def test_public_key_encryption_util(self):
alice = crypto.generate_keypair()
bob = crypto.generate_keypair()
ciphertext = crypto.public_key_encrypt(alice[1], bob[0], "hello")
plaintext = crypto.public_key_decrypt(bob[1], alice[0], ciphertext)
self.assertEqual("hello", plaintext)
def get_security_keys(self):
keyfile = os.path.join(environ.conf_dir(), KEYFILE)
keys = config.load_conf(keyfile)
self.__secret = keys.get('secret')
self.user_xid = keys.get('user')
self.__secret = os.environ.get(AVA_AGENT_SECRET, self.__secret)
self.user_xid = os.environ.get(AVA_USER_XID, self.user_xid)
if self.user_xid is None and not settings['debug']:
logger.error('No User XID is specified!')
raise SystemExit(2)
if self.__secret:
self.__secret = crypto.string_to_secret(self.__secret)
pk, sk = crypto.generate_keypair(sk=self.__secret)
self.key = pk
else:
logger.debug("No secret key is given, generating one...")
pk, sk = crypto.generate_keypair()
self.__secret = sk
self.key = pk
self.xid = crypto.key_to_xid(self.key)
logger.debug("The agent's XID: %s", self.xid)
if not self.user_xid and settings['debug']:
logger.debug("User XID not given via environment variable. " +
"Generating one...")
self.user_xid = \
b'AYPwK3c3VK7ZdBvKfcbV5EmmCZ8zSb9viZ288gKFBFuE92jE'
logger.debug("The agent's user XID: %s", self.user_xid)
def test_public_key_encryption_util(self):
alice = crypto.generate_keypair()
bob = crypto.generate_keypair()
ciphertext = crypto.public_key_encrypt(alice[1], bob[0], "hello")
plaintext = crypto.public_key_decrypt(bob[1], alice[0], ciphertext)
self.assertEqual("hello", plaintext)
def get_security_keys(self):
keyfile = os.path.join(environ.conf_dir(), KEYFILE)
keys = config.load_conf(keyfile)
self.__secret = keys.get('secret')
self.user_xid = keys.get('user')
self.__secret = os.environ.get(AVA_AGENT_SECRET, self.__secret)
self.user_xid = os.environ.get(AVA_USER_XID, self.user_xid)
if self.user_xid is None and not settings['debug']:
logger.error('No User XID is specified!')
raise SystemExit(2)
if self.__secret:
self.__secret = crypto.string_to_secret(self.__secret)
pk, sk = crypto.generate_keypair(sk=self.__secret)
self.key = pk
else:
logger.debug("No secret key is given, generating one...")
pk, sk = crypto.generate_keypair()
self.__secret = sk
self.key = pk
self.xid = crypto.key_to_xid(self.key)
logger.debug("The agent's XID: %s", self.xid)
if not self.user_xid and settings['debug']:
logger.debug("User XID not given via environment variable. " +
"Generating one...")
self.user_xid = \
b'AYPwK3c3VK7ZdBvKfcbV5EmmCZ8zSb9viZ288gKFBFuE92jE'
logger.debug("The agent's user XID: %s", self.user_xid)
def test_can_encode_and_decode_token(self):
alice_keys = crypto.generate_keypair()
bob_keys = crypto.generate_keypair()
#
payload = {'iss': crypto.key_to_xid(alice_keys[0])}
# Alice signed the payload to Bob
encoded_token = token.encode(payload, alice_keys[1], bob_keys[0])
print("ecnoded_token", encoded_token)
decoded_payload = token.decode(encoded_token, bob_keys[1])
assert 'iss' in decoded_payload
def test_can_encode_and_decode_token(self):
alice_keys = crypto.generate_keypair()
bob_keys = crypto.generate_keypair()
#
payload = {"iss": crypto.key_to_xid(alice_keys[0])}
# Alice signed the payload to Bob
encoded_token = token.encode(payload, alice_keys[1], bob_keys[0])
print("ecnoded_token", encoded_token)
decoded_payload = token.decode(encoded_token, bob_keys[1])
assert "iss" in decoded_payload
def agent(ctx, force=False):
""" Generate keys for agent.
"""
userkeys_path = os.path.join(ctx.obj['app_dir'], 'user-keys.yml')
if not os.path.exists(userkeys_path):
click.echo('You should set user keys first.', err=True)
return
with open(userkeys_path, 'rb') as userkeys_file:
userkeys = yaml.load(userkeys_file)
user_xid = userkeys.get('xid')
agentkeys_path = os.path.join(environ.conf_dir(), 'ava-keys.yml')
if os.path.exists(agentkeys_path) and not force:
click.echo('Agent keys exist!')
click.confirm('Do you want to overwrite it?', abort=True)
content = {}
pk, sk = crypto.generate_keypair()
content[b'user'] = user_xid
content[b'secret'] = crypto.secret_to_string(sk)
with open(agentkeys_path, 'wb') as agentkeys_file:
yaml.dump(content, agentkeys_file)
def gen_random_key(ctx):
if ctx.obj['verbosity']:
click.echo("Generating random key...")
(pk, sk) = crypto.generate_keypair()
xid = crypto.key_to_xid(pk)
secret_str = crypto.secret_to_string(sk)
key_str = crypto.key_to_string(pk)
res = dict(xid=xid, key=key_str, secret=secret_str)
click.echo(json.dumps(res, sort_keys=True, indent=4, separators=(',', ': ')))
return 0
def generate(ctx, salt=None, password=None):
""" Generate random key or derive from salt and password.
"""
if not salt and not password:
return gen_random_key(ctx)
if not (salt and password):
if not salt:
click.echo("Missing option: salt")
if not password:
click.echo("Missing option: password")
return 1
sk = crypto.derive_secret_key(password, salt)
(pk, sk) = crypto.generate_keypair(sk=sk)
xid = crypto.key_to_xid(pk)
secret_str = crypto.secret_to_string(sk)
key_str = crypto.key_to_string(pk)
res = dict(xid=xid, key=key_str, secret=secret_str)
click.echo(json.dumps(res, sort_keys=True, indent=4, separators=(',', ': ')))
return 0
def validate(ctx, xid, key, secret):
"""
Validate XID, public key or secret key.
:param ctx:
:param xid:
:param key:
:param secret:
:return:
"""
if xid:
if crypto.validate_xid(xid):
click.echo("XID %s is valid." % xid)
else:
click.echo("XID %s is invalid." % xid)
if key:
if crypto.validate_key_string(key):
click.echo("Key is valid")
else:
click.echo("Key is invalid.")
if secret:
if crypto.validate_secret_string(secret):
click.echo("Secret is valid.")
else:
click.echo("Secret is invalid.")
if key and secret:
sk = crypto.string_to_secret(secret)
pk = crypto.string_to_key(key)
(vpk, vsk) = crypto.generate_keypair(sk=sk)
if vpk == pk and vsk == sk:
click.echo("Key and secret are matched.")
return 0
click.echo("Key and secret are mismatched.")
return 1
