def get_node_id(self) -> str:
cert = self.get_certificate(SSLCertificateType.PRIVATE)
node_id = extensions_factory.get_node_id(cert)
if node_id is None:
raise TypeError(
f"Node id is missing in private certificate: {cert}!")
return node_id
def _get_socket_peer_info(
self,
sock: AbstractSocketConnectionProtocol) -> AuthenticatedPeerInfo:
assert sock.is_ssl
assert self.NODE_TYPE is not None
cert = sock.get_peer_certificate()
node_type = extensions_factory.get_node_type(cert)
try:
connection_type = convert.peer_node_to_connection_type(
# pyre-fixme[6]: Expected `NodeType` for 1st param but got
# `Optional[NodeType]`.
self.NODE_TYPE,
node_type)
except (KeyError, ValueError):
raise ConnectionAuthenticationError(
f"Peer ssl certificate ({cert}) has an invalid node type: {node_type}!"
)
peer_id = extensions_factory.get_node_id(cert)
if peer_id is None:
raise ConnectionAuthenticationError(
f"Peer ssl certificate ({cert}) does not contain a node id!")
account_id = extensions_factory.get_account_id(cert)
node_privileges = extensions_factory.get_node_privileges(cert)
return AuthenticatedPeerInfo(connection_type, peer_id, account_id,
node_privileges)
def test_get_node_credentials(self):
node_type = NodeType.EXTERNAL_GATEWAY
node_id = str(uuid.uuid4())
node_privileges = "privileged_node"
cert = ssl_certificate_factory.sign_csr(
self.template_csr, self.template_cert, self.template_key,
constants.DEFAULT_EXPIRATION_DATE,
extensions_factory.get_custom_extensions(
node_type, node_id, node_privileges=node_privileges))
self.assertEqual(node_type, extensions_factory.get_node_type(cert))
self.assertEqual(node_id, extensions_factory.get_node_id(cert))
self.assertEqual(node_privileges,
extensions_factory.get_node_privileges(cert))
def blocking_store_node_certificate(self, cert: Certificate) -> None:
"""
Store a node private certificate in a blocking manner
:param cert: the node private certificate to be stored.
"""
key = self.private_keys[SSLCertificateType.PRIVATE]
if self._store_local:
ssl_folder_path = self.storage_info.ssl_folder_path
key_file_info = self.storage_info.certificates_info[SSLCertificateType.PRIVATE].key_file_info
key_folder_path = os.path.join(ssl_folder_path, key_file_info.sub_directory_name) # pyre-ignore
ssl_certificate_factory.store_key(key, key_folder_path, self._node_name)
self.certificates[SSLCertificateType.PRIVATE] = cert
self._store_cert(SSLCertificateType.PRIVATE, cert)
node_id = extensions_factory.get_node_id(cert)
logger.debug("{} successfully stored private SSL certificate: {} ({}).", self, cert, node_id)
def connection_made(self, transport: BaseTransport) -> None:
transport = typing.cast(Transport, transport)
if self._endpoint is None:
self._endpoint = IpEndpoint(*transport.get_extra_info("peername"))
endpoint = self._endpoint
assert endpoint is not None
if self._is_server:
try:
cert = self.get_peer_certificate(transport)
key = extensions_factory.get_node_id(cert)
if key is None:
key = endpoint.ip_address
except TypeError:
key = endpoint.ip_address
attempts = self._node.report_connection_attempt(key)
if attempts >= constants.MAX_HIGH_RECONNECT_ATTEMPTS_ALLOWED:
logger.debug(
"Rejecting connection attempt from {} / {}. Too many attempts: {}",
self._endpoint, key, attempts)
# transport.abort()
# return
if sys.version.startswith("3.6."):
protocol_cls = SocketConnectionProtocolPy36
else:
from bxcommon.network.socket_connection_protocol import SocketConnectionProtocol
protocol_cls = SocketConnectionProtocol
if self._is_server:
endpoint = None
delegate_protocol = protocol_cls(self._node, endpoint, self.is_ssl)
delegate_protocol.connection_made(transport)
self._delegate_protocol = delegate_protocol