def __init__(self, config=None, reactor=None, personality=None): # base ctor NativeProcess.__init__(self, config=config, reactor=reactor, personality=personality) # Release (public) key self._release_pubkey = _read_release_key() # Node (private) key (as a string, in hex) node_key_hex = _read_node_key(self.config.extra.cbdir, private=True)['hex'] privkey = nacl.signing.SigningKey(node_key_hex, encoder=nacl.encoding.HexEncoder) # WAMP-cryptosign signing key self._node_key = cryptosign.SigningKey(privkey)
def maybe_generate_key(self, cbdir, privkey_path=u'key.priv', pubkey_path=u'key.pub'): privkey_path = os.path.join(cbdir, privkey_path) pubkey_path = os.path.join(cbdir, pubkey_path) if os.path.exists(privkey_path): # node private key seems to exist already .. check! priv_tags = _parse_keyfile(privkey_path, private=True) for tag in [ u'creator', u'created-at', u'machine-id', u'public-key-ed25519', u'private-key-ed25519' ]: if tag not in priv_tags: raise Exception( "Corrupt node private key file {} - {} tag not found". format(privkey_path, tag)) privkey_hex = priv_tags[u'private-key-ed25519'] privkey = SigningKey(privkey_hex, encoder=HexEncoder) pubkey = privkey.verify_key pubkey_hex = pubkey.encode(encoder=HexEncoder).decode('ascii') if priv_tags[u'public-key-ed25519'] != pubkey_hex: raise Exception(( "Inconsistent node private key file {} - public-key-ed25519 doesn't" " correspond to private-key-ed25519").format(pubkey_path)) if os.path.exists(pubkey_path): pub_tags = _parse_keyfile(pubkey_path, private=False) for tag in [ u'creator', u'created-at', u'machine-id', u'public-key-ed25519' ]: if tag not in pub_tags: raise Exception( "Corrupt node public key file {} - {} tag not found" .format(pubkey_path, tag)) if pub_tags[u'public-key-ed25519'] != pubkey_hex: raise Exception(( "Inconsistent node public key file {} - public-key-ed25519 doesn't" " correspond to private-key-ed25519" ).format(pubkey_path)) else: self.log.info( "Node public key file {pub_path} not found - re-creating from node private key file {priv_path}", pub_path=pubkey_path, priv_path=privkey_path, ) pub_tags = OrderedDict([ (u'creator', priv_tags[u'creator']), (u'created-at', priv_tags[u'created-at']), (u'machine-id', priv_tags[u'machine-id']), (u'public-key-ed25519', pubkey_hex), ]) msg = u'Crossbar.io node public key\n\n' _write_node_key(pubkey_path, pub_tags, msg) self.log.debug("Node key already exists (public key: {hex})", hex=pubkey_hex) else: # node private key does not yet exist: generate one privkey = SigningKey.generate() privkey_hex = privkey.encode(encoder=HexEncoder).decode('ascii') pubkey = privkey.verify_key pubkey_hex = pubkey.encode(encoder=HexEncoder).decode('ascii') # first, write the public file tags = OrderedDict([ (u'creator', _creator()), (u'created-at', utcnow()), (u'machine-id', _machine_id()), (u'public-key-ed25519', pubkey_hex), ]) msg = u'Crossbar.io node public key\n\n' _write_node_key(pubkey_path, tags, msg) # now, add the private key and write the private file tags[u'private-key-ed25519'] = privkey_hex msg = u'Crossbar.io node private key - KEEP THIS SAFE!\n\n' _write_node_key(privkey_path, tags, msg) self.log.info("New node key pair generated!") # fix file permissions on node public/private key files # note: we use decimals instead of octals as octal literals have changed between Py2/3 # if os.stat(pubkey_path ).st_mode & 511 != 420: # 420 (decimal) == 0644 (octal) os.chmod(pubkey_path, 420) self.log.info("File permissions on node public key fixed!") if os.stat(privkey_path ).st_mode & 511 != 384: # 384 (decimal) == 0600 (octal) os.chmod(privkey_path, 384) self.log.info("File permissions on node private key fixed!") self._node_key = cryptosign.SigningKey(privkey) return pubkey_hex
def _maybe_generate_key(cbdir, privfile='key.priv', pubfile='key.pub'): was_new = True privkey_path = os.path.join(cbdir, privfile) pubkey_path = os.path.join(cbdir, pubfile) if os.path.exists(privkey_path): # node private key seems to exist already .. check! priv_tags = _parse_key_file(privkey_path, private=True) for tag in ['creator', 'created-at', 'machine-id', 'public-key-ed25519', 'private-key-ed25519']: if tag not in priv_tags: raise Exception("Corrupt node private key file {} - {} tag not found".format(privkey_path, tag)) privkey_hex = priv_tags['private-key-ed25519'] privkey = signing.SigningKey(privkey_hex, encoder=encoding.HexEncoder) pubkey = privkey.verify_key pubkey_hex = pubkey.encode(encoder=encoding.HexEncoder).decode('ascii') if priv_tags['public-key-ed25519'] != pubkey_hex: raise Exception( ("Inconsistent node private key file {} - public-key-ed25519 doesn't" " correspond to private-key-ed25519").format(pubkey_path) ) if os.path.exists(pubkey_path): pub_tags = _parse_key_file(pubkey_path, private=False) for tag in ['creator', 'created-at', 'machine-id', 'public-key-ed25519']: if tag not in pub_tags: raise Exception("Corrupt node public key file {} - {} tag not found".format(pubkey_path, tag)) if pub_tags['public-key-ed25519'] != pubkey_hex: raise Exception( ("Inconsistent node public key file {} - public-key-ed25519 doesn't" " correspond to private-key-ed25519").format(pubkey_path) ) else: log.info( "Node public key file {pub_path} not found - re-creating from node private key file {priv_path}", pub_path=pubkey_path, priv_path=privkey_path, ) pub_tags = OrderedDict([ ('creator', priv_tags['creator']), ('created-at', priv_tags['created-at']), ('machine-id', priv_tags['machine-id']), ('public-key-ed25519', pubkey_hex), ]) msg = 'Crossbar.io node public key\n\n' _write_node_key(pubkey_path, pub_tags, msg) log.info('Node key files exist and are valid. Node public key is {pubkey}', pubkey=hlid('0x' + pubkey_hex)) was_new = False else: # node private key does not yet exist: generate one privkey = signing.SigningKey.generate() privkey_hex = privkey.encode(encoder=encoding.HexEncoder).decode('ascii') pubkey = privkey.verify_key pubkey_hex = pubkey.encode(encoder=encoding.HexEncoder).decode('ascii') # first, write the public file tags = OrderedDict([ ('creator', _creator()), ('created-at', utcnow()), ('machine-id', _machine_id()), ('public-key-ed25519', pubkey_hex), ]) msg = 'Crossbar.io node public key\n\n' _write_node_key(pubkey_path, tags, msg) # now, add the private key and write the private file tags['private-key-ed25519'] = privkey_hex msg = 'Crossbar.io node private key - KEEP THIS SAFE!\n\n' _write_node_key(privkey_path, tags, msg) log.info('New node key pair generated! Public key is {pubkey}', pubkey=hlid('0x' + pubkey_hex)) # fix file permissions on node public/private key files # note: we use decimals instead of octals as octal literals have changed between Py2/3 # if os.stat(pubkey_path).st_mode & 511 != 420: # 420 (decimal) == 0644 (octal) os.chmod(pubkey_path, 420) log.info("File permissions on node public key fixed") if os.stat(privkey_path).st_mode & 511 != 384: # 384 (decimal) == 0600 (octal) os.chmod(privkey_path, 384) log.info("File permissions on node private key fixed") log.info( 'Node key loaded from {priv_path}', priv_path=hlid(privkey_path), ) return was_new, cryptosign.SigningKey(privkey)
def _load_and_maybe_generate(self, privkey_path, pubkey_path, yes_to_all=False): if os.path.exists(privkey_path): # node private key seems to exist already .. check! priv_tags = _parse_keyfile(privkey_path, private=True) for tag in [ u'creator', u'created-at', u'user-id', u'public-key-ed25519', u'private-key-ed25519' ]: if tag not in priv_tags: raise Exception( "Corrupt user private key file {} - {} tag not found". format(privkey_path, tag)) creator = priv_tags[u'creator'] created_at = priv_tags[u'created-at'] user_id = priv_tags[u'user-id'] privkey_hex = priv_tags[u'private-key-ed25519'] privkey = SigningKey(privkey_hex, encoder=HexEncoder) pubkey = privkey.verify_key pubkey_hex = pubkey.encode(encoder=HexEncoder).decode('ascii') if priv_tags[u'public-key-ed25519'] != pubkey_hex: raise Exception(( "Inconsistent user private key file {} - public-key-ed25519 doesn't" " correspond to private-key-ed25519").format(pubkey_path)) if os.path.exists(pubkey_path): pub_tags = _parse_keyfile(pubkey_path, private=False) for tag in [ u'creator', u'created-at', u'user-id', u'public-key-ed25519' ]: if tag not in pub_tags: raise Exception( "Corrupt user public key file {} - {} tag not found" .format(pubkey_path, tag)) if pub_tags[u'public-key-ed25519'] != pubkey_hex: raise Exception(( "Inconsistent user public key file {} - public-key-ed25519 doesn't" " correspond to private-key-ed25519" ).format(pubkey_path)) else: # public key is missing! recreate it pub_tags = OrderedDict([ (u'creator', priv_tags[u'creator']), (u'created-at', priv_tags[u'created-at']), (u'user-id', priv_tags[u'user-id']), (u'public-key-ed25519', pubkey_hex), ]) msg = u'Crossbar.io user public key\n\n' _write_node_key(pubkey_path, pub_tags, msg) click.echo( 'Re-created user public key from private key: {}'.format( style_ok(pubkey_path))) # click.echo('User public key loaded: {}'.format(style_ok(pubkey_path))) # click.echo('User private key loaded: {}'.format(style_ok(privkey_path))) else: # user private key does not yet exist: generate one creator = _creator(yes_to_all) created_at = utcnow() user_id = _user_id(yes_to_all) privkey = SigningKey.generate() privkey_hex = privkey.encode(encoder=HexEncoder).decode('ascii') pubkey = privkey.verify_key pubkey_hex = pubkey.encode(encoder=HexEncoder).decode('ascii') # first, write the public file tags = OrderedDict([ (u'creator', creator), (u'created-at', created_at), (u'user-id', user_id), (u'public-key-ed25519', pubkey_hex), ]) msg = u'Crossbar.io FX user public key\n\n' _write_node_key(pubkey_path, tags, msg) os.chmod(pubkey_path, 420) # now, add the private key and write the private file tags[u'private-key-ed25519'] = privkey_hex msg = u'Crossbar.io FX user private key - KEEP THIS SAFE!\n\n' _write_node_key(privkey_path, tags, msg) os.chmod(privkey_path, 384) click.echo('New user public key generated: {}'.format( style_ok(pubkey_path))) click.echo('New user private key generated ({}): {}'.format( style_error('keep this safe!'), style_ok(privkey_path))) # fix file permissions on node public/private key files # note: we use decimals instead of octals as octal literals have changed between Py2/3 if os.stat(pubkey_path ).st_mode & 511 != 420: # 420 (decimal) == 0644 (octal) os.chmod(pubkey_path, 420) click.echo( style_error('File permissions on user public key fixed!')) if os.stat(privkey_path ).st_mode & 511 != 384: # 384 (decimal) == 0600 (octal) os.chmod(privkey_path, 384) click.echo( style_error('File permissions on user private key fixed!')) # load keys into object self._creator = creator self._created_at = created_at self.user_id = user_id self._privkey = privkey self._privkey_hex = privkey_hex self._pubkey = pubkey self._pubkey_hex = pubkey_hex self.key = cryptosign.SigningKey(privkey)