def start(
self,
req_address: str,
sub_address: str,
client_secretkey_path: str = "",
server_publickey_path: str = "",
username: str = "",
password: str = ""
) -> None:
"""
Start RpcClient
"""
if self.__active:
return
# Start authenticator
if client_secretkey_path and server_publickey_path:
self.__authenticator = ThreadAuthenticator(self.__context)
self.__authenticator.start()
self.__authenticator.configure_curve(
domain="*",
location=zmq.auth.CURVE_ALLOW_ANY
)
publickey, secretkey = zmq.auth.load_certificate(client_secretkey_path)
serverkey, _ = zmq.auth.load_certificate(server_publickey_path)
self.__socket_sub.curve_secretkey = secretkey
self.__socket_sub.curve_publickey = publickey
self.__socket_sub.curve_serverkey = serverkey
self.__socket_req.curve_secretkey = secretkey
self.__socket_req.curve_publickey = publickey
self.__socket_req.curve_serverkey = serverkey
elif username and password:
self.__authenticator = ThreadAuthenticator(self.__context)
self.__authenticator.start()
self.__authenticator.configure_plain(
domain="*",
passwords={username: password}
)
self.__socket_sub.plain_username = username.encode()
self.__socket_sub.plain_password = password.encode()
self.__socket_req.plain_username = username.encode()
self.__socket_req.plain_password = password.encode()
# Connect zmq port
self.__socket_req.connect(req_address)
self.__socket_sub.connect(sub_address)
# Start RpcClient status
self.__active = True
# Start RpcClient thread
self.__thread = threading.Thread(target=self.run)
self.__thread.start()
self._last_received_ping = datetime.utcnow()
def run():
'''Run strawhouse client'''
allow_test_pass = False
deny_test_pass = False
ctx = zmq.Context().instance()
# Start an authenticator for this context.
auth = ThreadAuthenticator(ctx)
auth.start()
# Part 1 - demonstrate allowing clients based on IP address
auth.allow('127.0.0.1')
server = ctx.socket(zmq.PUSH)
server.zap_domain = b'global' # must come before bind
server.bind('tcp://*:9000')
client_allow = ctx.socket(zmq.PULL)
client_allow.connect('tcp://127.0.0.1:9000')
server.send(b"Hello")
msg = client_allow.recv()
if msg == b"Hello":
allow_test_pass = True
client_allow.close()
# Part 2 - demonstrate denying clients based on IP address
auth.stop()
auth = ThreadAuthenticator(ctx)
auth.start()
auth.deny('127.0.0.1')
client_deny = ctx.socket(zmq.PULL)
client_deny.connect('tcp://127.0.0.1:9000')
if server.poll(50, zmq.POLLOUT):
server.send(b"Hello")
if client_deny.poll(50):
msg = client_deny.recv()
else:
deny_test_pass = True
else:
deny_test_pass = True
client_deny.close()
auth.stop() # stop auth thread
if allow_test_pass and deny_test_pass:
logging.info("Strawhouse test OK")
else:
logging.error("Strawhouse test FAIL")
def start(
self,
rep_address: str,
pub_address: str,
server_secretkey_path: str = "",
username: str = "",
password: str = ""
) -> None:
"""
Start RpcServer
"""
if self.__active:
return
# Start authenticator
if server_secretkey_path:
self.__authenticator = ThreadAuthenticator(self.__context)
self.__authenticator.start()
self.__authenticator.configure_curve(
domain="*",
location=zmq.auth.CURVE_ALLOW_ANY
)
publickey, secretkey = zmq.auth.load_certificate(server_secretkey_path)
self.__socket_pub.curve_secretkey = secretkey
self.__socket_pub.curve_publickey = publickey
self.__socket_pub.curve_server = True
self.__socket_rep.curve_secretkey = secretkey
self.__socket_rep.curve_publickey = publickey
self.__socket_rep.curve_server = True
elif username and password:
self.__authenticator = ThreadAuthenticator(self.__context)
self.__authenticator.start()
self.__authenticator.configure_plain(
domain="*",
passwords={username: password}
)
self.__socket_pub.plain_server = True
self.__socket_rep.plain_server = True
# Bind socket address
self.__socket_rep.bind(rep_address)
self.__socket_pub.bind(pub_address)
# Start RpcServer status
self.__active = True
# Start RpcServer thread
self.__thread = threading.Thread(target=self.run)
self.__thread.start()
def __init__(self, addr, port, node_id, listener, secret_key, secure=True):
"""
Creates a new server (bound but not dispatching messages)
@param addr: IP address of this node
@param port: Port number to listen on
@param node_id: Public key (z85 encoded) of this node
@param listener: Callback object to receive handle_* function calls
"""
self.ctx = zmq.Context()
self.node = pack_node(addr, port, node_id)
self.shutdown = False
self.listener = listener
self.sock = Socket(self.ctx, zmq.ROUTER)
self.sock.identity = node_id
# self.sock.router_handover = 1 # allow peer reconnections with same id
# enable curve encryption/auth
if secure:
if not Server.auth:
Server.auth = ThreadAuthenticator()
Server.auth.start()
Server.auth.configure_curve(domain='*',
location=CURVE_ALLOW_ANY)
self.sock.curve_server = True
self.sock.curve_secretkey = z85.decode(secret_key)
self.sock.curve_publickey = z85.decode(node_id)
self.sock.bind("tcp://*:{0}".format(port))
LOGGER.info("S listening.")
def start_auth(self):
self.log.debug("starting auth thread")
self.auth = ThreadAuthenticator(self.ctx)
self.auth.start()
self.auth.allow("127.0.0.1")
self.auth.configure_curve(domain="*", location=self.keyring)
self.load_or_create_key()
def _init_zmq(self):
"""
Configure the zmq components and connection.
"""
context = zmq.Context()
socket = context.socket(zmq.REP)
if flags.ZMQ_HAS_CURVE:
# Start an authenticator for this context.
auth = ThreadAuthenticator(context)
auth.start()
# XXX do not hardcode this here.
auth.allow('127.0.0.1')
# Tell authenticator to use the certificate in a directory
auth.configure_curve(domain='*', location=zmq.auth.CURVE_ALLOW_ANY)
public, secret = get_backend_certificates()
socket.curve_publickey = public
socket.curve_secretkey = secret
socket.curve_server = True # must come before bind
socket.bind(self.BIND_ADDR)
if not flags.ZMQ_HAS_CURVE:
os.chmod(self.SOCKET_FILE, 0600)
self._zmq_socket = socket
def run():
''' Run Ironhouse example '''
# These directories are generated by the generate_certificates script
keys_dir = os.path.dirname(__file__)
ctx = zmq.Context.instance()
# Start an authenticator for this context.
auth = ThreadAuthenticator(ctx)
auth.start()
auth.allow('127.0.0.1')
# Tell authenticator to use the certificate in a directory
print(keys_dir)
#auth.configure_curve(domain='*', location=keys_dir)
auth.configure_curve(domain='*', location=".")
server_key_file = os.path.join(keys_dir, "server.key")
server_public, server_secret = zmq.auth.load_certificate(server_key_file)
server = ctx.socket(zmq.PUSH)
server.curve_secretkey = server_secret
server.curve_publickey = server_public
server.curve_server = True # must come before bind
server.bind('tcp://*:9000')
server.send(b"Hello")
# Make sure that there is time to finish the handshake
time.sleep(2)
# stop auth thread
auth.stop()
def _setup_zmq(self):
context = zmq.Context()
if "username" in self.settings and self.settings["username"]:
if "password" not in self.settings or not self.settings["password"]:
raise Exception("When username is set, password cannot be empty.")
self.auth = ThreadAuthenticator(context)
self.auth.start()
self.auth.configure_plain(domain="*", passwords={self.settings["username"]: self.settings["password"]})
else:
if self.auth:
self.auth.stop()
self.auth = None
self.socket = context.socket(zmq.PUB)
if self.settings["username"]:
self.socket.plain_server = True # must come before bind
self.socket.bind("tcp://{}:{}".format(self.settings["host"], self.settings["port"]))
self._logger.debug("ZMQ listening on tcp://{}:{}".format(self.settings["host"], self.settings["port"]))
if self._logger.isEnabledFor(logging.DEBUG):
monitor = self.socket.get_monitor_socket()
self.monitor_thread = threading.Thread(target=event_monitor, args=(monitor, self._logger))
self.monitor_thread.start()
else:
if self.monitor_thread:
self.socket.disable_monitor()
self.monitor_thread = None
def run():
''' Run Ironhouse example '''
# These directories are generated by the generate_certificates script
base_dir = os.path.dirname(__file__)
keys_dir = os.path.join(base_dir, 'certificates')
public_keys_dir = os.path.join(base_dir, 'public_keys')
secret_keys_dir = os.path.join(base_dir, 'private_keys')
if not (os.path.exists(keys_dir) and
os.path.exists(public_keys_dir) and
os.path.exists(secret_keys_dir)):
logging.critical("Certificates are missing - run generate_certificates.py script first")
sys.exit(1)
ctx = zmq.Context.instance()
# Start an authenticator for this context.
auth = ThreadAuthenticator(ctx)
auth.start()
auth.allow('127.0.0.1')
# Tell authenticator to use the certificate in a directory
auth.configure_curve(domain='*', location=public_keys_dir)
server = ctx.socket(zmq.PUSH)
server_secret_file = os.path.join(secret_keys_dir, "server.key_secret")
server_public, server_secret = zmq.auth.load_certificate(server_secret_file)
server.curve_secretkey = server_secret
server.curve_publickey = server_public
server.curve_server = True # must come before bind
server.bind('tcp://*:9000')
client = ctx.socket(zmq.PULL)
# We need two certificates, one for the client and one for
# the server. The client must know the server's public key
# to make a CURVE connection.
client_secret_file = os.path.join(secret_keys_dir, "client.key_secret")
client_public, client_secret = zmq.auth.load_certificate(client_secret_file)
client.curve_secretkey = client_secret
client.curve_publickey = client_public
server_public_file = os.path.join(public_keys_dir, "server.key")
server_public, _ = zmq.auth.load_certificate(server_public_file)
# The client must know the server's public key to make a CURVE connection.
client.curve_serverkey = server_public
client.connect('tcp://127.0.0.1:9000')
server.send(b"Hello")
if client.poll(1000):
msg = client.recv()
if msg == b"Hello":
logging.info("Ironhouse test OK")
else:
logging.error("Ironhouse test FAIL")
# stop auth thread
auth.stop()
def _init_txzmq(self):
"""
Configure the txzmq components and connection.
"""
self._zmq_factory = txzmq.ZmqFactory()
self._zmq_factory.registerForShutdown()
self._zmq_connection = txzmq.ZmqREPConnection(self._zmq_factory)
context = self._zmq_factory.context
socket = self._zmq_connection.socket
def _gotMessage(messageId, messageParts):
self._zmq_connection.reply(messageId, "OK")
self._process_request(messageParts)
self._zmq_connection.gotMessage = _gotMessage
if flags.ZMQ_HAS_CURVE:
# Start an authenticator for this context.
auth = ThreadAuthenticator(context)
auth.start()
# XXX do not hardcode this here.
auth.allow('127.0.0.1')
# Tell authenticator to use the certificate in a directory
auth.configure_curve(domain='*', location=zmq.auth.CURVE_ALLOW_ANY)
public, secret = get_backend_certificates()
socket.curve_publickey = public
socket.curve_secretkey = secret
socket.curve_server = True # must come before bind
proto, addr = self._server_address.split('://') # tcp/ipc, ip/socket
socket.bind(self._server_address)
if proto == 'ipc':
os.chmod(addr, 0600)
def initInteractions(self):
try:
self.zmqContext: zmq.Context = zmq.Context()
self.auth = ThreadAuthenticator(self.zmqContext)
self.auth.start()
self.auth.allow("192.168.0.22")
self.auth.allow(self.client_address)
self.auth.configure_curve(
domain='*', location=zmq.auth.CURVE_ALLOW_ANY
) # self.public_keys_dir ) # Use 'location=zmq.auth.CURVE_ALLOW_ANY' for stonehouse security
self.request_socket: zmq.Socket = self.zmqContext.socket(zmq.REP)
self.responder = StratusZMQResponder(
self.zmqContext,
self.response_port,
client_address=self.client_address,
certificate_path=self.cert_dir)
self.initSocket()
self.logger.info(
"@@STRATUS-APP:Listening for requests on port: {}".format(
self.request_port))
except Exception as err:
self.logger.error(
"@@STRATUS-APP: ------------------------------- StratusApp Init error: {} ------------------------------- "
.format(err))
def pyzmq_authenticator(pyzmq_context):
auth = ThreadAuthenticator(pyzmq_context)
auth.start()
auth.allow('127.0.0.1')
auth.configure_curve(domain='*', location=zmq.auth.CURVE_ALLOW_ANY)
yield
auth.stop()
def __init__(self,
zmq_rep_bind_address=None,
zmq_sub_connect_addresses=None,
recreate_sockets_on_timeout_of_sec=600,
username=None,
password=None):
self.context = zmq.Context()
self.auth = None
self.last_received_message = None
self.is_running = False
self.thread = None
self.zmq_rep_bind_address = zmq_rep_bind_address
self.zmq_sub_connect_addresses = zmq_sub_connect_addresses
self.poller = zmq.Poller()
self.sub_sockets = []
self.rep_socket = None
if username is not None and password is not None:
# Start an authenticator for this context.
# Does not work on PUB/SUB as far as I (probably because the more secure solutions
# require two way communication as well)
self.auth = ThreadAuthenticator(self.context)
self.auth.start()
# Instruct authenticator to handle PLAIN requests
self.auth.configure_plain(domain='*',
passwords={username: password})
if self.zmq_sub_connect_addresses:
for address in self.zmq_sub_connect_addresses:
self.sub_sockets.append(
SubSocket(self.context, self.poller, address,
recreate_sockets_on_timeout_of_sec))
if zmq_rep_bind_address:
self.rep_socket = RepSocket(self.context, self.poller,
zmq_rep_bind_address, self.auth)
def main():
localhost = socket_m.getfqdn()
port = "5556"
# ip = "*"
ip = socket_m.gethostbyaddr(localhost)[2][0]
context = zmq.Context()
socket = context.socket(zmq.PULL)
socket.zap_domain = b'global'
socket.bind("tcp://" + ip + ":%s" % port)
auth = ThreadAuthenticator(context)
host = localhost
# host = asap3-p00
whitelist = socket_m.gethostbyaddr(host)[2][0]
# whitelist = None
auth.start()
if whitelist is None:
auth.auth = None
else:
auth.allow(whitelist)
try:
while True:
message = socket.recv_multipart()
print("received reply ", message)
except KeyboardInterrupt:
pass
finally:
auth.stop()
def _run(self):
"""
Start a loop to process the ZMQ requests from the signaler client.
"""
logger.debug("Running SignalerQt loop")
context = zmq.Context()
socket = context.socket(zmq.REP)
# Start an authenticator for this context.
auth = ThreadAuthenticator(context)
auth.start()
auth.allow('127.0.0.1')
# Tell authenticator to use the certificate in a directory
auth.configure_curve(domain='*', location=zmq.auth.CURVE_ALLOW_ANY)
public, secret = get_frontend_certificates()
socket.curve_publickey = public
socket.curve_secretkey = secret
socket.curve_server = True # must come before bind
socket.bind(self.BIND_ADDR)
while self._do_work.is_set():
# Wait for next request from client
try:
request = socket.recv(zmq.NOBLOCK)
# logger.debug("Received request: '{0}'".format(request))
socket.send("OK")
self._process_request(request)
except zmq.ZMQError as e:
if e.errno != zmq.EAGAIN:
raise
time.sleep(0.01)
logger.debug("SignalerQt thread stopped.")
def run_server():
endpoint = 'tcp://0.0.0.0:5555'
print("endpoint: {}".format(endpoint))
srv = zerorpc.Server(Service())
ctx = zerorpc.Context.get_instance()
auth = ThreadAuthenticator(ctx)
auth.start()
auth.allow('127.0.0.1')
# Tell authenticator to use the certificate in a directory
auth.configure_curve(domain='*', location=public_keys_dir)
zmq_socket = srv._events._socket
server_secret_file = os.path.join(secret_keys_dir, "server.key_secret")
server_public, server_secret = zmq.auth.load_certificate(
server_secret_file)
if SECURE:
print("Secure transport")
zmq_socket.curve_secretkey = server_secret
zmq_socket.curve_publickey = server_public
zmq_socket.curve_server = True
srv.bind(endpoint)
srv_task = gevent.spawn(srv.run)
srv_task.join()
def __init__(self,
bind_str="tcp://127.0.0.1:5560",
parent_model=None,
layer=None,
logins=None,
viewable_layers=None):
self.context = zmq.Context.instance()
self.auth = ThreadAuthenticator(self.context)
self.auth.start()
#auth.allow('127.0.0.1')
self.auth.configure_plain(domain='*', passwords=logins)
self.socket = self.context.socket(zmq.PAIR)
self.socket.plain_server = True
self.socket.bind(bind_str)
self.parent_model = parent_model
self.curr_model = parent_model
self.viewable_layers = viewable_layers
self.config = tf.ConfigProto()
self.config.gpu_options.per_process_gpu_memory_fraction = 0.3
self.config.gpu_options.allow_growth = True
if not layer:
self.layer = 5 #len(self.parent_model.layers) - 1
else:
self.layer = layer
def __init__(self, publicPath):
self.__context = zmq.Context()
self.publicPath = publicPath
self.auth = ThreadAuthenticator(self.__context)
self.auth.start()
self.auth.configure_curve(domain='*', location=self.publicPath)
self.auth.thread.setName("CurveAuth")
def server_auth(self):
# Start an authenticator for this context
print("[#] Starting authenticator...")
self.auth = ThreadAuthenticator(self.context)
self.auth.start()
self.auth.allow(self.HOST)
# give authenticator access to approved clients' certificate directory
self.auth.configure_curve(domain='*', location=self.public_keys_dir)
def main(args):
context = zmq.Context()
socket = context.socket(zmq.PUB)
auth = ThreadAuthenticator(context)
auth.start()
auth.allow('127.0.0.1')
if args.public_key and args.private_key:
auth.configure_curve(domain='*', location=zmq.auth.CURVE_ALLOW_ANY)
server_public_file = args.public_key
server_secret_file = args.private_key
server_public, server_secret = zmq.auth.load_certificate(
server_secret_file)
socket.curve_secretkey = server_secret
socket.curve_publickey = server_public
socket.curve_server = True
socket.bind("tcp://*:%s" % args.port)
miseq_run_dir_regex = ".+/\d{6}_[A-Z0-9]{6}_\d{4}_\d{9}-[A-Z0-9]{5}$"
miseq_sample_sheet_regex = ".+/\d{6}_[A-Z0-9]{6}_\d{4}_\d{9}-[A-Z0-9]{5}/SampleSheet.csv$"
miseq_run_completion_status_regex = ".+/\d{6}_[A-Z0-9]{6}_\d{4}_\d{9}-[A-Z0-9]{5}/RunCompletionStatus.xml$"
illumina_run_dir_regexes = [
miseq_sample_sheet_regex,
miseq_run_dir_regex,
miseq_run_completion_status_regex,
]
run_dir_event_handler = RunDirEventHandler(
socket,
regexes=illumina_run_dir_regexes,
print_messages=args.print_messages)
observers = []
for path in args.path:
observer = Observer()
observer.schedule(run_dir_event_handler, path, recursive=True)
observer.start()
observers.append(observer)
heartbeat_thread = threading.Thread(
target=heartbeat,
args=([socket, args.heartbeat_interval, args.print_heartbeat]),
daemon=True)
heartbeat_thread.start()
try:
while True:
time.sleep(1)
except KeyboardInterrupt:
for observer in observers:
observer.stop()
observer.join()
auth.stop()
def __init__(self, kp, debug=False, be_ip='127.0.0.1', be_base_port=5561):
"""
Constructor, ZMQ connections are built here.
:param kp: The keypair to use, in the form {'be_key': '[path]', 'app_key': '[path]'}
"""
super(BE, self).__init__(debug=debug)
self.be_ip = be_ip
self.be_base_port = be_base_port
self.kp = kp
self.name = 'UNK_BE'
self.start_time = time.time()
self.already_shutdown = False
self.timerlist = {}
self.next_tid = 0
self.fe_info = None
self.Context = collections.namedtuple('ctx', 'ident sync message')
self.msg_in = facilities_pb2.FacMessage()
self.msg_out = facilities_pb2.FacMessage()
self.context = zmq.Context(io_threads=2)
# crypto bootstrap
auth = ThreadAuthenticator(self.context)
auth.start()
auth.configure_curve(domain='*', location=zmq.auth.CURVE_ALLOW_ANY)
pub_public, pub_secret = zmq.auth.load_certificate(kp['be_key'])
sub_public, sub_secret = zmq.auth.load_certificate(kp['app_key'])
TCP_BE_DLR = f'tcp://{self.be_ip}:{self.be_base_port+0}'
TCP_BE_SUB = f'tcp://{self.be_ip}:{self.be_base_port+1}'
# use this to receive and send messages to FEs
self.dealer_be = self.context.socket(zmq.DEALER)
# crypto start
self.dealer_be.curve_publickey = pub_public
self.dealer_be.curve_secretkey = pub_secret
self.dealer_be.curve_server = True
# crypto end
self.tprint('info', f'PXY--BE: Binding as Dealer to {TCP_BE_DLR}')
self.dealer_be.bind(TCP_BE_DLR)
# outgoing pub messages to FEs
self.pub_be = self.context.socket(zmq.PUB)
# crypto start
self.pub_be.curve_publickey = pub_public
self.pub_be.curve_secretkey = pub_secret
self.pub_be.curve_server = True
# crypto end
self.tprint('info', f'PXY--BE: Binding as Subscriber to {TCP_BE_SUB}')
self.pub_be.bind(TCP_BE_SUB)
self.poller = zmq.Poller()
self.poller.register(self.dealer_be, zmq.POLLIN)
def run():
'''Run woodhouse example'''
valid_client_test_pass = False
invalid_client_test_pass = False
ctx = zmq.Context.instance()
# Start an authenticator for this context.
auth = ThreadAuthenticator(ctx)
auth.start()
auth.allow('127.0.0.1')
# Instruct authenticator to handle PLAIN requests
auth.configure_plain(domain='*', passwords={'admin': 'secret'})
server = ctx.socket(zmq.PUSH)
server.plain_server = True # must come before bind
server.bind('tcp://*:9000')
client = ctx.socket(zmq.PULL)
client.plain_username = b'admin'
client.plain_password = b'secret'
client.connect('tcp://127.0.0.1:9000')
server.send(b"Hello")
if client.poll():
msg = client.recv()
if msg == b"Hello":
valid_client_test_pass = True
client.close()
# now use invalid credentials - expect no msg received
client2 = ctx.socket(zmq.PULL)
client2.plain_username = b'admin'
client2.plain_password = b'bogus'
client2.connect('tcp://127.0.0.1:9000')
server.send(b"World")
if client2.poll(50):
msg = client.recv()
if msg == "World":
invalid_client_test_pass = False
else:
# no message is expected
invalid_client_test_pass = True
# stop auth thread
auth.stop()
if valid_client_test_pass and invalid_client_test_pass:
logging.info("Woodhouse test OK")
else:
logging.error("Woodhouse test FAIL")
def make_authenticator(context):
auth = ThreadAuthenticator(context)
auth.start()
# Note: by omitting auth.allow(ip) we're allowing connection from any IP
auth.configure_curve(
domain='*',
# CURVE_ALLOW_ANY: allow all client keys without checking
location=zmq.auth.CURVE_ALLOW_ANY)
return auth
def _init_auth(ctx, only_localhost, config: Configuration):
auth = ThreadAuthenticator(ctx)
auth.start()
if only_localhost:
auth.allow('127.0.0.1')
else:
auth.allow('*')
auth.configure_curve(domain='*', location=config.zmq_public_keys_dir())
def init(self):
srv = zerorpc.Server(self.methods)
ctx = zerorpc.Context.get_instance()
auth = ThreadAuthenticator(ctx)
auth.start()
auth.allow(*self.whitelist)
auth.configure_curve(domain='*', location=self.public_keys_dir)
zmq_socket = srv._events._socket
zmq_socket.curve_secretkey = self.server_secret
zmq_socket.curve_publickey = self.server_public
zmq_socket.curve_server = True
return srv
def setup(self):
"""Creates a :attr:`context` and an event :attr:`loop` for the process."""
ctx = self.context = zmq.Context()
auth = self.auth_thread = ThreadAuthenticator(ctx)
auth.start()
if self.clients:
auth.allow(*self.clients) # pylint: disable=not-an-iterable
if self.passwords:
auth.configure_plain(domain='*', passwords=self.passwords)
self.loop = ioloop.IOLoop.current()
self.rep_stream, _ = self.stream(self.socket_type, self.bind_addr, bind=True)
self.init_stream()
def main():
auth = ThreadAuthenticator(zmq.Context.instance())
auth.start()
auth.allow('127.0.0.1')
# Tell the authenticator how to handle CURVE requests
auth.configure_curve(domain='*', location=zmq.auth.CURVE_ALLOW_ANY)
key = Key.load('example/broker.key_secret')
broker = SecureMajorDomoBroker(key, sys.argv[1])
try:
broker.serve_forever()
except KeyboardInterrupt:
auth.stop()
raise
def _setup_auth(self, auth_whitelist: list, loop):
if loop is None:
self.auth = ThreadAuthenticator(self.context)
else:
self.auth = IOLoopAuthenticator(self.context, io_loop=loop)
# allow all local host
self.logger.debug('Auth whitelist %s', auth_whitelist)
if auth_whitelist is not None:
self.auth.allow(auth_whitelist)
self._base_filepath = get_certificate_filepath()
public_key_location = path.join(self._base_filepath, 'public_keys')
self.auth.configure_curve(domain='*', location=public_key_location)
self.auth.start()
def __init__(self, settings):
self.redis = RedisScraper(settings)
self.id = settings.getKey("box_id")
self.log = logging.getLogger('ZMQ')
self.clientPath = settings.getKey("zmq.private_cert")
self.serverPath = settings.getKey("zmq.server_cert")
if not self.clientPath or not self.serverPath:
self.log.fatal(
"zmq certificates not configured in the settings file")
os._exit(1)
self.host = settings.getKey("zmq.acq_host")
self.ctx = zmq.Context()
self.auth = ThreadAuthenticator(self.ctx)
self.auth.start()
#self.auth.allow('127.0.0.1')
self.auth.configure_curve(domain='*',
location=zmq.auth.CURVE_ALLOW_ANY)
self.client = self.ctx.socket(zmq.REP)
try:
client_public, client_secret = zmq.auth.load_certificate(
self.clientPath)
self.client.curve_secretkey = client_secret
self.client.curve_publickey = client_public
server_public, _ = zmq.auth.load_certificate(self.serverPath)
self.client.curve_serverkey = server_public
self.client.connect(self.host)
except IOError:
self.log.fatal("Could not load client certificate")
os._exit(1)
except ValueError:
self.log.fatal("Could not load client certificate")
os._exit(1)
self.log.info("ZMQ connected to " + self.host + " using certs " +
self.clientPath)
self.running = False
self.handlers = {
opq_pb2.RequestDataMessage.PING: self.ping,
opq_pb2.RequestDataMessage.READ: self.read
}
def _start_thread_auth(self, socket):
"""
Start the zmq curve thread authenticator.
:param socket: The socket in which to configure the authenticator.
:type socket: zmq.Socket
"""
authenticator = ThreadAuthenticator(self._factory.context)
authenticator.start()
# XXX do not hardcode this here.
authenticator.allow('127.0.0.1')
# tell authenticator to use the certificate in a directory
public_keys_dir = os.path.join(self._config_prefix, PUBLIC_KEYS_PREFIX)
authenticator.configure_curve(domain="*", location=public_keys_dir)
socket.curve_server = True # must come before bind
