def start(self, iface='', network=None, bootstrap=None, cb=None, name=None, nodeid=None):
if bootstrap is None:
bootstrap = []
if network is None:
network = _conf.get_in_order("dht_network_filter", "ALL")
self._network = network
self._iface = iface
self._bootstrap = bootstrap
self._cb = cb
self._name = name
self._dlist = []
self._ssdps = SSDPServiceDiscovery(iface)
self._dlist += self._ssdps.start()
domain = _conf.get("security", "security_domain_name")
is_ca=False
try:
if _conf.get("security","certificate_authority")=="True":
ca = certificate_authority.CA(domain)
#make sure private key exist
if ca.verify_private_key_exist():
is_ca = True
except:
is_ca = False
self._ssdps.update_server_params(CA_SERVICE_UUID, sign=is_ca, name=name)
cert, certstr = certificate.get_own_cert(self._name)
if not cert:
_log.debug("runtime cert not available, let's create CSR")
if is_ca:
# We are the CA, just generate CSR and sign it
csrfile = certificate.new_runtime(name, domain, nodeid=nodeid)
_log.debug("Local CA sign runtime CSR")
try:
content = open(csrfile, 'rt').read()
certpath=ca.sign_csr(csrfile)
certificate.store_own_cert(certpath=certpath)
return self._signed_cert_available()
except:
_log.exception("Failed signing with local CA")
raise
else:
# Discover the signing CA
_log.debug("No signed cert, discover CA signing CSR")
self._sde_client = sde.Client(name, nodeid,
CalvinCB(self._ssdps.start_search,
CA_SERVICE_UUID,
callback=self._signed_cert_received),
self._signed_cert_available)
else:
_log.debug("runtime cert available")
self._signed_cert_available(cert=cert, certstr=certstr)
def manage_runtime_create(args):
if args.domain:
if not args.attr:
raise Exception("No runtime attributes supplied")
if not args.domain:
raise Exception("No domain name supplied")
attr = json.loads(args.attr)
if not all (k in attr['indexed_public']['node_name'] for k in ("organization","name")):
raise Exception("please supply name and organization of runtime")
attributes=AttributeResolver(attr)
node_name=attributes.get_node_name_as_str()
nodeid = calvinuuid.uuid("NODE")
print "CSR created at:" + certificate.new_runtime(node_name, args.domain, security_dir=args.dir, nodeid=nodeid)
def generate_csr(self):
"""
Generate CSR store csr on disk at `path`.
Return path of new CSR.
Rasie CsrGenerationFailed if csr generation fails.
"""
_log.debug("client.generate_csr")
try:
csrfile = certificate.new_runtime(self.name, self.domain, nodeid=self.nodeid)
self.state = STATE.CSR_GENERATED
return csrfile
except (IOError), err:
raise CsrGenerationFailed(err)
def generate_csr(self):
"""
Generate CSR store csr on disk at `path`.
Return path of new CSR.
Rasie CsrGenerationFailed if csr generation fails.
"""
_log.debug("client.generate_csr")
try:
csrfile = certificate.new_runtime(self.name,
self.domain,
nodeid=self.nodeid)
self.state = STATE.CSR_GENERATED
return csrfile
except (IOError), err:
raise CsrGenerationFailed(err)
#!/usr/bin/python
from calvin.utilities import certificate
import os
print "Trying to create a new domain configuration."
testconfig = certificate.Config(domain="test")
# testconfig2 = certificate.Config(domain="evil")
print "Reading configuration successfull."
print "Creating new domain."
certificate.new_domain(testconfig)
# certificate.new_domain(testconfig2)
print "Created new domain."
for i in range(1, 5):
for j in range(0, 6):
name = "node{}:{}".format(i, j)
certreq = certificate.new_runtime(testconfig, name)
certificate.sign_req(testconfig, os.path.basename(certreq), name)
certreq = certificate.new_runtime(testconfig, "evil")
certificate.sign_req(testconfig, os.path.basename(certreq), "evil")
# certreq = certificate.new_runtime(testconfig, "evil2")
# certificate.sign_req(testconfig2, os.path.basename(certreq), "evil2")
homefolder = get_home()
domain = "sec-dht-security-test"
testdir = os.path.join(homefolder, ".calvin", "sec_dht_security_test")
configdir = os.path.join(testdir, domain)
runtimesdir = os.path.join(testdir, "runtimes")
runtimes_truststore = os.path.join(runtimesdir, "truststore_for_transport")
try:
shutil.rmtree(testdir)
except:
print "Failed to remove old tesdir"
pass
print "Creating new domain."
testca = CA(domain="test",
commonName="sec-dht-test-security-CA",
security_dir=testdir)
print "Created new domain."
print "Generate runtime credentials and sign their certificates"
for i in range(1, 5):
for j in range(0, 6):
name = "node{}:{}".format(i, j)
certreq = certificate.new_runtime(name, "test", security_dir=testdir)
certpath = testca.sign_csr(certreq)
certificate.store_own_cert(certpath=certpath, security_dir=testdir)
certreq = certificate.new_runtime("evil", "test", security_dir=testdir)
certpath = testca.sign_csr(certreq)
certificate.store_own_cert(certpath=certpath, security_dir=testdir)
testca.export_ca_cert(runtimes_truststore)
def start(self,
iface='',
network=None,
bootstrap=None,
cb=None,
name=None,
nodeid=None):
if bootstrap is None:
bootstrap = []
if network is None:
network = _conf.get_in_order("dht_network_filter", "ALL")
self._network = network
self._iface = iface
self._bootstrap = bootstrap
self._cb = cb
self._name = name
self._dlist = []
self._ssdps = SSDPServiceDiscovery(iface)
self._dlist += self._ssdps.start()
domain = _conf.get("security", "security_domain_name")
is_ca = False
try:
if _conf.get("security", "certificate_authority") == "True":
ca = certificate_authority.CA(domain)
#make sure private key exist
if ca.verify_private_key_exist():
is_ca = True
except:
is_ca = False
self._ssdps.update_server_params(CA_SERVICE_UUID,
sign=is_ca,
name=name)
cert, certstr = certificate.get_own_cert(self._name)
if not cert:
_log.debug("runtime cert not available, let's create CSR")
if is_ca:
# We are the CA, just generate CSR and sign it
csrfile = certificate.new_runtime(name, domain, nodeid=nodeid)
_log.debug("Local CA sign runtime CSR")
try:
content = open(csrfile, 'rt').read()
certpath = ca.sign_csr(csrfile)
certificate.store_own_cert(certpath=certpath)
return self._signed_cert_available()
except:
_log.exception("Failed signing with local CA")
raise
else:
# Discover the signing CA
_log.debug("No signed cert, discover CA signing CSR")
self._sde_client = sde.Client(
name, nodeid,
CalvinCB(self._ssdps.start_search,
CA_SERVICE_UUID,
callback=self._signed_cert_received),
self._signed_cert_available)
else:
_log.debug("runtime cert available")
self._signed_cert_available(cert=cert, certstr=certstr)
