def __init__(self, config=None):
super().__init__(config)
self.db = DB()
self._system_uid = self.db.init_config()
self._principle = self.db.refresh_local_principle(KeyRing().generate_key_hex(), config.realm, config.realm)
self._discovery = Discovery(config.realm, self._system_uid)
self._auth = Authentication(self._principle)
def run_command_keygen(options, **kwargs):
"""
Subcommand "crossbar keygen".
"""
try:
from autobahn.wamp.cryptobox import KeyRing
except ImportError:
print("You should install 'autobahn[encryption]'")
sys.exit(1)
priv, pub = KeyRing().generate_key()
print(' private: {}'.format(priv))
print(' public: {}'.format(pub))
def onJoin(self, details):
self.log.info('session joined: {details}', details=details)
# setup application payload end-to-end encryption ("WAMP-cryptobox")
# when a keyring was set, end-to-end encryption is performed automatically
if False:
# this is simplest keyring: for all URIs, use one key for both
# originators and responders.
keyring = KeyRing(PRIVKEY)
else:
# this is a more specialized keyring: we only make URIs starting
# with "com.myapp.encrypted." encrypted, and only with private key
# for originator (= this session, as it is "calling" and "publishing")
keyring = KeyRing()
# since we want to act as "callee" and "subscriber") we are thus a "responder"
# and responders need the responder private key. however, we don't act as "callers"
# or "publishers", and hence can get away with the public key for the originator only!
key = Key(originator_pub=ORIGINATOR_PUB, responder_priv=RESPONDER_PRIV)
keyring.set_key('com.myapp.encrypted.', key)
self.set_payload_codec(keyring)
# now start the testing ..
def add2(a, b, details=None):
self.log.info('call received: a={a}, b={b}, details={details}', a=a, b=b, details=details)
# when the procedure args were encrypted, the result will be always encrypted too!
return a + b
options = RegisterOptions(details_arg='details')
reg1 = yield self.register(add2, 'com.myapp.add2', options=options)
reg2 = yield self.register(add2, 'com.myapp.encrypted.add2', options=options)
def failme(encrypted_error, details=None):
# IMPORTANT: independent of whether the "failme" procedure args were encrypted or not,
# an error returned to the caller will be encrypted or not depending soley
# on the error URI!
if encrypted_error:
raise ApplicationError("com.myapp.encrypted.error1", custom1=23, custom2='Hello')
else:
raise ApplicationError("com.myapp.error1", custom1=23, custom2='Hello')
reg3 = yield self.register(failme, 'com.myapp.failme', options=options)
reg4 = yield self.register(failme, 'com.myapp.encrypted.failme', options=options)
def on_hello(msg, details=None):
self.log.info('event received: msg="{msg}", details={details}', msg=msg, details=details)
options = SubscribeOptions(details=True)
sub1 = yield self.subscribe(on_hello, 'com.myapp.hello', options=options)
sub2 = yield self.subscribe(on_hello, 'com.myapp.encrypted.hello', options=options)
self.log.info('session ready!')
def onJoin(self, details):
self.log.info('session joined: {details}', details=details)
# setup application payload end-to-end encryption ("WAMP-cryptobox")
# when a keyring was set, end-to-end encryption is performed automatically
if False:
# this is simplest keyring: for all URIs, use one key for both
# originators and responders.
keyring = KeyRing(PRIVKEY)
else:
# this is a more specialized keyring: we only make URIs starting
# with "com.myapp.encrypted." encrypted, and only with private key
# for originator (= this session, as it is "calling" and "publishing")
# we need to have a keyring first. create an empty one.
keyring = KeyRing()
# since we want to act as "caller" and "publisher", we are thus a "originator"
# and originators need the originator private key. however, we don't act as "callees"
# or "subscribers", and hence can get away with the public key for the responder only!
key = Key(originator_priv=ORIGINATOR_PRIV,
responder_pub=RESPONDER_PUB)
# we now associate URIs starting with "com.myapp.encrypted." with the
# encryption keys ..
keyring.set_key('com.myapp.encrypted.', key)
# .. and finally set the keyring on the session. from now on, all calls (and event)
# on URIs that start with "com.myapp.encrypted." will be encrypted. Calls (and events)
# on URIs different from that will continue to travel unencrypted!
self.set_payload_codec(keyring)
# now start the testing ..
yield self._test_rpc()
yield self._test_rpc_errors()
yield self._test_pubsub()
self.log.info('done!')
self.leave()
def onJoin(self, details):
print("joined")
# setup application payload end-to-end encryption ("WAMP-cryptobox")
# when a keyring was set, end-to-end encryption is performed automatically
if True:
keyring = KeyRing(PRIVKEY)
else:
# this works the same as in Component1, but the keys
# loaded is different.
keyring = KeyRing()
# since we want to act as "callee" (and "subscriber"), we are thus a "responder"
# and responders need the responder private key. however, we don't act as "callers"
# (or "publishers"), and hence can get away with the public key for the originator only!
key = Key(responder_priv=RESPONDER_PRIV,
originator_pub=ORIGINATOR_PUB)
keyring.set_key(u'com.myapp.encrypted.', key)
self.set_keyring(keyring)
# now start the testing ..
def add2(a, b, details=None):
print("call received: a={}, b={}, details={}".format(
a, b, details))
# when the procedure args were encrypted, the result will be always encrypted too!
return a + b
options = RegisterOptions(details_arg='details')
reg1 = yield self.register(add2, u'com.myapp.add2', options=options)
reg2 = yield self.register(add2,
u'com.myapp.encrypted.add2',
options=options)
def failme(encrypted_error, details=None):
# independent of whether the "failme" procedure args were encrypted or not,
# an error returned to the caller will be encrypted or not depending soley
# on the error URI
if encrypted_error:
raise ApplicationError(u"com.myapp.encrypted.error1",
custom1=23,
custom2=u'Hello')
else:
raise ApplicationError(u"com.myapp.error1",
custom1=23,
custom2=u'Hello')
reg3 = yield self.register(failme,
u'com.myapp.failme',
options=options)
reg4 = yield self.register(failme,
u'com.myapp.encrypted.failme',
options=options)
def on_hello(msg, details=None):
print("event received: msg='{}', details={}".format(msg, details))
options = SubscribeOptions(details_arg='details')
sub1 = yield self.subscribe(on_hello,
u'com.myapp.hello',
options=options)
sub2 = yield self.subscribe(on_hello,
u'com.myapp.encrypted.hello',
options=options)
print("ready!")
import sys
import json
from os import environ
from os.path import join
from twisted.internet import defer, reactor
from twisted.internet.protocol import ProcessProtocol
from twisted.internet.error import ProcessTerminated, ProcessExitedAlready, ProcessDone
from autobahn.twisted.component import run, Component
from autobahn.wamp.types import SubscribeOptions
from autobahn.wamp.cryptobox import KeyRing, Key
# Storing our secrets in files to make the examples simpler; something
# like 'keyring' or 'vault' would be preferable
keyring = KeyRing()
with open('secrets-builder-authkey', 'rb') as f:
builder_auth_key = f.read()
with open('secrets-paths', 'rb') as f:
basedir = f.read().strip().decode('ascii')
with open('secrets-builder-priv', 'rb') as priv:
with open('secrets-webhook-pub', 'rb') as pub:
# we are *receiving* events, so we're the responder
key = Key(
responder_priv=priv.read().decode(
'ascii'), # webhook will encrypt to this
originator_pub=pub.read().decode(
'ascii'), # if we have to reply, encrypt to this
)
keyring.set_key(u'webhook.github.push', key)
from twisted.internet import defer, reactor
from twisted.internet.task import LoopingCall
from twisted.internet.endpoints import serverFromString
from twisted.internet.endpoints import clientFromString
from twisted.web.server import Site
from autobahn.twisted.component import run, Component
from autobahn.wamp.cryptobox import KeyRing, Key
# load our seekrit data
with open('secrets-onion', 'rb') as f:
onion_addr = f.read().decode('ascii').strip()
with open('secrets-webhook-authkey', 'rb') as f:
webhook_auth_key = f.read()
keyring = KeyRing() # for end-to-end encryption
with open('secrets-webhook-priv', 'rb') as priv:
with open('secrets-builder-pub', 'rb') as pub:
# we are the "originator" because we send publish events
key = Key(
originator_priv=priv.read().decode('ascii'),
responder_pub=pub.read().decode('ascii'),
)
keyring.set_key(u'webhook.github.push', key)
# define a "fake" webhook component that will connect using the same
# credentials and methods as the "real" one, but will publish one fake
# "master" push event and exit.
hook = Component(
transports=[