Example #1
0
def create_new_ad_files(parent_ad_topo, isd_id, ad_id, out_dir):
    assert isinstance(parent_ad_topo, dict), 'Invalid topology dict'
    isd_ad_id = '{}-{}'.format(isd_id, ad_id)
    ad_dict = {
        "default_zookeepers": {"1": {"manage": False, "addr": "localhost"}},
        isd_ad_id: {'level': 'LEAF'},
    }
    gen = ConfigGenerator(out_dir=out_dir)

    path_policy_file = DEFAULT_PATH_POLICY_FILE
    zk_config = DEFAULT_ZK_CONFIG

    # Write basic config files for the new AD
    with tempfile.NamedTemporaryFile('w') as temp_fh:
        json.dump(ad_dict, temp_fh)
        temp_fh.flush()
        gen.generate_all(temp_fh.name, path_policy_file, zk_config)

    # Copy TRC file
    trc_path = get_some_trc_path(isd_id)
    if trc_path:
        dst_path = get_trc_file_path(isd_id, ad_id, isd_id, 0,
                                     isd_dir=out_dir)
        shutil.copyfile(trc_path, dst_path)

    new_topo_path = gen.path_dict(isd_id, ad_id)['topo_file_abs']
    new_topo_file = read_file(new_topo_path)
    new_topo = json.loads(new_topo_file)
    existing_topo, new_topo = link_topologies(parent_ad_topo, new_topo, 'PARENT_CHILD')
    # Update the config files for the new AD
    write_file(new_topo_path, json.dumps(new_topo, sort_keys=4, indent=4))
    gen.write_derivatives(new_topo)
    return new_topo, existing_topo
Example #2
0
def write_certs_trc_keys(isd_as, instance_path):
    """
    Writes the certificate and the keys for the given service
    instance of the given AS.
    :param ISD_AS isd_as: ISD the AS belongs to.
    :param str instance_path: Location (in the file system) to write
    the configuration into.
    """
    try:
        as_obj = AD.objects.get(isd_id=isd_as[0], as_id=isd_as[1])
    except AD.DoesNotExist:
        logger.error("AS %s-%s was not found." % (isd_as[0], isd_as[1]))
        return
    # write keys
    sig_path = get_sig_key_file_path(instance_path)
    enc_path = get_enc_key_file_path(instance_path)
    write_file(sig_path, as_obj.sig_priv_key)
    write_file(enc_path, as_obj.enc_priv_key)
    # write cert
    cert_chain_path = get_cert_chain_file_path(
        instance_path, isd_as, INITIAL_CERT_VERSION)
    write_file(cert_chain_path, as_obj.certificate)
    # write trc
    trc_path = get_trc_file_path(instance_path, isd_as[0], INITIAL_TRC_VERSION)
    write_file(trc_path, as_obj.trc)
def _load_credentials(as_path, isd_as):
    print("Updating AS%s" % isd_as)
    # The element to get the credentials from.
    # We assume that the beacon server exists in every AS configuration.
    key_dict = {}
    core_key_dict = {}
    as_path = os.path.join(PROJECT_ROOT, GEN_PATH, 'ISD%s/AS%s' % (isd_as.isd_str(), isd_as.as_file_fmt()))
    instance_id = "bs%s-%s-1" % (isd_as.isd_str(), isd_as.as_file_fmt())
    instance_path = os.path.join(as_path, instance_id)
    topo_path = os.path.join(instance_path, TOPO_FILE)

    # Credential files for all ASes
    as_key_path = {
        'cert_path': get_cert_chain_file_path(instance_path, isd_as, INITIAL_CERT_VERSION),
        'trc_path': get_trc_file_path(instance_path, isd_as[0], INITIAL_TRC_VERSION),
        'enc_key_path': get_enc_key_file_path(instance_path),
        'sig_key_path': get_sig_key_file_path(instance_path),
        'sig_key_raw_path': get_sig_key_raw_file_path(instance_path),
        'as_config_path': os.path.join(instance_path, AS_CONF_FILE),
    }

    # Credential files for core ASes
    core_key_path = {
        'core_sig_key_path': get_core_sig_key_file_path(instance_path),
        'core_sig_key_raw_path': get_core_sig_key_raw_file_path(instance_path),
        'online_key_path': get_online_key_file_path(instance_path),
        'online_key_raw_path': get_online_key_raw_file_path(instance_path),
        'offline_key_path': get_offline_key_file_path(instance_path),
        'offline_key_raw_path': get_offline_key_raw_file_path(instance_path),
    }

    for key, path in as_key_path.items():
        try:
            if key.startswith('cert'):
                cert = _json_file_to_str(path)
            elif key.startswith('trc'):
                trc = _json_file_to_str(path)
            elif key.startswith('as'):
                as_config_dict = _yaml_file_to_dict(path)
                key_dict['master_as_key'] = as_config_dict['MasterASKey']
            else:
                key_name = key[:len(key)-5]
                key_dict[key_name] = read_file(path)[:-1]
        except IOError as err:
            print("IOError({0}): {1}" % (err, path))
            exit(1)
    tp = Topology.from_file(topo_path)
    if tp.is_core_as:
        for key, path in core_key_path.items():
            try:
                key_name = key[:len(key)-5]
                core_key_dict[key_name] = read_file(path)[:-1]
            except IOError as err:
                print("IOError({0}): {1}" % (err, path))
                exit(1)

    return ASCredential(cert, trc, key_dict, core_key_dict)
Example #4
0
def get_some_trc_path(isd_id):
    dst_path = get_trc_file_path(isd_id, 0, isd_dir=GEN_PATH)
    components = os.path.normpath(dst_path).split(os.sep)

    components[-2] = 'AD*'
    files_glob = os.path.join(os.sep, *components)
    files = glob.glob(files_glob)
    if not files:
        raise Exception("No TRC files found: cannot generate the package")
    return files[0]
Example #5
0
def write_certs_trc_keys(isd_as, as_obj, instance_path):
    """
    Writes the certificate and the keys for the given service
    instance of the given AS.
    :param ISD_AS isd_as: ISD the AS belongs to.
    :param str instance_path: Location (in the file system) to write
    the configuration into.
    """
    # write keys
    sig_path = get_sig_key_file_path(instance_path)
    enc_path = get_enc_key_file_path(instance_path)
    write_file(sig_path, as_obj.sig_priv_key)
    write_file(enc_path, as_obj.enc_priv_key)
    # write cert
    cert_chain_path = get_cert_chain_file_path(instance_path, isd_as,
                                               INITIAL_CERT_VERSION)
    write_file(cert_chain_path, as_obj.certificate)
    # write trc
    trc_path = get_trc_file_path(instance_path, isd_as[0], INITIAL_TRC_VERSION)
    write_file(trc_path, as_obj.trc)
Example #6
0
def write_certs_trc_keys(isd_as, as_obj, instance_path):
    """
    Writes the certificate and the keys for the given service
    instance of the given AS.
    :param ISD_AS isd_as: ISD the AS belongs to.
    :param obj as_obj: An object that stores crypto information for AS
    :param str instance_path: Location (in the file system) to write
    the configuration into.
    """
    # write keys
    as_key_path = {
        'cert':
        get_cert_chain_file_path(instance_path, isd_as, INITIAL_CERT_VERSION),
        'trc':
        get_trc_file_path(instance_path, isd_as[0], INITIAL_TRC_VERSION),
        'enc_key':
        get_enc_key_file_path(instance_path),
        'sig_key':
        get_sig_key_file_path(instance_path),
        'sig_key_raw':
        get_sig_key_raw_file_path(instance_path),
    }
    core_key_path = {
        'core_sig_key': get_core_sig_key_file_path(instance_path),
        'core_sig_key_raw': get_core_sig_key_raw_file_path(instance_path),
        'online_key': get_online_key_file_path(instance_path),
        'online_key_raw': get_online_key_raw_file_path(instance_path),
        'offline_key': get_offline_key_file_path(instance_path),
        'offline_key_raw': get_offline_key_raw_file_path(instance_path),
    }
    for key, path in as_key_path.items():
        if key == 'cert':  # write certificates
            write_file(path, as_obj.certificate)
        elif key == 'trc':  # write trc
            write_file(path, as_obj.trc)
        else:  # write keys
            write_file(path, as_obj.keys[key])
    if as_obj.core_keys:
        for key, path in core_key_path.items():
            write_file(path, as_obj.core_keys[key])
Example #7
0
 def _gen_trc_files(self, topo_id, _):
     trc = self.trcs[topo_id[0]]
     trc_path = get_trc_file_path("", topo_id[0], INITIAL_TRC_VERSION)
     self.trc_files[topo_id][trc_path] = str(trc)