Python generate_ca_signed_cert Exemples

Exemple #1

    async def test_harvester(self, harvester_farmer):
        harvester, farmer_api = harvester_farmer
        harvester_server = harvester.server

        # harvester should not accept incoming connections
        pub_crt = harvester_server._private_key_path.parent / "p2p.crt"
        pub_key = harvester_server._private_key_path.parent / "p2p.key"
        generate_ca_signed_cert(
            harvester_server.chia_ca_crt_path.read_bytes(),
            harvester_server.chia_ca_key_path.read_bytes(),
            pub_crt,
            pub_key,
        )
        ssl_context = ssl_context_for_client(harvester_server.chia_ca_crt_path,
                                             harvester_server.chia_ca_key_path,
                                             pub_crt, pub_key)
        connected = await establish_connection(harvester_server, 12312,
                                               ssl_context)
        assert connected is False

        # Not even signed by private cert
        priv_crt = harvester_server._private_key_path.parent / "valid.crt"
        priv_key = harvester_server._private_key_path.parent / "valid.key"
        generate_ca_signed_cert(
            harvester_server.ca_private_crt_path.read_bytes(),
            harvester_server.ca_private_key_path.read_bytes(),
            priv_crt,
            priv_key,
        )
        ssl_context = ssl_context_for_client(
            harvester_server.ca_private_crt_path,
            harvester_server.ca_private_key_path, priv_crt, priv_key)
        connected = await establish_connection(harvester_server, 12312,
                                               ssl_context)
        assert connected is False

Exemple #2

    async def test_timelord(self, timelord):
        timelord_api, timelord_server = timelord

        # timelord should not accept incoming connections
        pub_crt = timelord_server._private_key_path.parent / "p2p.crt"
        pub_key = timelord_server._private_key_path.parent / "p2p.key"
        generate_ca_signed_cert(
            timelord_server.chia_ca_crt_path.read_bytes(),
            timelord_server.chia_ca_key_path.read_bytes(),
            pub_crt,
            pub_key,
        )
        ssl_context = ssl_context_for_client(timelord_server.chia_ca_crt_path,
                                             timelord_server.chia_ca_key_path,
                                             pub_crt, pub_key)
        connected = await establish_connection(timelord_server, 12312,
                                               ssl_context)
        assert connected is False

        # Not even signed by private cert
        priv_crt = timelord_server._private_key_path.parent / "valid.crt"
        priv_key = timelord_server._private_key_path.parent / "valid.key"
        generate_ca_signed_cert(
            timelord_server.ca_private_crt_path.read_bytes(),
            timelord_server.ca_private_key_path.read_bytes(),
            priv_crt,
            priv_key,
        )
        ssl_context = ssl_context_for_client(
            timelord_server.ca_private_crt_path,
            timelord_server.ca_private_key_path, priv_crt, priv_key)
        connected = await establish_connection(timelord_server, 12312,
                                               ssl_context)
        assert connected is False

Exemple #3

    async def test_wallet(self, wallet_node):
        full_nodes, wallets = wallet_node
        wallet_node, wallet_server = wallets[0]

        # Wallet should not accept incoming connections
        pub_crt = wallet_server._private_key_path.parent / "p2p.crt"
        pub_key = wallet_server._private_key_path.parent / "p2p.key"
        generate_ca_signed_cert(wallet_server.chia_ca_crt_path.read_bytes(),
                                wallet_server.chia_ca_key_path.read_bytes(),
                                pub_crt, pub_key)
        ssl_context = ssl_context_for_client(wallet_server.chia_ca_crt_path,
                                             wallet_server.chia_ca_key_path,
                                             pub_crt, pub_key)
        connected = await establish_connection(wallet_server, 12312,
                                               ssl_context)
        assert connected is False

        # Not even signed by private cert
        priv_crt = wallet_server._private_key_path.parent / "valid.crt"
        priv_key = wallet_server._private_key_path.parent / "valid.key"
        generate_ca_signed_cert(
            wallet_server.ca_private_crt_path.read_bytes(),
            wallet_server.ca_private_key_path.read_bytes(),
            priv_crt,
            priv_key,
        )
        ssl_context = ssl_context_for_client(wallet_server.ca_private_crt_path,
                                             wallet_server.ca_private_key_path,
                                             priv_crt, priv_key)
        connected = await establish_connection(wallet_server, 12312,
                                               ssl_context)
        assert connected is False

Exemple #4

Fichier : init_funcs.py Projet : olivernyc/chia-blockchain

def generate_ssl_for_nodes(ssl_dir: Path, ca_crt: bytes, ca_key: bytes, private: bool, overwrite=True):
    if private:
        names = private_node_names
    else:
        names = public_node_names

    for node_name in names:
        node_dir = ssl_dir / node_name
        ensure_ssl_dirs([node_dir])
        if private:
            prefix = "private"
        else:
            prefix = "public"
        key_path = node_dir / f"{prefix}_{node_name}.key"
        crt_path = node_dir / f"{prefix}_{node_name}.crt"
        if key_path.exists() and crt_path.exists() and overwrite is False:
            continue
        generate_ca_signed_cert(ca_crt, ca_key, crt_path, key_path)

Exemple #5

    async def test_introducer(self, introducer):
        introducer_api, introducer_server = introducer

        # Create not authenticated cert
        pub_crt = introducer_server.chia_ca_key_path.parent / "p2p.crt"
        pub_key = introducer_server.chia_ca_key_path.parent / "p2p.key"
        generate_ca_signed_cert(
            introducer_server.chia_ca_crt_path.read_bytes(),
            introducer_server.chia_ca_key_path.read_bytes(),
            pub_crt,
            pub_key,
        )
        ssl_context = ssl_context_for_client(
            introducer_server.chia_ca_crt_path,
            introducer_server.chia_ca_key_path, pub_crt, pub_key)
        connected = await establish_connection(introducer_server, 12312,
                                               ssl_context)
        assert connected is True

Exemple #6

Fichier : connection_utils.py Projet : olivernyc/chia-blockchain

async def add_dummy_connection(
        server: ChiaServer,
        dummy_port: int,
        type: NodeType = NodeType.FULL_NODE) -> Tuple[asyncio.Queue, bytes32]:
    timeout = aiohttp.ClientTimeout(total=10)
    session = aiohttp.ClientSession(timeout=timeout)
    incoming_queue: asyncio.Queue = asyncio.Queue()
    dummy_crt_path = server._private_key_path.parent / "dummy.crt"
    dummy_key_path = server._private_key_path.parent / "dummy.key"
    generate_ca_signed_cert(server.chia_ca_crt_path.read_bytes(),
                            server.chia_ca_key_path.read_bytes(),
                            dummy_crt_path, dummy_key_path)
    ssl_context = ssl_context_for_client(server.chia_ca_crt_path,
                                         server.chia_ca_key_path,
                                         dummy_crt_path, dummy_key_path)
    pem_cert = x509.load_pem_x509_certificate(dummy_crt_path.read_bytes(),
                                              default_backend())
    der_cert = x509.load_der_x509_certificate(
        pem_cert.public_bytes(serialization.Encoding.DER), default_backend())
    peer_id = bytes32(der_cert.fingerprint(hashes.SHA256()))
    url = f"wss://{self_hostname}:{server._port}/ws"
    ws = await session.ws_connect(url,
                                  autoclose=True,
                                  autoping=True,
                                  ssl=ssl_context)
    wsc = WSChiaConnection(
        type,
        ws,
        server._port,
        log,
        True,
        False,
        self_hostname,
        incoming_queue,
        lambda x, y: x,
        peer_id,
        100,
        30,
    )
    handshake = await wsc.perform_handshake(server._network_id,
                                            protocol_version, dummy_port,
                                            NodeType.FULL_NODE)
    assert handshake is True
    return incoming_queue, peer_id

Exemple #7

    async def test_full_node(self, wallet_node):
        full_nodes, wallets = wallet_node
        full_node_api = full_nodes[0]
        full_node_server = full_node_api.full_node.server

        # Create not authenticated cert
        pub_crt = full_node_server._private_key_path.parent / "p2p.crt"
        pub_key = full_node_server._private_key_path.parent / "p2p.key"
        generate_ca_signed_cert(
            full_node_server.chia_ca_crt_path.read_bytes(),
            full_node_server.chia_ca_key_path.read_bytes(),
            pub_crt,
            pub_key,
        )
        ssl_context = ssl_context_for_client(full_node_server.chia_ca_crt_path,
                                             full_node_server.chia_ca_key_path,
                                             pub_crt, pub_key)
        connected = await establish_connection(full_node_server, 12312,
                                               ssl_context)
        assert connected is True

Exemple #8

    async def test_farmer(self, harvester_farmer):
        harvester_service, farmer_service = harvester_farmer
        farmer_api = farmer_service._api

        farmer_server = farmer_api.farmer.server
        # Create valid cert (valid meaning signed with private CA)
        priv_crt = farmer_server._private_key_path.parent / "valid.crt"
        priv_key = farmer_server._private_key_path.parent / "valid.key"
        generate_ca_signed_cert(
            farmer_server.ca_private_crt_path.read_bytes(),
            farmer_server.ca_private_key_path.read_bytes(),
            priv_crt,
            priv_key,
        )
        ssl_context = ssl_context_for_client(farmer_server.ca_private_crt_path,
                                             farmer_server.ca_private_key_path,
                                             priv_crt, priv_key)
        connected = await establish_connection(farmer_server, 12312,
                                               ssl_context)
        assert connected is True

        # Create not authenticated cert
        pub_crt = farmer_server._private_key_path.parent / "non_valid.crt"
        pub_key = farmer_server._private_key_path.parent / "non_valid.key"
        generate_ca_signed_cert(farmer_server.chia_ca_crt_path.read_bytes(),
                                farmer_server.chia_ca_key_path.read_bytes(),
                                pub_crt, pub_key)
        ssl_context = ssl_context_for_client(farmer_server.chia_ca_crt_path,
                                             farmer_server.chia_ca_key_path,
                                             pub_crt, pub_key)
        connected = await establish_connection(farmer_server, 12312,
                                               ssl_context)
        assert connected is False
        ssl_context = ssl_context_for_client(farmer_server.ca_private_crt_path,
                                             farmer_server.ca_private_key_path,
                                             pub_crt, pub_key)
        connected = await establish_connection(farmer_server, 12312,
                                               ssl_context)
        assert connected is False