def generate_self_signed_cert(self, common_name):
cryptography_key = self._privkey.to_cryptography_privkey()
return generate_self_signed_certificate(
host=common_name,
curve=self.curve,
private_key=cryptography_key,
)
def __init__(
self,
host: str,
checksum_public_address: str = None,
private_key: Union[UmbralPrivateKey, UmbralPublicKey] = None,
curve=None,
certificate=None,
certificate_filepath: str = None,
generate_certificate=True,
) -> None:
self.curve = curve or self._DEFAULT_CURVE
if private_key and certificate_filepath:
from nucypher.config.keyring import _read_tls_public_certificate
certificate = _read_tls_public_certificate(
filepath=certificate_filepath)
super().__init__(private_key=private_key)
elif certificate:
super().__init__(public_key=certificate.public_key())
elif certificate_filepath:
from nucypher.config.keyring import _read_tls_public_certificate
certificate = _read_tls_public_certificate(
filepath=certificate_filepath)
super().__init__(public_key=certificate.public_key())
elif generate_certificate:
if not host and checksum_public_address:
message = "If you don't supply a TLS certificate, one will be generated for you." \
"But for that, you need to pass a host and checksum address."
raise TypeError(message)
certificate, private_key = generate_self_signed_certificate(
host=host,
checksum_address=checksum_public_address,
private_key=private_key,
curve=self.curve)
super().__init__(private_key=private_key)
else:
raise TypeError(
"You didn't provide a cert, but also told us not to generate keys. Not sure what to do."
)
if not certificate_filepath:
certificate_filepath = constants.CERTIFICATE_NOT_SAVED.bool_value(
False)
self.certificate = certificate
self.certificate_filepath = certificate_filepath
def __init__(
self,
common_name=None,
host=None,
private_key: Union[UmbralPrivateKey, UmbralPublicKey] = None,
curve=None,
certificate=None,
certificate_filepath: str = None,
certificate_dir=None,
generate_certificate=True,
) -> None:
self.curve = curve or self._DEFAULT_CURVE
if private_key:
super().__init__(private_key=private_key)
elif certificate:
super().__init__(public_key=certificate.public_key())
elif certificate_filepath:
certificate = load_tls_certificate(filepath=certificate_filepath)
elif generate_certificate:
if not all((common_name, host)):
message = "If you don't supply the certificate, one will be generated for you." \
"But for that, you need to pass both host and common_name.."
raise TypeError(message)
certificate, private_key = generate_self_signed_certificate(
common_name=common_name,
private_key=private_key,
curve=self.curve,
host=host)
super().__init__(private_key=private_key)
else:
raise TypeError(
"You didn't provide a cert, but also told us not to generate keys. Not sure what to do."
)
if not certificate_filepath:
certificate_filepath = constants.CERTIFICATE_NOT_SAVED
self.certificate = certificate
self.certificate_filepath = certificate_filepath
self.certificate_dir = certificate_dir
def __init__(self,
common_name,
private_key: Union[UmbralPrivateKey, UmbralPublicKey] = None,
certificate=None,
curve=None,
generate_keys_if_needed=True):
self.curve = curve or self._DEFAULT_CURVE
if not certificate:
self._certificate, private_key = generate_self_signed_certificate(
common_name=common_name,
private_key=private_key,
curve=self.curve)
else:
self._certificate = certificate
super().__init__(private_key=private_key)
def _generate_tls_keys(
host: str,
curve: EllipticCurve) -> Tuple[_EllipticCurvePrivateKey, Certificate]:
cert, private_key = generate_self_signed_certificate(host, curve)
return private_key, cert
def generate_self_signed_cert(self, common_name):
cryptography_key = self._privkey.to_cryptography_privkey()
return generate_self_signed_certificate(common_name, default_curve(),
cryptography_key)
def _generate_tls_keys(
host: str, checksum_address: str,
curve: EllipticCurve) -> Tuple[_EllipticCurvePrivateKey, Certificate]:
cert, private_key = generate_self_signed_certificate(
host=host, curve=curve, checksum_address=checksum_address)
return private_key, cert
from nucypher.characters import Ursula
from OpenSSL.crypto import X509
from OpenSSL.SSL import TLSv1_2_METHOD
from nucypher.crypto.api import generate_self_signed_certificate
DB_NAME = "non-mining-proxy-node"
_URSULA = Ursula(dht_port=3501,
rest_port=3601,
ip_address="localhost",
db_name=DB_NAME)
_URSULA.dht_listen()
CURVE = ec.SECP256R1
cert, private_key = generate_self_signed_certificate(
_URSULA.stamp.fingerprint().decode(), CURVE)
deployer = HendrixDeployTLS("start", {
"wsgi": _URSULA.rest_app,
"https_port": _URSULA.rest_port
},
key=private_key,
cert=X509.from_cryptography(cert),
context_factory=ExistingKeyTLSContextFactory,
context_factory_kwargs={
"curve_name": "prime256v1",
"sslmethod": TLSv1_2_METHOD
})
try:
deployer.run()
