def test_cert_gen(self):
gen = NuclideCertificatesGenerator(tempfile.gettempdir(), 'localhost',
'test')
self.verify_key_file(gen.ca_key)
self.verify_cert_file(gen.ca_cert)
self.verify_key_file(gen.server_key)
self.verify_cert_file(gen.server_cert)
self.verify_key_file(gen.client_key)
self.verify_cert_file(gen.client_cert)
self.assertEquals(
'localhost',
NuclideCertificatesGenerator.get_common_name(gen.server_cert))
def start_server(self, server):
self.logger.info('Starting NuclideServer...')
if self.options.insecure:
# Use http.
self.logger.info('Using http.')
return server.start(self.options.timeout,
quiet=self.options.quiet,
debug=self.options.debug)
else:
# Use https.
self.logger.info('Using https.')
certs_dir = self.options.certs_dir or self._ensure_certs_dir()
# Add prefix "user.nuclide" to avoid collision.
common_name = self.options.common_name or \
'%s.nuclide.%s' % (getpass.getuser(), socket.gethostname())
# TODO: Client common name is 'nuclide'.
# We may want to generate unique common name and verify it.
certs_generator = NuclideCertificatesGenerator(
certs_dir,
common_name,
'nuclide',
expiration_days=CERTS_EXPIRATION_DAYS)
self.logger.info(
'Initialized NuclideCertificatesGenerator with common_name: {0}'
.format(common_name))
return server.start(self.options.timeout,
cert=certs_generator.server_cert,
key=certs_generator.server_key,
ca=certs_generator.ca_cert,
quiet=self.options.quiet,
debug=self.options.debug)
def test_get_certificates(self):
gen = NuclideCertificatesGenerator(tempfile.gettempdir(), 'localhost',
'test')
server_9090 = NuclideServer(9090)
ret = server_9090.start(timeout=TIMEOUT,
cert=gen.server_cert,
key=gen.server_key,
ca=gen.ca_cert)
self.assertEquals(ret, 0)
# Verify cert files.
server_cert, server_key, ca = server_9090.get_server_certificate_files(
)
self.assertEquals(server_cert, gen.server_cert)
self.assertEquals(server_key, gen.server_key)
self.assertEquals(ca, gen.ca_cert)
client_cert, client_key = NuclideServer.get_client_certificate_files(
ca)
self.assertEquals(client_cert, gen.client_cert)
self.assertEquals(client_key, gen.client_key)
# Verify same cert files after restart.
server_9090.restart(timeout=TIMEOUT)
server_cert, server_key, ca = server_9090.get_server_certificate_files(
)
self.assertEquals(server_cert, gen.server_cert)
self.assertEquals(server_key, gen.server_key)
self.assertEquals(ca, gen.ca_cert)
def test_cert_gen(self):
gen = NuclideCertificatesGenerator(tempfile.gettempdir(), 'localhost', 'test')
self.verify_key_file(gen.ca_key)
self.verify_cert_file(gen.ca_cert)
self.verify_key_file(gen.server_key)
self.verify_cert_file(gen.server_cert)
self.verify_key_file(gen.client_key)
self.verify_cert_file(gen.client_cert)
self.assertEquals(
'localhost', NuclideCertificatesGenerator.get_common_name(gen.server_cert))
def print_json(self):
output = {'version': self.get_version(), 'port': self.port, 'workspace': self.workspace}
server_cert, server_key, ca = self.get_server_certificate_files()
if server_cert is not None and server_key is not None and ca is not None:
client_cert, client_key = self.get_client_certificate_files(ca)
output['cert'] = self._read_cert_file(client_cert)
output['key'] = self._read_cert_file(client_key)
output['ca'] = self._read_cert_file(ca)
output['hostname'] = NuclideCertificatesGenerator.get_common_name(server_cert)
print(json.dumps(output))
def get_server_info(self):
output = {'version': self.get_version(), 'port': self.port, 'workspace': self.workspace}
output['pid'] = self._get_proc_info().get_pid()
server_cert, server_key, ca = self.get_server_certificate_files()
if server_cert is not None and server_key is not None and ca is not None:
client_cert, client_key = self.get_client_certificate_files(ca)
output['cert'] = self._read_cert_file(client_cert)
output['key'] = self._read_cert_file(client_key)
output['ca'] = self._read_cert_file(ca)
output['hostname'] = NuclideCertificatesGenerator.get_common_name(server_cert)
return output
def get_version(self):
# Return version if it is cached.
if self._version is not None:
return self._version
if self.is_https():
server_cert, server_key, ca = self.get_server_certificate_files()
client_cert, client_key = self.get_client_certificate_files(ca)
common_name = NuclideCertificatesGenerator.get_common_name(server_cert)
self._version = utils.http_get(common_name, self.port, method='POST', url='/heartbeat',
key_file=client_key, cert_file=client_cert, ca_cert=ca)
else:
self._version = utils.http_get('localhost', self.port, method='POST', url='/heartbeat')
return self._version
def get_version(self):
# Return version if it is cached.
if self._version is not None:
return self._version
if self.is_https():
server_cert, server_key, ca = self.get_server_certificate_files()
client_cert, client_key = self.get_client_certificate_files(ca)
common_name = NuclideCertificatesGenerator.get_common_name(server_cert)
self._version = utils.http_get(common_name, self.port, method='POST', url='/heartbeat',
key_file=client_key, cert_file=client_cert, ca_cert=ca)
else:
self._version = utils.http_get('localhost', self.port, method='POST', url='/heartbeat')
return self._version
def _generate_certificates(self):
# Add prefix "user.nuclide" to avoid collision.
common_name = self.options.common_name or \
'%s.nuclide.%s' % (getpass.getuser(), socket.gethostname())
# TODO: Client common name is 'nuclide'.
# We may want to generate unique common name and verify it.
certs_dir = self.options.certs_dir or self._ensure_certs_dir()
generator = NuclideCertificatesGenerator(
certs_dir,
common_name,
'nuclide',
expiration_days=CERTS_EXPIRATION_DAYS)
self.logger.info(
'Initialized NuclideCertificatesGenerator with common_name: {0}'.
format(common_name))
return generator.ca_cert, generator.server_cert, generator.server_key
def start_server(self, server):
self.logger.info('Starting NuclideServer...')
if self.options.insecure:
# Use http.
self.logger.info('Using http.')
return server.start(
self.options.timeout,
quiet=self.options.quiet,
debug=self.options.debug,
inspect=self.options.inspect,
abort_on_uncaught_exception=self.options.dump_core)
else:
# Use https.
self.logger.info('Using https.')
certs_dir = self.options.certs_dir or self._ensure_certs_dir()
# Add prefix "user.nuclide" to avoid collision.
common_name = self.options.common_name or \
'%s.nuclide.%s' % (getpass.getuser(), socket.gethostname())
# TODO: Client common name is 'nuclide'.
# We may want to generate unique common name and verify it.
certs_generator = NuclideCertificatesGenerator(
certs_dir,
common_name,
'nuclide',
expiration_days=CERTS_EXPIRATION_DAYS)
self.logger.info(
'Initialized NuclideCertificatesGenerator with common_name: {0}'
.format(common_name))
self._check_if_certs_files_exist(certs_generator)
return server.start(
self.options.timeout,
cert=certs_generator.server_cert,
key=certs_generator.server_key,
ca=certs_generator.ca_cert,
quiet=self.options.quiet,
debug=self.options.debug,
inspect=self.options.inspect,
abort_on_uncaught_exception=self.options.dump_core,
# After the server certificate expires, clients won't be able to connect.
# Automatically exit to avoid zombie servers.
expiration_days=CERTS_EXPIRATION_DAYS + 1)
def start_server(self, server):
print('Starting Nuclide server...', file=sys.stderr)
if self.options.insecure:
# Use http.
return server.start(self.options.timeout, quiet=self.options.quiet)
else:
# Use https.
certs_dir = self.options.certs_dir or self._ensure_certs_dir()
# Add prefix "user.nuclide" to avoid collision.
common_name = self.options.common_name or \
'%s.nuclide.%s' % (getpass.getuser(), socket.gethostname())
# TODO: Client common name is 'nuclide'.
# We may want to generate unique common name and verify it.
certs_generator = NuclideCertificatesGenerator(
certs_dir,
common_name,
'nuclide',
expiration_days=CERTS_EXPIRATION_DAYS)
return server.start(self.options.timeout,
cert=certs_generator.server_cert,
key=certs_generator.server_key,
ca=certs_generator.ca_cert,
quiet=self.options.quiet)
def get_common_name(self):
server_cert, _, _ = self.get_server_certificate_files()
if server_cert is not None:
return NuclideCertificatesGenerator.get_common_name(server_cert)
else:
return None
def get_common_name(self):
server_cert, _, _ = self.get_server_certificate_files()
if server_cert is not None:
return NuclideCertificatesGenerator.get_common_name(server_cert)
else:
return None
def test_altnames(self):
gen = NuclideCertificatesGenerator(tempfile.gettempdir(), '127.0.0.1', 'test')
text = NuclideCertificatesGenerator.get_text(gen.server_cert)
self.assertTrue('Subject Alternative Name' in text)
self.assertTrue('IP Address:127.0.0.1' in text)
def test_altnames(self):
gen = NuclideCertificatesGenerator(tempfile.gettempdir(), '127.0.0.1',
'test')
text = NuclideCertificatesGenerator.get_text(gen.server_cert)
self.assertTrue('Subject Alternative Name' in text)
self.assertTrue('IP Address:127.0.0.1' in text)
