def secure_setup(self): # TODO: handle errors (sock_pub, sock_priv) = load_certificate(self.secure_setup["self"]) (server_public, _) = load_certificate(self.secure_setup["server"]) self.sock.curve_publickey = sock_pub self.sock.curve_secretkey = sock_priv self.sock.curve_serverkey = server_public
def __init__(self, cache): """Initialize a LoadBalancer object, which manages workflow execution. Args: cache (Cache): The Cache object """ server_secret_file = os.path.join( walkoff.config.Config.ZMQ_PRIVATE_KEYS_PATH, "server.key_secret") server_public, server_secret = auth.load_certificate( server_secret_file) client_secret_file = os.path.join( walkoff.config.Config.ZMQ_PRIVATE_KEYS_PATH, "client.key_secret") _, client_secret = auth.load_certificate(client_secret_file) self.comm_socket = zmq.Context.instance().socket(zmq.PUB) self.comm_socket.curve_secretkey = server_secret self.comm_socket.curve_publickey = server_public self.comm_socket.curve_server = True self.comm_socket.bind(walkoff.config.Config.ZMQ_COMMUNICATION_ADDRESS) self.cache = cache key = PrivateKey( server_secret[:nacl.bindings.crypto_box_SECRETKEYBYTES]) worker_key = PrivateKey( client_secret[:nacl.bindings.crypto_box_SECRETKEYBYTES]).public_key self.box = Box(key, worker_key)
def setUpClass(cls): Config.load_env_vars() Config.read_and_set_zmq_keys() server_secret_file = os.path.join(Config.ZMQ_PRIVATE_KEYS_PATH, "server.key_secret") cls.server_public, cls.server_secret = auth.load_certificate(server_secret_file) client_secret_file = os.path.join(Config.ZMQ_PRIVATE_KEYS_PATH, "client.key_secret") cls.client_public, cls.client_secret = auth.load_certificate(client_secret_file)
def __init__(self, id_, worker_environment_setup=None): """Initialize a Workflow object, which will be executing workflows. Args: id_ (str): The ID of the worker. Needed for ZMQ socket communication. worker_environment_setup (func, optional): Function to setup globals in the worker. """ signal.signal(signal.SIGINT, self.exit_handler) signal.signal(signal.SIGABRT, self.exit_handler) def handle_data_sent(sender, **kwargs): self.on_data_sent(sender, **kwargs) self.handle_data_sent = handle_data_sent callbacks.data_sent.connect(handle_data_sent) self.thread_exit = False self.workflow = None server_secret_file = os.path.join( core.config.paths.zmq_private_keys_path, "server.key_secret") server_public, server_secret = auth.load_certificate( server_secret_file) client_secret_file = os.path.join( core.config.paths.zmq_private_keys_path, "client.key_secret") client_public, client_secret = auth.load_certificate( client_secret_file) self.ctx = zmq.Context() self.request_sock = self.ctx.socket(zmq.REQ) self.request_sock.identity = u"Worker-{}".format(id_).encode("ascii") self.request_sock.curve_secretkey = client_secret self.request_sock.curve_publickey = client_public self.request_sock.curve_serverkey = server_public self.request_sock.connect(REQUESTS_ADDR) self.comm_sock = self.ctx.socket(zmq.REQ) self.comm_sock.identity = u"Worker-{}".format(id_).encode("ascii") self.comm_sock.curve_secretkey = client_secret self.comm_sock.curve_publickey = client_public self.comm_sock.curve_serverkey = server_public self.comm_sock.connect(COMM_ADDR) self.results_sock = self.ctx.socket(zmq.PUSH) self.results_sock.identity = u"Worker-{}".format(id_).encode("ascii") self.results_sock.curve_secretkey = client_secret self.results_sock.curve_publickey = client_public self.results_sock.curve_serverkey = server_public self.results_sock.connect(RESULTS_ADDR) if worker_environment_setup: worker_environment_setup() else: core.config.config.initialize() self.comm_thread = threading.Thread(target=self.receive_data) self.comm_thread.start() self.execute_workflow_worker()
def secure_setup(self): # Load certificates # TODO: handle errors sock_pub, sock_priv = load_certificate(self.secure_config["self"]) server_public, _ = load_certificate(self.secure_config["server"]) self.sock.curve_publickey = sock_pub self.sock.curve_secretkey = sock_priv self.sock.curve_serverkey = server_public
def read_and_set_zmq_keys(cls): server_private_file = os.path.join(cls.ZMQ_PRIVATE_KEYS_PATH, "server.key_secret") cls.SERVER_PUBLIC_KEY, cls.SERVER_PRIVATE_KEY = auth.load_certificate( server_private_file) client_private_file = os.path.join(cls.ZMQ_PRIVATE_KEYS_PATH, "client.key_secret") cls.CLIENT_PUBLIC_KEY, cls.CLIENT_PRIVATE_KEY = auth.load_certificate( client_private_file)
def setUpClass(cls): server_secret_file = os.path.join(Config.ZMQ_PRIVATE_KEYS_PATH, "server.key_secret") cls.server_public, cls.server_secret = auth.load_certificate( server_secret_file) client_secret_file = os.path.join(Config.ZMQ_PRIVATE_KEYS_PATH, "client.key_secret") cls.client_public, cls.client_secret = auth.load_certificate( client_secret_file)
def setUpClass(cls): initialize_test_config() server_secret_file = os.path.join(walkoff.config.Config.ZMQ_PRIVATE_KEYS_PATH, "server.key_secret") server_public, server_secret = auth.load_certificate(server_secret_file) client_secret_file = os.path.join(walkoff.config.Config.ZMQ_PRIVATE_KEYS_PATH, "client.key_secret") client_public, client_secret = auth.load_certificate(client_secret_file) cls.key = PrivateKey(client_secret[:nacl.bindings.crypto_box_SECRETKEYBYTES]) cls.server_key = PrivateKey(server_secret[:nacl.bindings.crypto_box_SECRETKEYBYTES]).public_key cls.box = Box(cls.key, cls.server_key)
def setUpClass(cls): Config.load_env_vars() Config.read_and_set_zmq_keys() server_secret_file = os.path.join(Config.ZMQ_PRIVATE_KEYS_PATH, "server.key_secret") cls.server_public, cls.server_secret = auth.load_certificate( server_secret_file) client_secret_file = os.path.join(Config.ZMQ_PRIVATE_KEYS_PATH, "client.key_secret") cls.client_public, cls.client_secret = auth.load_certificate( client_secret_file)
def __init__(self, ctx): """Initialize a LoadBalancer object, which manages workflow execution. Args: ctx (Context object): A Context object, shared with the Receiver thread. """ self.available_workers = [] self.workflow_comms = {} self.thread_exit = False self.pending_workflows = Queue() self.ctx = ctx server_secret_file = os.path.join( core.config.paths.zmq_private_keys_path, "server.key_secret") server_public, server_secret = auth.load_certificate( server_secret_file) self.request_socket = self.ctx.socket(zmq.ROUTER) self.request_socket.curve_secretkey = server_secret self.request_socket.curve_publickey = server_public self.request_socket.curve_server = True self.request_socket.bind(REQUESTS_ADDR) self.comm_socket = self.ctx.socket(zmq.ROUTER) self.comm_socket.curve_secretkey = server_secret self.comm_socket.curve_publickey = server_public self.comm_socket.curve_server = True self.comm_socket.bind(COMM_ADDR) gevent.sleep(2)
def _connect(self): """Establishes connection to the broker. Connections to the broker use ZMQ PUSH sockets. The client will receive no return message from the broker. """ self._client = self._context.socket(self._zmq.PUSH) if self._client_secret_key and self._broker_public_key: from zmq.auth import load_certificate (client_public, client_secret) = load_certificate(self._client_secret_key) self._client.curve_secretkey = client_secret self._client.curve_publickey = client_public (server_public, _) = load_certificate(self._broker_public_key) self._client.curve_serverkey = server_public self._client.connect(self._broker) self._poll.register(self._client, self._zmq.POLLIN)
def __init__(self, name, field_type, value): self.name = name self.type = field_type if field_type in allowed_device_field_types else 'string' server_secret_file = os.path.join( walkoff.config.Config.ZMQ_PRIVATE_KEYS_PATH, "server.key_secret") _, server_secret = auth.load_certificate(server_secret_file) self.__key = server_secret[:nacl.secret.SecretBox.KEY_SIZE] self.__box = nacl.secret.SecretBox(self.__key) self._value = self.__box.encrypt(str(value).encode('utf-8'))
def get_public_key(self): """ Gets the public key for this machine. Meant to transfer to remote user to initiate transfer """ public_key_path = os.path.join(PUBKEYS, "tx.key") if os.path.exists(public_key_path): tx_public, _ = auth.load_certificate(public_key_path) return tx_public else: raise FileNotFoundError( "Failed to find public key for this system. Consider running main._generate_security_keys( )" )
def configure_socket(self, socket, keyfile: str, keypath: str = PRIVKEYS, public_key_path: str = None): """ Takes the given socket and configures it to use the public-private keypair defined in the key_file Arguments: socket: ZMQ Socket Object to configure keyfile: Key file to load public-private keypair for keypath: Path to Key File. If not specified a default is used public_key (optional): Public key for receivers connecting to remote systems Returns: socket: Configured socket with end to end elliptic curve encryption """ private_file = os.path.join(keypath, keyfile) public_key, private_key = auth.load_certificate(private_file) socket.curve_secretkey = private_key socket.curve_publickey = public_key if socket.socket_type in [zmq.DEALER, zmq.SUB]: # Checks if key path is actually a path. Otherwise assume a string # representation of the key was given and needs to be encoded if os.path.exists(public_key_path): tx_public, _ = auth.load_certificate(public_key_path) else: tx_public = bytes(public_key_path, "UTF-8") socket.curve_serverkey = tx_public elif socket.socket_type in [zmq.ROUTER, zmq.PUB]: socket.curve_server = True else: raise TypeError(f"Socket type {socket_type} is not supported") return socket
def __init__(self, ctx): """Initialize a LoadBalancer object, which manages workflow execution. Args: ctx (Context object): A Context object, shared with the Receiver thread. """ self.workers = {} self.workflow_comms = {} self.thread_exit = False self.pending_workflows = Queue() @WalkoffEvent.WorkflowShutdown.connect def handle_workflow_shutdown(sender, **kwargs): self.on_worker_available(sender, **kwargs) self.handle_workflow_shutdown = handle_workflow_shutdown @WalkoffEvent.TriggerActionAwaitingData.connect def handle_workflow_awaiting_data(sender, **kwargs): self.on_worker_available(sender, **kwargs) self.handle_workflow_awaiting_data = handle_workflow_awaiting_data @WalkoffEvent.WorkflowPaused.connect def handle_workflow_paused(sender, **kwargs): self.on_worker_available(sender, **kwargs) self.handle_workflow_paused = handle_workflow_paused self.ctx = ctx server_secret_file = os.path.join( walkoff.config.paths.zmq_private_keys_path, "server.key_secret") server_public, server_secret = auth.load_certificate( server_secret_file) self.request_socket = self.ctx.socket(zmq.ROUTER) self.request_socket.curve_secretkey = server_secret self.request_socket.curve_publickey = server_public self.request_socket.curve_server = True self.request_socket.bind(walkoff.config.config.zmq_requests_address) self.comm_socket = self.ctx.socket(zmq.ROUTER) self.comm_socket.curve_secretkey = server_secret self.comm_socket.curve_publickey = server_public self.comm_socket.curve_server = True self.comm_socket.bind(walkoff.config.config.zmq_communication_address)
def secure_setup(self): # Load certificates # TODO: handle errors self.auth = ThreadAuthenticator(self.context) self.auth.start() self.LOG.debug("Server keys in %s", self.secure_config["self"]) sock_pub, sock_priv = load_certificate(self.secure_config["self"]) if self.secure_config.get("clients", None) is not None: self.LOG.debug("Client certificates in %s", self.secure_config["clients"]) self.auth.configure_curve( domain="*", location=self.secure_config["clients"] ) else: self.LOG.debug("Every clients can connect") self.auth.configure_curve(domain="*", location=zmq.auth.CURVE_ALLOW_ANY) # Setup the socket self.sock.curve_publickey = sock_pub self.sock.curve_secretkey = sock_priv self.sock.curve_server = True
def load_cert_file(path, logger=None): """Loads a certificate file from the given location. Notes: - Exits with an error if zmq.auth.load_certificate raised an IOError (e.g. file not found) """ from zmq.auth import load_certificate from os.path import abspath keyfile = abspath(path) try: return load_certificate(keyfile) except OSError as message: if logger: logger.error(message) exit_error()
def __init__(self, current_app): """Initialize a Receiver object, which will receive callbacks from the ExecutionElements. Args: current_app (Flask.App): The current Flask app """ ctx = zmq.Context.instance() self.thread_exit = False self.workflows_executed = 0 server_secret_file = os.path.join(walkoff.config.Config.ZMQ_PRIVATE_KEYS_PATH, "server.key_secret") server_public, server_secret = auth.load_certificate(server_secret_file) self.results_sock = ctx.socket(zmq.PULL) self.results_sock.curve_secretkey = server_secret self.results_sock.curve_publickey = server_public self.results_sock.curve_server = True self.results_sock.bind(walkoff.config.Config.ZMQ_RESULTS_ADDRESS) self.current_app = current_app
def __init__(self, ctx): """Initialize a Receiver object, which will receive callbacks from the execution elements. Args: ctx (Context object): A Context object, shared with the LoadBalancer thread. """ self.thread_exit = False self.workflows_executed = 0 server_secret_file = os.path.join( core.config.paths.zmq_private_keys_path, "server.key_secret") server_public, server_secret = auth.load_certificate( server_secret_file) self.ctx = ctx self.results_sock = self.ctx.socket(zmq.PULL) self.results_sock.curve_secretkey = server_secret self.results_sock.curve_publickey = server_public self.results_sock.curve_server = True self.results_sock.bind(RESULTS_ADDR)
def setup_zmq(self): """Establishes ZMQ sockets and pollers. This method creates ZMQ sockets for clients and workers to connect to and creates ZMQ pollers for the broker to read client and worker messages on. The client socket uses PUSH/PULL for uni-directional communication and the worker socket uses ROUTER/DEALER for bi-directional communication. Curve encryption and authentication is enabled here. """ context = zmq.Context() if self.broker_secret_key and self.client_public_keys: self.curve_authenticator = thread.ThreadAuthenticator(context) self.curve_authenticator.start() self.curve_authenticator.configure_curve( domain="*", location=self.client_public_keys) self.task_socket = context.socket(zmq.ROUTER) self.task_socket.identity = b"broker_self.task_socket" self.task_socket.bind(f"tcp://*:{self.task_port}") self.worker_poller = zmq.Poller() self.worker_poller.register(self.task_socket, zmq.POLLIN) self.request_socket = context.socket(zmq.PULL) self.request_socket.identity = b"broker_self.request_socket" if self.curve_authenticator is not None: (server_public, server_secret) = auth.load_certificate(self.broker_secret_key) self.request_socket.curve_secretkey = server_secret self.request_socket.curve_publickey = server_public self.request_socket.curve_server = True # must come before bind logging.info(f"{self.name}: Curve enabled") self.request_socket.bind(f"tcp://*:{self.request_port}") self.client_worker_poller = zmq.Poller() self.client_worker_poller.register(self.request_socket, zmq.POLLIN) self.client_worker_poller.register(self.task_socket, zmq.POLLIN)
def read_and_set_zmq_keys(cls): server_private_file = os.path.join(cls.ZMQ_PRIVATE_KEYS_PATH, "server.key_secret") cls.SERVER_PUBLIC_KEY, cls.SERVER_PRIVATE_KEY = auth.load_certificate(server_private_file) client_private_file = os.path.join(cls.ZMQ_PRIVATE_KEYS_PATH, "client.key_secret") cls.CLIENT_PUBLIC_KEY, cls.CLIENT_PRIVATE_KEY = auth.load_certificate(client_private_file)
def init_on_load(self): server_secret_file = os.path.join( walkoff.config.Config.ZMQ_PRIVATE_KEYS_PATH, "server.key_secret") _, server_secret = auth.load_certificate(server_secret_file) self.__key = server_secret[:nacl.secret.SecretBox.KEY_SIZE] self.__box = nacl.secret.SecretBox(self.__key)
def __init__(self, id_, config_path): """Initialize a Workfer object, which will be managing the execution of Workflows Args: id_ (str): The ID of the worker config_path (str): The path to the configuration file to be loaded """ logger.info('Spawning worker {}'.format(id_)) self.id_ = id_ self._lock = Lock() signal.signal(signal.SIGINT, self.exit_handler) signal.signal(signal.SIGABRT, self.exit_handler) if os.name == 'nt': walkoff.config.initialize(config_path=config_path) else: walkoff.config.Config.load_config(config_path) self.execution_db = ExecutionDatabase( walkoff.config.Config.EXECUTION_DB_TYPE, walkoff.config.Config.EXECUTION_DB_PATH) self.case_db = CaseDatabase(walkoff.config.Config.CASE_DB_TYPE, walkoff.config.Config.CASE_DB_PATH) @WalkoffEvent.CommonWorkflowSignal.connect def handle_data_sent(sender, **kwargs): self.on_data_sent(sender, **kwargs) self.handle_data_sent = handle_data_sent self.thread_exit = False server_secret_file = os.path.join( walkoff.config.Config.ZMQ_PRIVATE_KEYS_PATH, "server.key_secret") server_public, server_secret = auth.load_certificate( server_secret_file) client_secret_file = os.path.join( walkoff.config.Config.ZMQ_PRIVATE_KEYS_PATH, "client.key_secret") client_public, client_secret = auth.load_certificate( client_secret_file) socket_id = u"Worker-{}".format(id_).encode("ascii") key = PrivateKey( client_secret[:nacl.bindings.crypto_box_SECRETKEYBYTES]) server_key = PrivateKey( server_secret[:nacl.bindings.crypto_box_SECRETKEYBYTES]).public_key self.cache = walkoff.cache.make_cache(walkoff.config.Config.CACHE) self.capacity = walkoff.config.Config.NUMBER_THREADS_PER_PROCESS self.subscription_cache = SubscriptionCache() case_logger = CaseLogger(self.case_db, self.subscription_cache) self.workflow_receiver = WorkflowReceiver(key, server_key, walkoff.config.Config.CACHE) self.workflow_results_sender = WorkflowResultsHandler( socket_id, client_secret, client_public, server_public, walkoff.config.Config.ZMQ_RESULTS_ADDRESS, self.execution_db, case_logger) self.workflow_communication_receiver = WorkflowCommunicationReceiver( socket_id, client_secret, client_public, server_public, walkoff.config.Config.ZMQ_COMMUNICATION_ADDRESS) self.comm_thread = threading.Thread(target=self.receive_communications) self.comm_thread.start() self.workflows = {} self.threadpool = ThreadPoolExecutor(max_workers=self.capacity) self.receive_workflows()
def __init__(self, id_, worker_environment_setup=None): """Initialize a Workflow object, which will be executing workflows. Args: id_ (str): The ID of the worker. Needed for ZMQ socket communication. worker_environment_setup (func, optional): Function to setup globals in the worker. """ self.id_ = id_ signal.signal(signal.SIGINT, self.exit_handler) signal.signal(signal.SIGABRT, self.exit_handler) @WalkoffEvent.CommonWorkflowSignal.connect def handle_data_sent(sender, **kwargs): self.on_data_sent(sender, **kwargs) self.handle_data_sent = handle_data_sent self.thread_exit = False server_secret_file = os.path.join(walkoff.config.paths.zmq_private_keys_path, "server.key_secret") server_public, server_secret = auth.load_certificate(server_secret_file) client_secret_file = os.path.join(walkoff.config.paths.zmq_private_keys_path, "client.key_secret") client_public, client_secret = auth.load_certificate(client_secret_file) self.ctx = zmq.Context() self.request_sock = self.ctx.socket(zmq.DEALER) self.request_sock.setsockopt(zmq.IDENTITY, str.encode("Worker-{}".format(id_))) self.request_sock.curve_secretkey = client_secret self.request_sock.curve_publickey = client_public self.request_sock.curve_serverkey = server_public self.request_sock.connect(walkoff.config.config.zmq_requests_address) self.comm_sock = self.ctx.socket(zmq.DEALER) self.comm_sock.identity = u"Worker-{}".format(id_).encode("ascii") self.comm_sock.curve_secretkey = client_secret self.comm_sock.curve_publickey = client_public self.comm_sock.curve_serverkey = server_public self.comm_sock.connect(walkoff.config.config.zmq_communication_address) self.results_sock = self.ctx.socket(zmq.PUSH) self.results_sock.identity = u"Worker-{}".format(id_).encode("ascii") self.results_sock.curve_secretkey = client_secret self.results_sock.curve_publickey = client_public self.results_sock.curve_serverkey = server_public self.results_sock.connect(walkoff.config.config.zmq_results_address) if worker_environment_setup: worker_environment_setup() else: walkoff.config.config.initialize() self.comm_thread = threading.Thread(target=self.receive_data) self.comm_thread.start() self.workflows = {} self.threadpool = ThreadPoolExecutor(max_workers=walkoff.config.config.num_threads_per_process) self.receive_requests()
def test_encryption(tmpdir): # Create the tmp names conf_filename = str(tmpdir.join("conf.yaml")) pull_url = tmpdir.join("input.pull.socket") pull_cert_dir = tmpdir.mkdir("input.pull") pull_clients_cert_dir = pull_cert_dir.mkdir("clients") sub_url = tmpdir.join("input.sub.socket") sub_cert_dir = tmpdir.mkdir("input.sub") push_url = tmpdir.join("output.push.socket") inbound = tmpdir.join("inbound") outbound = tmpdir.join("outbound") stdout = tmpdir.join("stdout") stderr = tmpdir.join("stderr") # Create the certificates create_certificates(str(pull_cert_dir), "pull") create_certificates(str(pull_clients_cert_dir), "client1") create_certificates(str(pull_clients_cert_dir), "client2") create_certificates(str(sub_cert_dir), "sub") create_certificates(str(sub_cert_dir), "sub-server") with open(conf_filename, "w") as f: f.write("inputs:\n") f.write("- class: ZMQPull\n") f.write(" name: in-pull\n") f.write(" options:\n") f.write(" url: ipc://%s\n" % pull_url) f.write(" encryption:\n") f.write(" self: %s\n" % pull_cert_dir.join("pull.key_secret")) f.write(" clients: %s\n" % pull_clients_cert_dir) f.write("- class: ZMQSub\n") f.write(" name: in-sub\n") f.write(" options:\n") f.write(" url: ipc://%s\n" % sub_url) f.write(" encryption:\n") f.write(" self: %s\n" % sub_cert_dir.join("sub.key_secret")) f.write(" server: %s\n" % sub_cert_dir.join("sub-server.key")) f.write("core:\n") f.write(" inbound: ipc://%s\n" % inbound) f.write(" outbound: ipc://%s\n" % outbound) f.write("outputs:\n") f.write("- class: ZMQPush\n") f.write(" name: out-push\n") f.write(" options:\n") f.write(" url: ipc://%s\n" % push_url) args = [ "python3", "-m", "reactobus", "--conf", conf_filename, "--level", "DEBUG", "--log-file", "-", ] proc = subprocess.Popen(args, stdout=open(str(stdout), "w"), stderr=open(str(stderr), "w")) # Create the input sockets ctx = zmq.Context.instance() in_sock = ctx.socket(zmq.PUSH) (server_public, _) = load_certificate(str(pull_cert_dir.join("pull.key"))) in_sock.curve_serverkey = server_public (client_public, client_private) = load_certificate( str(pull_clients_cert_dir.join("client1.key_secret"))) in_sock.curve_publickey = client_public in_sock.curve_secretkey = client_private in_sock.connect("ipc://%s" % pull_url) out_sock = ctx.socket(zmq.PULL) out_sock.bind("ipc://%s" % push_url) pub_sock = ctx.socket(zmq.PUB) auth = ThreadAuthenticator(ctx) auth.start() auth.configure_curve(domain="*", location=str(sub_cert_dir)) (server_public, server_secret) = load_certificate( str(sub_cert_dir.join("sub-server.key_secret"))) pub_sock.curve_publickey = server_public pub_sock.curve_secretkey = server_secret pub_sock.curve_server = True pub_sock.bind("ipc://%s" % sub_url) # Allow the process sometime to setup and connect time.sleep(1) # Send some data data = [ b"org.videolan.git", b(str(uuid.uuid1())), b(datetime.datetime.utcnow().isoformat()), b("videolan-git"), b( json.dumps({ "url": "https://code.videolan.org/éêï", "username": "******" })), ] in_sock.send_multipart(data) msg = out_sock.recv_multipart() assert msg == data data = [ b"org.videolan.git", b(str(uuid.uuid1())), b(datetime.datetime.utcnow().isoformat()), b("videolan-git"), b( json.dumps({ "url": "https://code.videolan.org/éêï", "username": "******" })), ] pub_sock.send_multipart(data) msg = out_sock.recv_multipart() assert msg == data # End the process proc.terminate() proc.wait()
return False print 'From this client, saw %r' % i_saw print 'Other clients saw %r' % they_saw percent_match = 0 if i_saw in they_saw: percent_match = float(they_saw[i_saw]) / sum(they_saw.values()) if percent_match >= min_match_percent: print 'I WOULD trust this connection' else: print 'I would NOT trust this connection' def do_stop(self, line): self.client.stop() def do_start(self, line): self.client.start() def do_EOF(self, line): return True if __name__ == '__main__': client = PanoramaClient('tcp://127.0.0.1:12345', auth.load_certificate('server.key')[0], 'client') client.start() ClientOptions(client).cmdloop()
def _socket_bind(self, socket_type, connection, port, poller_type=None): """Return a socket object which has been bound to a given address. When the socket_type is not PUB or PUSH, the bound socket will also be registered with self.poller as defined within the Interface class. :param socket_type: Set the Socket type, typically defined using a ZeroMQ constant. :type socket_type: Integer :param connection: Set the Address information used for the bound socket. :type connection: String :param port: Define the port which the socket will be bound to. :type port: Integer :param poller_type: Set the Socket type, typically defined using a ZeroMQ constant. :type poller_type: Integer :returns: Object """ if poller_type is None: poller_type = zmq.POLLIN bind = self._socket_context(socket_type=socket_type) auth_enabled = (self.args.zmq_shared_key or self.args.zmq_curve_encryption) if auth_enabled: self.auth = ThreadAuthenticator(self.ctx, log=self.log) self.auth.start() self.auth.allow() if self.args.zmq_shared_key: # Enables basic auth self.auth.configure_plain( domain="*", passwords={"admin": self.args.zmq_shared_key}) bind.plain_server = True # Enable shared key authentication self.log.info("Shared key authentication enabled.") elif self.args.zmq_curve_encryption: server_secret_file = os.path.join(self.secret_keys_dir, "server.key_secret") for item in [ self.public_keys_dir, self.secret_keys_dir, server_secret_file, ]: if not os.path.exists(item): raise SystemExit( "The required path [ {} ] does not exist. Have" " you generated your keys?".format(item)) self.auth.configure_curve(domain="*", location=self.public_keys_dir) try: server_public, server_secret = zmq_auth.load_certificate( server_secret_file) except OSError as e: self.log.error( "Failed to load certificates: %s, Configuration: %s", str(e), vars(self.args), ) raise SystemExit("Failed to load certificates") else: bind.curve_secretkey = server_secret bind.curve_publickey = server_public bind.curve_server = True # Enable curve authentication bind.bind("{connection}:{port}".format( connection=connection, port=port, )) if socket_type not in [zmq.PUB]: self.poller.register(bind, poller_type) return bind
def _socket_connect(self, socket_type, connection, port, poller_type=None): """Return a socket object which has been bound to a given address. > A connection back to the server will wait 10 seconds for an ack before going into a retry loop. This is done to forcefully cycle the connection object to reset. :param socket_type: Set the Socket type, typically defined using a ZeroMQ constant. :type socket_type: Integer :param connection: Set the Address information used for the bound socket. :type connection: String :param port: Define the port which the socket will be bound to. :type port: Integer :param poller_type: Set the Socket type, typically defined using a ZeroMQ constant. :type poller_type: Integer :returns: Object """ if poller_type is None: poller_type = zmq.POLLIN bind = self._socket_context(socket_type=socket_type) if self.args.zmq_shared_key: bind.plain_username = b"admin" # User is hard coded. bind.plain_password = self.args.zmq_shared_key.encode() self.log.info("Shared key authentication enabled.") elif self.args.zmq_curve_encryption: client_secret_file = os.path.join(self.secret_keys_dir, "client.key_secret") server_public_file = os.path.join(self.public_keys_dir, "server.key") for item in [ self.public_keys_dir, self.secret_keys_dir, client_secret_file, server_public_file, ]: if not os.path.exists(item): raise SystemExit( "The required path [ {} ] does not exist. Have" " you generated your keys?".format(item)) try: client_public, client_secret = zmq_auth.load_certificate( client_secret_file) server_public, _ = zmq_auth.load_certificate( server_public_file) except OSError as e: self.log.error( "Error while loading certificates: %s. Configuration: %s", str(e), vars(self.args), ) raise SystemExit("Failed to load keys.") else: bind.curve_secretkey = client_secret bind.curve_publickey = client_public bind.curve_serverkey = server_public if socket_type == zmq.SUB: bind.setsockopt_string(zmq.SUBSCRIBE, self.identity) else: bind.setsockopt_string(zmq.IDENTITY, self.identity) self.poller.register(bind, poller_type) bind.connect("{connection}:{port}".format( connection=connection, port=port, )) self.log.info("Socket connected to [ %s ].", connection) return bind