def start( self, req_address: str, sub_address: str, client_secretkey_path: str = "", server_publickey_path: str = "", username: str = "", password: str = "" ) -> None: """ Start RpcClient """ if self.__active: return # Start authenticator if client_secretkey_path and server_publickey_path: self.__authenticator = ThreadAuthenticator(self.__context) self.__authenticator.start() self.__authenticator.configure_curve( domain="*", location=zmq.auth.CURVE_ALLOW_ANY ) publickey, secretkey = zmq.auth.load_certificate(client_secretkey_path) serverkey, _ = zmq.auth.load_certificate(server_publickey_path) self.__socket_sub.curve_secretkey = secretkey self.__socket_sub.curve_publickey = publickey self.__socket_sub.curve_serverkey = serverkey self.__socket_req.curve_secretkey = secretkey self.__socket_req.curve_publickey = publickey self.__socket_req.curve_serverkey = serverkey elif username and password: self.__authenticator = ThreadAuthenticator(self.__context) self.__authenticator.start() self.__authenticator.configure_plain( domain="*", passwords={username: password} ) self.__socket_sub.plain_username = username.encode() self.__socket_sub.plain_password = password.encode() self.__socket_req.plain_username = username.encode() self.__socket_req.plain_password = password.encode() # Connect zmq port self.__socket_req.connect(req_address) self.__socket_sub.connect(sub_address) # Start RpcClient status self.__active = True # Start RpcClient thread self.__thread = threading.Thread(target=self.run) self.__thread.start() self._last_received_ping = datetime.utcnow()
def run(): '''Run strawhouse client''' allow_test_pass = False deny_test_pass = False ctx = zmq.Context().instance() # Start an authenticator for this context. auth = ThreadAuthenticator(ctx) auth.start() # Part 1 - demonstrate allowing clients based on IP address auth.allow('127.0.0.1') server = ctx.socket(zmq.PUSH) server.zap_domain = b'global' # must come before bind server.bind('tcp://*:9000') client_allow = ctx.socket(zmq.PULL) client_allow.connect('tcp://127.0.0.1:9000') server.send(b"Hello") msg = client_allow.recv() if msg == b"Hello": allow_test_pass = True client_allow.close() # Part 2 - demonstrate denying clients based on IP address auth.stop() auth = ThreadAuthenticator(ctx) auth.start() auth.deny('127.0.0.1') client_deny = ctx.socket(zmq.PULL) client_deny.connect('tcp://127.0.0.1:9000') if server.poll(50, zmq.POLLOUT): server.send(b"Hello") if client_deny.poll(50): msg = client_deny.recv() else: deny_test_pass = True else: deny_test_pass = True client_deny.close() auth.stop() # stop auth thread if allow_test_pass and deny_test_pass: logging.info("Strawhouse test OK") else: logging.error("Strawhouse test FAIL")
def start( self, rep_address: str, pub_address: str, server_secretkey_path: str = "", username: str = "", password: str = "" ) -> None: """ Start RpcServer """ if self.__active: return # Start authenticator if server_secretkey_path: self.__authenticator = ThreadAuthenticator(self.__context) self.__authenticator.start() self.__authenticator.configure_curve( domain="*", location=zmq.auth.CURVE_ALLOW_ANY ) publickey, secretkey = zmq.auth.load_certificate(server_secretkey_path) self.__socket_pub.curve_secretkey = secretkey self.__socket_pub.curve_publickey = publickey self.__socket_pub.curve_server = True self.__socket_rep.curve_secretkey = secretkey self.__socket_rep.curve_publickey = publickey self.__socket_rep.curve_server = True elif username and password: self.__authenticator = ThreadAuthenticator(self.__context) self.__authenticator.start() self.__authenticator.configure_plain( domain="*", passwords={username: password} ) self.__socket_pub.plain_server = True self.__socket_rep.plain_server = True # Bind socket address self.__socket_rep.bind(rep_address) self.__socket_pub.bind(pub_address) # Start RpcServer status self.__active = True # Start RpcServer thread self.__thread = threading.Thread(target=self.run) self.__thread.start()
def __init__(self, addr, port, node_id, listener, secret_key, secure=True): """ Creates a new server (bound but not dispatching messages) @param addr: IP address of this node @param port: Port number to listen on @param node_id: Public key (z85 encoded) of this node @param listener: Callback object to receive handle_* function calls """ self.ctx = zmq.Context() self.node = pack_node(addr, port, node_id) self.shutdown = False self.listener = listener self.sock = Socket(self.ctx, zmq.ROUTER) self.sock.identity = node_id # self.sock.router_handover = 1 # allow peer reconnections with same id # enable curve encryption/auth if secure: if not Server.auth: Server.auth = ThreadAuthenticator() Server.auth.start() Server.auth.configure_curve(domain='*', location=CURVE_ALLOW_ANY) self.sock.curve_server = True self.sock.curve_secretkey = z85.decode(secret_key) self.sock.curve_publickey = z85.decode(node_id) self.sock.bind("tcp://*:{0}".format(port)) LOGGER.info("S listening.")
def start_auth(self): self.log.debug("starting auth thread") self.auth = ThreadAuthenticator(self.ctx) self.auth.start() self.auth.allow("127.0.0.1") self.auth.configure_curve(domain="*", location=self.keyring) self.load_or_create_key()
def _init_zmq(self): """ Configure the zmq components and connection. """ context = zmq.Context() socket = context.socket(zmq.REP) if flags.ZMQ_HAS_CURVE: # Start an authenticator for this context. auth = ThreadAuthenticator(context) auth.start() # XXX do not hardcode this here. auth.allow('127.0.0.1') # Tell authenticator to use the certificate in a directory auth.configure_curve(domain='*', location=zmq.auth.CURVE_ALLOW_ANY) public, secret = get_backend_certificates() socket.curve_publickey = public socket.curve_secretkey = secret socket.curve_server = True # must come before bind socket.bind(self.BIND_ADDR) if not flags.ZMQ_HAS_CURVE: os.chmod(self.SOCKET_FILE, 0600) self._zmq_socket = socket
def run(): ''' Run Ironhouse example ''' # These directories are generated by the generate_certificates script keys_dir = os.path.dirname(__file__) ctx = zmq.Context.instance() # Start an authenticator for this context. auth = ThreadAuthenticator(ctx) auth.start() auth.allow('127.0.0.1') # Tell authenticator to use the certificate in a directory print(keys_dir) #auth.configure_curve(domain='*', location=keys_dir) auth.configure_curve(domain='*', location=".") server_key_file = os.path.join(keys_dir, "server.key") server_public, server_secret = zmq.auth.load_certificate(server_key_file) server = ctx.socket(zmq.PUSH) server.curve_secretkey = server_secret server.curve_publickey = server_public server.curve_server = True # must come before bind server.bind('tcp://*:9000') server.send(b"Hello") # Make sure that there is time to finish the handshake time.sleep(2) # stop auth thread auth.stop()
def _setup_zmq(self): context = zmq.Context() if "username" in self.settings and self.settings["username"]: if "password" not in self.settings or not self.settings["password"]: raise Exception("When username is set, password cannot be empty.") self.auth = ThreadAuthenticator(context) self.auth.start() self.auth.configure_plain(domain="*", passwords={self.settings["username"]: self.settings["password"]}) else: if self.auth: self.auth.stop() self.auth = None self.socket = context.socket(zmq.PUB) if self.settings["username"]: self.socket.plain_server = True # must come before bind self.socket.bind("tcp://{}:{}".format(self.settings["host"], self.settings["port"])) self._logger.debug("ZMQ listening on tcp://{}:{}".format(self.settings["host"], self.settings["port"])) if self._logger.isEnabledFor(logging.DEBUG): monitor = self.socket.get_monitor_socket() self.monitor_thread = threading.Thread(target=event_monitor, args=(monitor, self._logger)) self.monitor_thread.start() else: if self.monitor_thread: self.socket.disable_monitor() self.monitor_thread = None
def run(): ''' Run Ironhouse example ''' # These directories are generated by the generate_certificates script base_dir = os.path.dirname(__file__) keys_dir = os.path.join(base_dir, 'certificates') public_keys_dir = os.path.join(base_dir, 'public_keys') secret_keys_dir = os.path.join(base_dir, 'private_keys') if not (os.path.exists(keys_dir) and os.path.exists(public_keys_dir) and os.path.exists(secret_keys_dir)): logging.critical("Certificates are missing - run generate_certificates.py script first") sys.exit(1) ctx = zmq.Context.instance() # Start an authenticator for this context. auth = ThreadAuthenticator(ctx) auth.start() auth.allow('127.0.0.1') # Tell authenticator to use the certificate in a directory auth.configure_curve(domain='*', location=public_keys_dir) server = ctx.socket(zmq.PUSH) server_secret_file = os.path.join(secret_keys_dir, "server.key_secret") server_public, server_secret = zmq.auth.load_certificate(server_secret_file) server.curve_secretkey = server_secret server.curve_publickey = server_public server.curve_server = True # must come before bind server.bind('tcp://*:9000') client = ctx.socket(zmq.PULL) # We need two certificates, one for the client and one for # the server. The client must know the server's public key # to make a CURVE connection. client_secret_file = os.path.join(secret_keys_dir, "client.key_secret") client_public, client_secret = zmq.auth.load_certificate(client_secret_file) client.curve_secretkey = client_secret client.curve_publickey = client_public server_public_file = os.path.join(public_keys_dir, "server.key") server_public, _ = zmq.auth.load_certificate(server_public_file) # The client must know the server's public key to make a CURVE connection. client.curve_serverkey = server_public client.connect('tcp://127.0.0.1:9000') server.send(b"Hello") if client.poll(1000): msg = client.recv() if msg == b"Hello": logging.info("Ironhouse test OK") else: logging.error("Ironhouse test FAIL") # stop auth thread auth.stop()
def _init_txzmq(self): """ Configure the txzmq components and connection. """ self._zmq_factory = txzmq.ZmqFactory() self._zmq_factory.registerForShutdown() self._zmq_connection = txzmq.ZmqREPConnection(self._zmq_factory) context = self._zmq_factory.context socket = self._zmq_connection.socket def _gotMessage(messageId, messageParts): self._zmq_connection.reply(messageId, "OK") self._process_request(messageParts) self._zmq_connection.gotMessage = _gotMessage if flags.ZMQ_HAS_CURVE: # Start an authenticator for this context. auth = ThreadAuthenticator(context) auth.start() # XXX do not hardcode this here. auth.allow('127.0.0.1') # Tell authenticator to use the certificate in a directory auth.configure_curve(domain='*', location=zmq.auth.CURVE_ALLOW_ANY) public, secret = get_backend_certificates() socket.curve_publickey = public socket.curve_secretkey = secret socket.curve_server = True # must come before bind proto, addr = self._server_address.split('://') # tcp/ipc, ip/socket socket.bind(self._server_address) if proto == 'ipc': os.chmod(addr, 0600)
def initInteractions(self): try: self.zmqContext: zmq.Context = zmq.Context() self.auth = ThreadAuthenticator(self.zmqContext) self.auth.start() self.auth.allow("192.168.0.22") self.auth.allow(self.client_address) self.auth.configure_curve( domain='*', location=zmq.auth.CURVE_ALLOW_ANY ) # self.public_keys_dir ) # Use 'location=zmq.auth.CURVE_ALLOW_ANY' for stonehouse security self.request_socket: zmq.Socket = self.zmqContext.socket(zmq.REP) self.responder = StratusZMQResponder( self.zmqContext, self.response_port, client_address=self.client_address, certificate_path=self.cert_dir) self.initSocket() self.logger.info( "@@STRATUS-APP:Listening for requests on port: {}".format( self.request_port)) except Exception as err: self.logger.error( "@@STRATUS-APP: ------------------------------- StratusApp Init error: {} ------------------------------- " .format(err))
def pyzmq_authenticator(pyzmq_context): auth = ThreadAuthenticator(pyzmq_context) auth.start() auth.allow('127.0.0.1') auth.configure_curve(domain='*', location=zmq.auth.CURVE_ALLOW_ANY) yield auth.stop()
def __init__(self, zmq_rep_bind_address=None, zmq_sub_connect_addresses=None, recreate_sockets_on_timeout_of_sec=600, username=None, password=None): self.context = zmq.Context() self.auth = None self.last_received_message = None self.is_running = False self.thread = None self.zmq_rep_bind_address = zmq_rep_bind_address self.zmq_sub_connect_addresses = zmq_sub_connect_addresses self.poller = zmq.Poller() self.sub_sockets = [] self.rep_socket = None if username is not None and password is not None: # Start an authenticator for this context. # Does not work on PUB/SUB as far as I (probably because the more secure solutions # require two way communication as well) self.auth = ThreadAuthenticator(self.context) self.auth.start() # Instruct authenticator to handle PLAIN requests self.auth.configure_plain(domain='*', passwords={username: password}) if self.zmq_sub_connect_addresses: for address in self.zmq_sub_connect_addresses: self.sub_sockets.append( SubSocket(self.context, self.poller, address, recreate_sockets_on_timeout_of_sec)) if zmq_rep_bind_address: self.rep_socket = RepSocket(self.context, self.poller, zmq_rep_bind_address, self.auth)
def main(): localhost = socket_m.getfqdn() port = "5556" # ip = "*" ip = socket_m.gethostbyaddr(localhost)[2][0] context = zmq.Context() socket = context.socket(zmq.PULL) socket.zap_domain = b'global' socket.bind("tcp://" + ip + ":%s" % port) auth = ThreadAuthenticator(context) host = localhost # host = asap3-p00 whitelist = socket_m.gethostbyaddr(host)[2][0] # whitelist = None auth.start() if whitelist is None: auth.auth = None else: auth.allow(whitelist) try: while True: message = socket.recv_multipart() print("received reply ", message) except KeyboardInterrupt: pass finally: auth.stop()
def _run(self): """ Start a loop to process the ZMQ requests from the signaler client. """ logger.debug("Running SignalerQt loop") context = zmq.Context() socket = context.socket(zmq.REP) # Start an authenticator for this context. auth = ThreadAuthenticator(context) auth.start() auth.allow('127.0.0.1') # Tell authenticator to use the certificate in a directory auth.configure_curve(domain='*', location=zmq.auth.CURVE_ALLOW_ANY) public, secret = get_frontend_certificates() socket.curve_publickey = public socket.curve_secretkey = secret socket.curve_server = True # must come before bind socket.bind(self.BIND_ADDR) while self._do_work.is_set(): # Wait for next request from client try: request = socket.recv(zmq.NOBLOCK) # logger.debug("Received request: '{0}'".format(request)) socket.send("OK") self._process_request(request) except zmq.ZMQError as e: if e.errno != zmq.EAGAIN: raise time.sleep(0.01) logger.debug("SignalerQt thread stopped.")
def run_server(): endpoint = 'tcp://0.0.0.0:5555' print("endpoint: {}".format(endpoint)) srv = zerorpc.Server(Service()) ctx = zerorpc.Context.get_instance() auth = ThreadAuthenticator(ctx) auth.start() auth.allow('127.0.0.1') # Tell authenticator to use the certificate in a directory auth.configure_curve(domain='*', location=public_keys_dir) zmq_socket = srv._events._socket server_secret_file = os.path.join(secret_keys_dir, "server.key_secret") server_public, server_secret = zmq.auth.load_certificate( server_secret_file) if SECURE: print("Secure transport") zmq_socket.curve_secretkey = server_secret zmq_socket.curve_publickey = server_public zmq_socket.curve_server = True srv.bind(endpoint) srv_task = gevent.spawn(srv.run) srv_task.join()
def __init__(self, bind_str="tcp://127.0.0.1:5560", parent_model=None, layer=None, logins=None, viewable_layers=None): self.context = zmq.Context.instance() self.auth = ThreadAuthenticator(self.context) self.auth.start() #auth.allow('127.0.0.1') self.auth.configure_plain(domain='*', passwords=logins) self.socket = self.context.socket(zmq.PAIR) self.socket.plain_server = True self.socket.bind(bind_str) self.parent_model = parent_model self.curr_model = parent_model self.viewable_layers = viewable_layers self.config = tf.ConfigProto() self.config.gpu_options.per_process_gpu_memory_fraction = 0.3 self.config.gpu_options.allow_growth = True if not layer: self.layer = 5 #len(self.parent_model.layers) - 1 else: self.layer = layer
def __init__(self, publicPath): self.__context = zmq.Context() self.publicPath = publicPath self.auth = ThreadAuthenticator(self.__context) self.auth.start() self.auth.configure_curve(domain='*', location=self.publicPath) self.auth.thread.setName("CurveAuth")
def server_auth(self): # Start an authenticator for this context print("[#] Starting authenticator...") self.auth = ThreadAuthenticator(self.context) self.auth.start() self.auth.allow(self.HOST) # give authenticator access to approved clients' certificate directory self.auth.configure_curve(domain='*', location=self.public_keys_dir)
def main(args): context = zmq.Context() socket = context.socket(zmq.PUB) auth = ThreadAuthenticator(context) auth.start() auth.allow('127.0.0.1') if args.public_key and args.private_key: auth.configure_curve(domain='*', location=zmq.auth.CURVE_ALLOW_ANY) server_public_file = args.public_key server_secret_file = args.private_key server_public, server_secret = zmq.auth.load_certificate( server_secret_file) socket.curve_secretkey = server_secret socket.curve_publickey = server_public socket.curve_server = True socket.bind("tcp://*:%s" % args.port) miseq_run_dir_regex = ".+/\d{6}_[A-Z0-9]{6}_\d{4}_\d{9}-[A-Z0-9]{5}$" miseq_sample_sheet_regex = ".+/\d{6}_[A-Z0-9]{6}_\d{4}_\d{9}-[A-Z0-9]{5}/SampleSheet.csv$" miseq_run_completion_status_regex = ".+/\d{6}_[A-Z0-9]{6}_\d{4}_\d{9}-[A-Z0-9]{5}/RunCompletionStatus.xml$" illumina_run_dir_regexes = [ miseq_sample_sheet_regex, miseq_run_dir_regex, miseq_run_completion_status_regex, ] run_dir_event_handler = RunDirEventHandler( socket, regexes=illumina_run_dir_regexes, print_messages=args.print_messages) observers = [] for path in args.path: observer = Observer() observer.schedule(run_dir_event_handler, path, recursive=True) observer.start() observers.append(observer) heartbeat_thread = threading.Thread( target=heartbeat, args=([socket, args.heartbeat_interval, args.print_heartbeat]), daemon=True) heartbeat_thread.start() try: while True: time.sleep(1) except KeyboardInterrupt: for observer in observers: observer.stop() observer.join() auth.stop()
def __init__(self, kp, debug=False, be_ip='127.0.0.1', be_base_port=5561): """ Constructor, ZMQ connections are built here. :param kp: The keypair to use, in the form {'be_key': '[path]', 'app_key': '[path]'} """ super(BE, self).__init__(debug=debug) self.be_ip = be_ip self.be_base_port = be_base_port self.kp = kp self.name = 'UNK_BE' self.start_time = time.time() self.already_shutdown = False self.timerlist = {} self.next_tid = 0 self.fe_info = None self.Context = collections.namedtuple('ctx', 'ident sync message') self.msg_in = facilities_pb2.FacMessage() self.msg_out = facilities_pb2.FacMessage() self.context = zmq.Context(io_threads=2) # crypto bootstrap auth = ThreadAuthenticator(self.context) auth.start() auth.configure_curve(domain='*', location=zmq.auth.CURVE_ALLOW_ANY) pub_public, pub_secret = zmq.auth.load_certificate(kp['be_key']) sub_public, sub_secret = zmq.auth.load_certificate(kp['app_key']) TCP_BE_DLR = f'tcp://{self.be_ip}:{self.be_base_port+0}' TCP_BE_SUB = f'tcp://{self.be_ip}:{self.be_base_port+1}' # use this to receive and send messages to FEs self.dealer_be = self.context.socket(zmq.DEALER) # crypto start self.dealer_be.curve_publickey = pub_public self.dealer_be.curve_secretkey = pub_secret self.dealer_be.curve_server = True # crypto end self.tprint('info', f'PXY--BE: Binding as Dealer to {TCP_BE_DLR}') self.dealer_be.bind(TCP_BE_DLR) # outgoing pub messages to FEs self.pub_be = self.context.socket(zmq.PUB) # crypto start self.pub_be.curve_publickey = pub_public self.pub_be.curve_secretkey = pub_secret self.pub_be.curve_server = True # crypto end self.tprint('info', f'PXY--BE: Binding as Subscriber to {TCP_BE_SUB}') self.pub_be.bind(TCP_BE_SUB) self.poller = zmq.Poller() self.poller.register(self.dealer_be, zmq.POLLIN)
def run(): '''Run woodhouse example''' valid_client_test_pass = False invalid_client_test_pass = False ctx = zmq.Context.instance() # Start an authenticator for this context. auth = ThreadAuthenticator(ctx) auth.start() auth.allow('127.0.0.1') # Instruct authenticator to handle PLAIN requests auth.configure_plain(domain='*', passwords={'admin': 'secret'}) server = ctx.socket(zmq.PUSH) server.plain_server = True # must come before bind server.bind('tcp://*:9000') client = ctx.socket(zmq.PULL) client.plain_username = b'admin' client.plain_password = b'secret' client.connect('tcp://127.0.0.1:9000') server.send(b"Hello") if client.poll(): msg = client.recv() if msg == b"Hello": valid_client_test_pass = True client.close() # now use invalid credentials - expect no msg received client2 = ctx.socket(zmq.PULL) client2.plain_username = b'admin' client2.plain_password = b'bogus' client2.connect('tcp://127.0.0.1:9000') server.send(b"World") if client2.poll(50): msg = client.recv() if msg == "World": invalid_client_test_pass = False else: # no message is expected invalid_client_test_pass = True # stop auth thread auth.stop() if valid_client_test_pass and invalid_client_test_pass: logging.info("Woodhouse test OK") else: logging.error("Woodhouse test FAIL")
def make_authenticator(context): auth = ThreadAuthenticator(context) auth.start() # Note: by omitting auth.allow(ip) we're allowing connection from any IP auth.configure_curve( domain='*', # CURVE_ALLOW_ANY: allow all client keys without checking location=zmq.auth.CURVE_ALLOW_ANY) return auth
def _init_auth(ctx, only_localhost, config: Configuration): auth = ThreadAuthenticator(ctx) auth.start() if only_localhost: auth.allow('127.0.0.1') else: auth.allow('*') auth.configure_curve(domain='*', location=config.zmq_public_keys_dir())
def init(self): srv = zerorpc.Server(self.methods) ctx = zerorpc.Context.get_instance() auth = ThreadAuthenticator(ctx) auth.start() auth.allow(*self.whitelist) auth.configure_curve(domain='*', location=self.public_keys_dir) zmq_socket = srv._events._socket zmq_socket.curve_secretkey = self.server_secret zmq_socket.curve_publickey = self.server_public zmq_socket.curve_server = True return srv
def setup(self): """Creates a :attr:`context` and an event :attr:`loop` for the process.""" ctx = self.context = zmq.Context() auth = self.auth_thread = ThreadAuthenticator(ctx) auth.start() if self.clients: auth.allow(*self.clients) # pylint: disable=not-an-iterable if self.passwords: auth.configure_plain(domain='*', passwords=self.passwords) self.loop = ioloop.IOLoop.current() self.rep_stream, _ = self.stream(self.socket_type, self.bind_addr, bind=True) self.init_stream()
def main(): auth = ThreadAuthenticator(zmq.Context.instance()) auth.start() auth.allow('127.0.0.1') # Tell the authenticator how to handle CURVE requests auth.configure_curve(domain='*', location=zmq.auth.CURVE_ALLOW_ANY) key = Key.load('example/broker.key_secret') broker = SecureMajorDomoBroker(key, sys.argv[1]) try: broker.serve_forever() except KeyboardInterrupt: auth.stop() raise
def _setup_auth(self, auth_whitelist: list, loop): if loop is None: self.auth = ThreadAuthenticator(self.context) else: self.auth = IOLoopAuthenticator(self.context, io_loop=loop) # allow all local host self.logger.debug('Auth whitelist %s', auth_whitelist) if auth_whitelist is not None: self.auth.allow(auth_whitelist) self._base_filepath = get_certificate_filepath() public_key_location = path.join(self._base_filepath, 'public_keys') self.auth.configure_curve(domain='*', location=public_key_location) self.auth.start()
def __init__(self, settings): self.redis = RedisScraper(settings) self.id = settings.getKey("box_id") self.log = logging.getLogger('ZMQ') self.clientPath = settings.getKey("zmq.private_cert") self.serverPath = settings.getKey("zmq.server_cert") if not self.clientPath or not self.serverPath: self.log.fatal( "zmq certificates not configured in the settings file") os._exit(1) self.host = settings.getKey("zmq.acq_host") self.ctx = zmq.Context() self.auth = ThreadAuthenticator(self.ctx) self.auth.start() #self.auth.allow('127.0.0.1') self.auth.configure_curve(domain='*', location=zmq.auth.CURVE_ALLOW_ANY) self.client = self.ctx.socket(zmq.REP) try: client_public, client_secret = zmq.auth.load_certificate( self.clientPath) self.client.curve_secretkey = client_secret self.client.curve_publickey = client_public server_public, _ = zmq.auth.load_certificate(self.serverPath) self.client.curve_serverkey = server_public self.client.connect(self.host) except IOError: self.log.fatal("Could not load client certificate") os._exit(1) except ValueError: self.log.fatal("Could not load client certificate") os._exit(1) self.log.info("ZMQ connected to " + self.host + " using certs " + self.clientPath) self.running = False self.handlers = { opq_pb2.RequestDataMessage.PING: self.ping, opq_pb2.RequestDataMessage.READ: self.read }
def _start_thread_auth(self, socket): """ Start the zmq curve thread authenticator. :param socket: The socket in which to configure the authenticator. :type socket: zmq.Socket """ authenticator = ThreadAuthenticator(self._factory.context) authenticator.start() # XXX do not hardcode this here. authenticator.allow('127.0.0.1') # tell authenticator to use the certificate in a directory public_keys_dir = os.path.join(self._config_prefix, PUBLIC_KEYS_PREFIX) authenticator.configure_curve(domain="*", location=public_keys_dir) socket.curve_server = True # must come before bind