def _create_trc(self, isd):
quorum_trc = min(self.core_count[isd], MAX_QUORUM_TRC)
self.trcs[isd] = TRC.from_values(isd, "ISD %s" % isd,
INITIAL_TRC_VERSION, {}, {}, {},
THRESHOLD_EEPKI, {}, quorum_trc,
MAX_QUORUM_CAS, INITIAL_GRACE_PERIOD,
False, {}, DEFAULT_TRC_VALIDITY)
def generate_trc(isd):
"""
Create or update the TRC for the given ISD.
Returns the TRC as a dict and a dict containing the private keys needed to sign the next
TRC version.
:param ISD isd:
:returns: (dict, dict) TRC, trc_priv_keys
"""
if isd.trc:
version = isd.trc['Version'] + 1
else:
version = 1
core_ases = list(isd.ases.filter(is_core=True))
core_ases_keys = {
as_.isd_as_str(): {
ONLINE_KEY_STRING: as_.core_online_pub_key,
ONLINE_KEY_ALG_STRING: KEYGEN_ALG,
OFFLINE_KEY_STRING: as_.core_offline_pub_key,
OFFLINE_KEY_ALG_STRING: KEYGEN_ALG
}
for as_ in core_ases
}
trc = TRC.from_values(isd=isd.isd_id,
description=str(isd),
version=version,
core_ases=core_ases_keys,
root_cas={},
cert_logs={},
threshold_eepki=0,
rains={},
quorum_trc=len(core_ases),
quorum_cas=0,
grace_period=0,
quarantine=False,
signatures={},
validity_period=TRC_VALIDITY_PERIOD)
# Sign with private keys corresponding to public keys (core AS online public keys) in previous
# TRC version
# For initial version simply use the private online keys
core_ases_online_priv_keys = {
as_.isd_as_str(): as_.core_online_priv_key
for as_ in core_ases
}
signing_keys = isd.trc_priv_keys or core_ases_online_priv_keys
for isd_as, sig_priv_key in signing_keys.items():
trc.sign(isd_as, base64.b64decode(sig_priv_key))
# Return trc and signing keys for next version:
# The keys and signatures are contained as bytes-objects in the dict returned, encode them
return _base64encode_dict(
trc.dict(with_signatures=True)), core_ases_online_priv_keys
def _create_trc(self, isd):
self.trcs[isd] = TRC.from_values(isd, "ISD %s" % isd, 0, {}, {}, {}, 2,
'dns_srv_addr', 2, 3, 18000, True, {})
def _create_trc(self, isd):
self.trcs[isd] = TRC.from_values(isd, 0, {},
{'ca.com': 'ca.com_cert_base64'}, {},
2, 'dns_srv_addr', 'dns_srv_cert', 2,
3, 2, True, {}, 18000)
def _create_trc(self, isd):
validity_period = TRC.VALIDITY_PERIOD
self.trcs[isd] = TRC.from_values(isd, "ISD %s" % isd,
INITIAL_TRC_VERSION, {}, {}, {}, 2,
{}, 2, 3, 18000, False, {},
validity_period)
