PRIVATE_KEYS_PATH, "server.key_secret")
cls.server_public, cls.server_secret = auth.load_certificate(server_secret_file)
client_secret_file = os.path.join(Config.ZMQ_PRIVATE_KEYS_PATH, "client.key_secret")
cls.client_public, cls.client_secret = auth.load_certificate(client_secret_file)
def __init__(self, id_, worker_environment_setup=None):
"""Initialize a Workflow object, which will be executing workflows.
Args:
id_ (str): The ID of the worker. Needed for ZMQ socket communication.
worker_environment_setup (func, optional): Function to setup globals in the worker.
"""
signal.signal(signal.SIGINT, self.exit_handler)
signal.signal(signal.SIGABRT, self.exit_handler)
def handle_data_sent(sender, **kwargs):
self.on_data_sent(sender, **kwargs)
self.handle_data_sent = handle_data_sent
callbacks.data_sent.connect(handle_data_sent)
self.thread_exit = False
self.workflow = None
server_secret_file = os.path.join(
core.config.paths.zmq_private_keys_path, "server.key_secret")
server_public, server_secret = auth.load_certificate(
server_secret_file)
client_secret_file = os.path.join(
core.config.paths.zmq_private_keys_path, "client.key_secret")
client_public, client_secret = auth.load_certificate(
client_secret_file)
self.ctx = zmq.Context()
self.request_sock = self.ctx.socket(zmq.REQ)
self.request_sock.identity = u"Worker-{}".format(id_).encode("ascii")
self.request_sock.curve_secretkey = client_secret
self.request_sock.curve_publickey = client_public
self.request_sock.curve_serverkey = server_public
self.request_sock.connect(REQUESTS_ADDR)
self.comm_sock = self.ctx.socket(zmq.REQ)
self.comm_sock.identity = u"Worker-{}".format(id_).encode("ascii")
self.comm_sock.curve_secretkey = client_secret
self.comm_sock.curve_publickey = client_public
self.comm_sock.curve_serverkey = server_public
self.comm_sock.connect(COMM_ADDR)
self.results_sock = self.ctx.socket(zmq.PUSH)
self.results_sock.identity = u"Worker-{}".format(id_).encode("ascii")
self.results_sock.curve_secretkey = client_secret
self.results_sock.curve_publickey = client_public
self.results_sock.curve_serverkey = server_public
self.results_sock.connect(RESULTS_ADDR)
if worker_environment_setup:
worker_environment_setup()
else:
core.config.config.initialize()
self.comm_thread = threading.Thread(target=self.receive_data)
self.comm_thread.start()
self.execute_workflow_worker()
def secure_setup(self):
# Load certificates
# TODO: handle errors
sock_pub, sock_priv = load_certificate(self.secure_config["self"])
server_public, _ = load_certificate(self.secure_config["server"])
self.sock.curve_publickey = sock_pub
self.sock.curve_secretkey = sock_priv
self.sock.curve_serverkey = server_public
def read_and_set_zmq_keys(cls):
server_private_file = os.path.join(cls.ZMQ_PRIVATE_KEYS_PATH,
"server.key_secret")
cls.SERVER_PUBLIC_KEY, cls.SERVER_PRIVATE_KEY = auth.load_certificate(
server_private_file)
client_private_file = os.path.join(cls.ZMQ_PRIVATE_KEYS_PATH,
"client.key_secret")
cls.CLIENT_PUBLIC_KEY, cls.CLIENT_PRIVATE_KEY = auth.load_certificate(
client_private_file)
def setUpClass(cls):
server_secret_file = os.path.join(Config.ZMQ_PRIVATE_KEYS_PATH,
"server.key_secret")
cls.server_public, cls.server_secret = auth.load_certificate(
server_secret_file)
client_secret_file = os.path.join(Config.ZMQ_PRIVATE_KEYS_PATH,
"client.key_secret")
cls.client_public, cls.client_secret = auth.load_certificate(
client_secret_file)
def setUpClass(cls):
initialize_test_config()
server_secret_file = os.path.join(walkoff.config.Config.ZMQ_PRIVATE_KEYS_PATH, "server.key_secret")
server_public, server_secret = auth.load_certificate(server_secret_file)
client_secret_file = os.path.join(walkoff.config.Config.ZMQ_PRIVATE_KEYS_PATH, "client.key_secret")
client_public, client_secret = auth.load_certificate(client_secret_file)
cls.key = PrivateKey(client_secret[:nacl.bindings.crypto_box_SECRETKEYBYTES])
cls.server_key = PrivateKey(server_secret[:nacl.bindings.crypto_box_SECRETKEYBYTES]).public_key
cls.box = Box(cls.key, cls.server_key)
def setUpClass(cls):
Config.load_env_vars()
Config.read_and_set_zmq_keys()
server_secret_file = os.path.join(Config.ZMQ_PRIVATE_KEYS_PATH,
"server.key_secret")
cls.server_public, cls.server_secret = auth.load_certificate(
server_secret_file)
client_secret_file = os.path.join(Config.ZMQ_PRIVATE_KEYS_PATH,
"client.key_secret")
cls.client_public, cls.client_secret = auth.load_certificate(
client_secret_file)
def __init__(self, ctx):
"""Initialize a LoadBalancer object, which manages workflow execution.
Args:
ctx (Context object): A Context object, shared with the Receiver thread.
"""
self.available_workers = []
self.workflow_comms = {}
self.thread_exit = False
self.pending_workflows = Queue()
self.ctx = ctx
server_secret_file = os.path.join(
core.config.paths.zmq_private_keys_path, "server.key_secret")
server_public, server_secret = auth.load_certificate(
server_secret_file)
self.request_socket = self.ctx.socket(zmq.ROUTER)
self.request_socket.curve_secretkey = server_secret
self.request_socket.curve_publickey = server_public
self.request_socket.curve_server = True
self.request_socket.bind(REQUESTS_ADDR)
self.comm_socket = self.ctx.socket(zmq.ROUTER)
self.comm_socket.curve_secretkey = server_secret
self.comm_socket.curve_publickey = server_public
self.comm_socket.curve_server = True
self.comm_socket.bind(COMM_ADDR)
gevent.sleep(2)
def _connect(self):
"""Establishes connection to the broker.
Connections to the broker use ZMQ PUSH sockets. The client will
receive no return message from the broker.
"""
self._client = self._context.socket(self._zmq.PUSH)
if self._client_secret_key and self._broker_public_key:
from zmq.auth import load_certificate
(client_public,
client_secret) = load_certificate(self._client_secret_key)
self._client.curve_secretkey = client_secret
self._client.curve_publickey = client_public
(server_public, _) = load_certificate(self._broker_public_key)
self._client.curve_serverkey = server_public
self._client.connect(self._broker)
self._poll.register(self._client, self._zmq.POLLIN)
def __init__(self, name, field_type, value):
self.name = name
self.type = field_type if field_type in allowed_device_field_types else 'string'
server_secret_file = os.path.join(
walkoff.config.Config.ZMQ_PRIVATE_KEYS_PATH, "server.key_secret")
_, server_secret = auth.load_certificate(server_secret_file)
self.__key = server_secret[:nacl.secret.SecretBox.KEY_SIZE]
self.__box = nacl.secret.SecretBox(self.__key)
self._value = self.__box.encrypt(str(value).encode('utf-8'))
def get_public_key(self):
"""
Gets the public key for this machine. Meant to transfer to remote user
to initiate transfer
"""
public_key_path = os.path.join(PUBKEYS, "tx.key")
if os.path.exists(public_key_path):
tx_public, _ = auth.load_certificate(public_key_path)
return tx_public
else:
raise FileNotFoundError(
"Failed to find public key for this system. Consider running main._generate_security_keys( )"
)
def configure_socket(self,
socket,
keyfile: str,
keypath: str = PRIVKEYS,
public_key_path: str = None):
"""
Takes the given socket and configures it to use the public-private
keypair defined in the key_file
Arguments:
socket: ZMQ Socket Object to configure
keyfile: Key file to load public-private keypair for
keypath: Path to Key File. If not specified a default is used
public_key (optional): Public key for receivers connecting to remote
systems
Returns:
socket: Configured socket with end to end elliptic curve encryption
"""
private_file = os.path.join(keypath, keyfile)
public_key, private_key = auth.load_certificate(private_file)
socket.curve_secretkey = private_key
socket.curve_publickey = public_key
if socket.socket_type in [zmq.DEALER, zmq.SUB]:
# Checks if key path is actually a path. Otherwise assume a string
# representation of the key was given and needs to be encoded
if os.path.exists(public_key_path):
tx_public, _ = auth.load_certificate(public_key_path)
else:
tx_public = bytes(public_key_path, "UTF-8")
socket.curve_serverkey = tx_public
elif socket.socket_type in [zmq.ROUTER, zmq.PUB]:
socket.curve_server = True
else:
raise TypeError(f"Socket type {socket_type} is not supported")
return socket
def __init__(self, ctx):
"""Initialize a LoadBalancer object, which manages workflow execution.
Args:
ctx (Context object): A Context object, shared with the Receiver thread.
"""
self.workers = {}
self.workflow_comms = {}
self.thread_exit = False
self.pending_workflows = Queue()
@WalkoffEvent.WorkflowShutdown.connect
def handle_workflow_shutdown(sender, **kwargs):
self.on_worker_available(sender, **kwargs)
self.handle_workflow_shutdown = handle_workflow_shutdown
@WalkoffEvent.TriggerActionAwaitingData.connect
def handle_workflow_awaiting_data(sender, **kwargs):
self.on_worker_available(sender, **kwargs)
self.handle_workflow_awaiting_data = handle_workflow_awaiting_data
@WalkoffEvent.WorkflowPaused.connect
def handle_workflow_paused(sender, **kwargs):
self.on_worker_available(sender, **kwargs)
self.handle_workflow_paused = handle_workflow_paused
self.ctx = ctx
server_secret_file = os.path.join(
walkoff.config.paths.zmq_private_keys_path, "server.key_secret")
server_public, server_secret = auth.load_certificate(
server_secret_file)
self.request_socket = self.ctx.socket(zmq.ROUTER)
self.request_socket.curve_secretkey = server_secret
self.request_socket.curve_publickey = server_public
self.request_socket.curve_server = True
self.request_socket.bind(walkoff.config.config.zmq_requests_address)
self.comm_socket = self.ctx.socket(zmq.ROUTER)
self.comm_socket.curve_secretkey = server_secret
self.comm_socket.curve_publickey = server_public
self.comm_socket.curve_server = True
self.comm_socket.bind(walkoff.config.config.zmq_communication_address)
def secure_setup(self):
# Load certificates
# TODO: handle errors
self.auth = ThreadAuthenticator(self.context)
self.auth.start()
self.LOG.debug("Server keys in %s", self.secure_config["self"])
sock_pub, sock_priv = load_certificate(self.secure_config["self"])
if self.secure_config.get("clients", None) is not None:
self.LOG.debug("Client certificates in %s", self.secure_config["clients"])
self.auth.configure_curve(
domain="*", location=self.secure_config["clients"]
)
else:
self.LOG.debug("Every clients can connect")
self.auth.configure_curve(domain="*", location=zmq.auth.CURVE_ALLOW_ANY)
# Setup the socket
self.sock.curve_publickey = sock_pub
self.sock.curve_secretkey = sock_priv
self.sock.curve_server = True
def load_cert_file(path, logger=None):
"""Loads a certificate file from the given location.
Notes:
- Exits with an error if zmq.auth.load_certificate raised an
IOError (e.g. file not found)
"""
from zmq.auth import load_certificate
from os.path import abspath
keyfile = abspath(path)
try:
return load_certificate(keyfile)
except OSError as message:
if logger:
logger.error(message)
exit_error()
def __init__(self, current_app):
"""Initialize a Receiver object, which will receive callbacks from the ExecutionElements.
Args:
current_app (Flask.App): The current Flask app
"""
ctx = zmq.Context.instance()
self.thread_exit = False
self.workflows_executed = 0
server_secret_file = os.path.join(walkoff.config.Config.ZMQ_PRIVATE_KEYS_PATH, "server.key_secret")
server_public, server_secret = auth.load_certificate(server_secret_file)
self.results_sock = ctx.socket(zmq.PULL)
self.results_sock.curve_secretkey = server_secret
self.results_sock.curve_publickey = server_public
self.results_sock.curve_server = True
self.results_sock.bind(walkoff.config.Config.ZMQ_RESULTS_ADDRESS)
self.current_app = current_app
def __init__(self, ctx):
"""Initialize a Receiver object, which will receive callbacks from the execution elements.
Args:
ctx (Context object): A Context object, shared with the LoadBalancer thread.
"""
self.thread_exit = False
self.workflows_executed = 0
server_secret_file = os.path.join(
core.config.paths.zmq_private_keys_path, "server.key_secret")
server_public, server_secret = auth.load_certificate(
server_secret_file)
self.ctx = ctx
self.results_sock = self.ctx.socket(zmq.PULL)
self.results_sock.curve_secretkey = server_secret
self.results_sock.curve_publickey = server_public
self.results_sock.curve_server = True
self.results_sock.bind(RESULTS_ADDR)
def setup_zmq(self):
"""Establishes ZMQ sockets and pollers.
This method creates ZMQ sockets for clients and workers to connect to
and creates ZMQ pollers for the broker to read client and worker
messages on. The client socket uses PUSH/PULL for uni-directional
communication and the worker socket uses ROUTER/DEALER for
bi-directional communication. Curve encryption and authentication
is enabled here.
"""
context = zmq.Context()
if self.broker_secret_key and self.client_public_keys:
self.curve_authenticator = thread.ThreadAuthenticator(context)
self.curve_authenticator.start()
self.curve_authenticator.configure_curve(
domain="*", location=self.client_public_keys)
self.task_socket = context.socket(zmq.ROUTER)
self.task_socket.identity = b"broker_self.task_socket"
self.task_socket.bind(f"tcp://*:{self.task_port}")
self.worker_poller = zmq.Poller()
self.worker_poller.register(self.task_socket, zmq.POLLIN)
self.request_socket = context.socket(zmq.PULL)
self.request_socket.identity = b"broker_self.request_socket"
if self.curve_authenticator is not None:
(server_public,
server_secret) = auth.load_certificate(self.broker_secret_key)
self.request_socket.curve_secretkey = server_secret
self.request_socket.curve_publickey = server_public
self.request_socket.curve_server = True # must come before bind
logging.info(f"{self.name}: Curve enabled")
self.request_socket.bind(f"tcp://*:{self.request_port}")
self.client_worker_poller = zmq.Poller()
self.client_worker_poller.register(self.request_socket, zmq.POLLIN)
self.client_worker_poller.register(self.task_socket, zmq.POLLIN)
def read_and_set_zmq_keys(cls):
server_private_file = os.path.join(cls.ZMQ_PRIVATE_KEYS_PATH, "server.key_secret")
cls.SERVER_PUBLIC_KEY, cls.SERVER_PRIVATE_KEY = auth.load_certificate(server_private_file)
client_private_file = os.path.join(cls.ZMQ_PRIVATE_KEYS_PATH, "client.key_secret")
cls.CLIENT_PUBLIC_KEY, cls.CLIENT_PRIVATE_KEY = auth.load_certificate(client_private_file)
def init_on_load(self):
server_secret_file = os.path.join(
walkoff.config.Config.ZMQ_PRIVATE_KEYS_PATH, "server.key_secret")
_, server_secret = auth.load_certificate(server_secret_file)
self.__key = server_secret[:nacl.secret.SecretBox.KEY_SIZE]
self.__box = nacl.secret.SecretBox(self.__key)
def __init__(self, id_, config_path):
"""Initialize a Workfer object, which will be managing the execution of Workflows
Args:
id_ (str): The ID of the worker
config_path (str): The path to the configuration file to be loaded
"""
logger.info('Spawning worker {}'.format(id_))
self.id_ = id_
self._lock = Lock()
signal.signal(signal.SIGINT, self.exit_handler)
signal.signal(signal.SIGABRT, self.exit_handler)
if os.name == 'nt':
walkoff.config.initialize(config_path=config_path)
else:
walkoff.config.Config.load_config(config_path)
self.execution_db = ExecutionDatabase(
walkoff.config.Config.EXECUTION_DB_TYPE,
walkoff.config.Config.EXECUTION_DB_PATH)
self.case_db = CaseDatabase(walkoff.config.Config.CASE_DB_TYPE,
walkoff.config.Config.CASE_DB_PATH)
@WalkoffEvent.CommonWorkflowSignal.connect
def handle_data_sent(sender, **kwargs):
self.on_data_sent(sender, **kwargs)
self.handle_data_sent = handle_data_sent
self.thread_exit = False
server_secret_file = os.path.join(
walkoff.config.Config.ZMQ_PRIVATE_KEYS_PATH, "server.key_secret")
server_public, server_secret = auth.load_certificate(
server_secret_file)
client_secret_file = os.path.join(
walkoff.config.Config.ZMQ_PRIVATE_KEYS_PATH, "client.key_secret")
client_public, client_secret = auth.load_certificate(
client_secret_file)
socket_id = u"Worker-{}".format(id_).encode("ascii")
key = PrivateKey(
client_secret[:nacl.bindings.crypto_box_SECRETKEYBYTES])
server_key = PrivateKey(
server_secret[:nacl.bindings.crypto_box_SECRETKEYBYTES]).public_key
self.cache = walkoff.cache.make_cache(walkoff.config.Config.CACHE)
self.capacity = walkoff.config.Config.NUMBER_THREADS_PER_PROCESS
self.subscription_cache = SubscriptionCache()
case_logger = CaseLogger(self.case_db, self.subscription_cache)
self.workflow_receiver = WorkflowReceiver(key, server_key,
walkoff.config.Config.CACHE)
self.workflow_results_sender = WorkflowResultsHandler(
socket_id, client_secret, client_public, server_public,
walkoff.config.Config.ZMQ_RESULTS_ADDRESS, self.execution_db,
case_logger)
self.workflow_communication_receiver = WorkflowCommunicationReceiver(
socket_id, client_secret, client_public, server_public,
walkoff.config.Config.ZMQ_COMMUNICATION_ADDRESS)
self.comm_thread = threading.Thread(target=self.receive_communications)
self.comm_thread.start()
self.workflows = {}
self.threadpool = ThreadPoolExecutor(max_workers=self.capacity)
self.receive_workflows()
def __init__(self, id_, worker_environment_setup=None):
"""Initialize a Workflow object, which will be executing workflows.
Args:
id_ (str): The ID of the worker. Needed for ZMQ socket communication.
worker_environment_setup (func, optional): Function to setup globals in the worker.
"""
self.id_ = id_
signal.signal(signal.SIGINT, self.exit_handler)
signal.signal(signal.SIGABRT, self.exit_handler)
@WalkoffEvent.CommonWorkflowSignal.connect
def handle_data_sent(sender, **kwargs):
self.on_data_sent(sender, **kwargs)
self.handle_data_sent = handle_data_sent
self.thread_exit = False
server_secret_file = os.path.join(walkoff.config.paths.zmq_private_keys_path, "server.key_secret")
server_public, server_secret = auth.load_certificate(server_secret_file)
client_secret_file = os.path.join(walkoff.config.paths.zmq_private_keys_path, "client.key_secret")
client_public, client_secret = auth.load_certificate(client_secret_file)
self.ctx = zmq.Context()
self.request_sock = self.ctx.socket(zmq.DEALER)
self.request_sock.setsockopt(zmq.IDENTITY, str.encode("Worker-{}".format(id_)))
self.request_sock.curve_secretkey = client_secret
self.request_sock.curve_publickey = client_public
self.request_sock.curve_serverkey = server_public
self.request_sock.connect(walkoff.config.config.zmq_requests_address)
self.comm_sock = self.ctx.socket(zmq.DEALER)
self.comm_sock.identity = u"Worker-{}".format(id_).encode("ascii")
self.comm_sock.curve_secretkey = client_secret
self.comm_sock.curve_publickey = client_public
self.comm_sock.curve_serverkey = server_public
self.comm_sock.connect(walkoff.config.config.zmq_communication_address)
self.results_sock = self.ctx.socket(zmq.PUSH)
self.results_sock.identity = u"Worker-{}".format(id_).encode("ascii")
self.results_sock.curve_secretkey = client_secret
self.results_sock.curve_publickey = client_public
self.results_sock.curve_serverkey = server_public
self.results_sock.connect(walkoff.config.config.zmq_results_address)
if worker_environment_setup:
worker_environment_setup()
else:
walkoff.config.config.initialize()
self.comm_thread = threading.Thread(target=self.receive_data)
self.comm_thread.start()
self.workflows = {}
self.threadpool = ThreadPoolExecutor(max_workers=walkoff.config.config.num_threads_per_process)
self.receive_requests()
def test_encryption(tmpdir):
# Create the tmp names
conf_filename = str(tmpdir.join("conf.yaml"))
pull_url = tmpdir.join("input.pull.socket")
pull_cert_dir = tmpdir.mkdir("input.pull")
pull_clients_cert_dir = pull_cert_dir.mkdir("clients")
sub_url = tmpdir.join("input.sub.socket")
sub_cert_dir = tmpdir.mkdir("input.sub")
push_url = tmpdir.join("output.push.socket")
inbound = tmpdir.join("inbound")
outbound = tmpdir.join("outbound")
stdout = tmpdir.join("stdout")
stderr = tmpdir.join("stderr")
# Create the certificates
create_certificates(str(pull_cert_dir), "pull")
create_certificates(str(pull_clients_cert_dir), "client1")
create_certificates(str(pull_clients_cert_dir), "client2")
create_certificates(str(sub_cert_dir), "sub")
create_certificates(str(sub_cert_dir), "sub-server")
with open(conf_filename, "w") as f:
f.write("inputs:\n")
f.write("- class: ZMQPull\n")
f.write(" name: in-pull\n")
f.write(" options:\n")
f.write(" url: ipc://%s\n" % pull_url)
f.write(" encryption:\n")
f.write(" self: %s\n" % pull_cert_dir.join("pull.key_secret"))
f.write(" clients: %s\n" % pull_clients_cert_dir)
f.write("- class: ZMQSub\n")
f.write(" name: in-sub\n")
f.write(" options:\n")
f.write(" url: ipc://%s\n" % sub_url)
f.write(" encryption:\n")
f.write(" self: %s\n" % sub_cert_dir.join("sub.key_secret"))
f.write(" server: %s\n" % sub_cert_dir.join("sub-server.key"))
f.write("core:\n")
f.write(" inbound: ipc://%s\n" % inbound)
f.write(" outbound: ipc://%s\n" % outbound)
f.write("outputs:\n")
f.write("- class: ZMQPush\n")
f.write(" name: out-push\n")
f.write(" options:\n")
f.write(" url: ipc://%s\n" % push_url)
args = [
"python3",
"-m",
"reactobus",
"--conf",
conf_filename,
"--level",
"DEBUG",
"--log-file",
"-",
]
proc = subprocess.Popen(args,
stdout=open(str(stdout), "w"),
stderr=open(str(stderr), "w"))
# Create the input sockets
ctx = zmq.Context.instance()
in_sock = ctx.socket(zmq.PUSH)
(server_public, _) = load_certificate(str(pull_cert_dir.join("pull.key")))
in_sock.curve_serverkey = server_public
(client_public, client_private) = load_certificate(
str(pull_clients_cert_dir.join("client1.key_secret")))
in_sock.curve_publickey = client_public
in_sock.curve_secretkey = client_private
in_sock.connect("ipc://%s" % pull_url)
out_sock = ctx.socket(zmq.PULL)
out_sock.bind("ipc://%s" % push_url)
pub_sock = ctx.socket(zmq.PUB)
auth = ThreadAuthenticator(ctx)
auth.start()
auth.configure_curve(domain="*", location=str(sub_cert_dir))
(server_public, server_secret) = load_certificate(
str(sub_cert_dir.join("sub-server.key_secret")))
pub_sock.curve_publickey = server_public
pub_sock.curve_secretkey = server_secret
pub_sock.curve_server = True
pub_sock.bind("ipc://%s" % sub_url)
# Allow the process sometime to setup and connect
time.sleep(1)
# Send some data
data = [
b"org.videolan.git",
b(str(uuid.uuid1())),
b(datetime.datetime.utcnow().isoformat()),
b("videolan-git"),
b(
json.dumps({
"url": "https://code.videolan.org/éêï",
"username": "******"
})),
]
in_sock.send_multipart(data)
msg = out_sock.recv_multipart()
assert msg == data
data = [
b"org.videolan.git",
b(str(uuid.uuid1())),
b(datetime.datetime.utcnow().isoformat()),
b("videolan-git"),
b(
json.dumps({
"url": "https://code.videolan.org/éêï",
"username": "******"
})),
]
pub_sock.send_multipart(data)
msg = out_sock.recv_multipart()
assert msg == data
# End the process
proc.terminate()
proc.wait()
return False
print 'From this client, saw %r' % i_saw
print 'Other clients saw %r' % they_saw
percent_match = 0
if i_saw in they_saw:
percent_match = float(they_saw[i_saw]) / sum(they_saw.values())
if percent_match >= min_match_percent:
print 'I WOULD trust this connection'
else:
print 'I would NOT trust this connection'
def do_stop(self, line):
self.client.stop()
def do_start(self, line):
self.client.start()
def do_EOF(self, line):
return True
if __name__ == '__main__':
client = PanoramaClient('tcp://127.0.0.1:12345',
auth.load_certificate('server.key')[0],
'client')
client.start()
ClientOptions(client).cmdloop()
def _socket_bind(self, socket_type, connection, port, poller_type=None):
"""Return a socket object which has been bound to a given address.
When the socket_type is not PUB or PUSH, the bound socket will also be
registered with self.poller as defined within the Interface
class.
:param socket_type: Set the Socket type, typically defined using a
ZeroMQ constant.
:type socket_type: Integer
:param connection: Set the Address information used for the bound
socket.
:type connection: String
:param port: Define the port which the socket will be bound to.
:type port: Integer
:param poller_type: Set the Socket type, typically defined using a
ZeroMQ constant.
:type poller_type: Integer
:returns: Object
"""
if poller_type is None:
poller_type = zmq.POLLIN
bind = self._socket_context(socket_type=socket_type)
auth_enabled = (self.args.zmq_shared_key
or self.args.zmq_curve_encryption)
if auth_enabled:
self.auth = ThreadAuthenticator(self.ctx, log=self.log)
self.auth.start()
self.auth.allow()
if self.args.zmq_shared_key:
# Enables basic auth
self.auth.configure_plain(
domain="*", passwords={"admin": self.args.zmq_shared_key})
bind.plain_server = True # Enable shared key authentication
self.log.info("Shared key authentication enabled.")
elif self.args.zmq_curve_encryption:
server_secret_file = os.path.join(self.secret_keys_dir,
"server.key_secret")
for item in [
self.public_keys_dir,
self.secret_keys_dir,
server_secret_file,
]:
if not os.path.exists(item):
raise SystemExit(
"The required path [ {} ] does not exist. Have"
" you generated your keys?".format(item))
self.auth.configure_curve(domain="*",
location=self.public_keys_dir)
try:
server_public, server_secret = zmq_auth.load_certificate(
server_secret_file)
except OSError as e:
self.log.error(
"Failed to load certificates: %s, Configuration: %s",
str(e),
vars(self.args),
)
raise SystemExit("Failed to load certificates")
else:
bind.curve_secretkey = server_secret
bind.curve_publickey = server_public
bind.curve_server = True # Enable curve authentication
bind.bind("{connection}:{port}".format(
connection=connection,
port=port,
))
if socket_type not in [zmq.PUB]:
self.poller.register(bind, poller_type)
return bind
def _socket_connect(self, socket_type, connection, port, poller_type=None):
"""Return a socket object which has been bound to a given address.
> A connection back to the server will wait 10 seconds for an ack
before going into a retry loop. This is done to forcefully cycle
the connection object to reset.
:param socket_type: Set the Socket type, typically defined using a
ZeroMQ constant.
:type socket_type: Integer
:param connection: Set the Address information used for the bound
socket.
:type connection: String
:param port: Define the port which the socket will be bound to.
:type port: Integer
:param poller_type: Set the Socket type, typically defined using a
ZeroMQ constant.
:type poller_type: Integer
:returns: Object
"""
if poller_type is None:
poller_type = zmq.POLLIN
bind = self._socket_context(socket_type=socket_type)
if self.args.zmq_shared_key:
bind.plain_username = b"admin" # User is hard coded.
bind.plain_password = self.args.zmq_shared_key.encode()
self.log.info("Shared key authentication enabled.")
elif self.args.zmq_curve_encryption:
client_secret_file = os.path.join(self.secret_keys_dir,
"client.key_secret")
server_public_file = os.path.join(self.public_keys_dir,
"server.key")
for item in [
self.public_keys_dir,
self.secret_keys_dir,
client_secret_file,
server_public_file,
]:
if not os.path.exists(item):
raise SystemExit(
"The required path [ {} ] does not exist. Have"
" you generated your keys?".format(item))
try:
client_public, client_secret = zmq_auth.load_certificate(
client_secret_file)
server_public, _ = zmq_auth.load_certificate(
server_public_file)
except OSError as e:
self.log.error(
"Error while loading certificates: %s. Configuration: %s",
str(e),
vars(self.args),
)
raise SystemExit("Failed to load keys.")
else:
bind.curve_secretkey = client_secret
bind.curve_publickey = client_public
bind.curve_serverkey = server_public
if socket_type == zmq.SUB:
bind.setsockopt_string(zmq.SUBSCRIBE, self.identity)
else:
bind.setsockopt_string(zmq.IDENTITY, self.identity)
self.poller.register(bind, poller_type)
bind.connect("{connection}:{port}".format(
connection=connection,
port=port,
))
self.log.info("Socket connected to [ %s ].", connection)
return bind
