def start(self): callbacks = {'connected': [CalvinCB(self._connected)]} tcp_f = TCPServerFactory(callbacks) runtime_to_runtime_security = _conf.get("security","runtime_to_runtime_security") trusted_ca_certs = [] if runtime_to_runtime_security=="tls": _log.debug("TwistedCalvinServer with TLS chosen") try: self._runtime_credentials = runtime_credentials.RuntimeCredentials(self._node_name) ca_cert_list_str, ca_cert_list_x509, truststore =certificate.get_truststore(certificate.TRUSTSTORE_TRANSPORT) for ca_cert in ca_cert_list_str: trusted_ca_certs.append(ssl.Certificate.loadPEM(ca_cert)) server_credentials_data = self._runtime_credentials.get_runtime_credentials() server_credentials = ssl.PrivateCertificate.loadPEM(server_credentials_data) except Exception as err: _log.exception("Server failed to load credentials, err={}".format(err)) try: self._tcp_server = reactor.listenSSL(self._port, tcp_f, server_credentials.options(*trusted_ca_certs), interface=self._iface) except Exception as err: _log.exception("Server failed listenSSL, err={}".format(err)) else: _log.debug("TwistedCalvinServer without TLS chosen") try: self._tcp_server = reactor.listenTCP(self._port, tcp_f, interface=self._iface) except error.CannotListenError: _log.exception("Could not listen on port %s:%s", self._iface, self._port) raise except Exception as exc: _log.exception("Failed when trying listening on port %s:%s", self._iface, self._port) raise self._port = self._tcp_server.getHost().port self._callback_execute('server_started', self._port) return self._port
def get_truststore(self, type): """ Returns the truststore for the type of usage as list of certificate strings, a list of OpenSSL objects and as a OpenSSL truststore object """ ca_cert_list_str, ca_cert_list_x509, truststore = certificate.get_truststore( type, security_dir=self.security_dir) return ca_cert_list_str, ca_cert_list_x509, truststore
def join(self): from twisted.internet._sslverify import OpenSSLCertificateAuthorities from OpenSSL import crypto if self._proto: raise Exception("Already connected") # Own callbacks callbacks = {'connected': [CalvinCB(self._connected)], 'disconnected': [CalvinCB(self._disconnected)], 'connection_failed': [CalvinCB(self._connection_failed)], 'data': [CalvinCB(self._data)], 'set_proto': [CalvinCB(self._set_proto)]} self._factory = TCPClientFactory(callbacks) # addr="%s:%s" % (self._host_ip, self._host_port)) runtime_to_runtime_security = _conf.get("security","runtime_to_runtime_security") if runtime_to_runtime_security=="tls": _log.debug("TwistedCalvinTransport with TLS chosen") trusted_ca_certs = [] try: self._runtime_credentials = runtime_credentials.RuntimeCredentials(self._node_name) ca_cert_list_str, ca_cert_list_x509, truststore = certificate.get_truststore(certificate.TRUSTSTORE_TRANSPORT) for ca_cert in ca_cert_list_str: trusted_ca_certs.append(crypto.load_certificate(crypto.FILETYPE_PEM, ca_cert)) ca_certs = OpenSSLCertificateAuthorities(trusted_ca_certs) client_credentials_data =self._runtime_credentials.get_runtime_credentials() client_credentials = ssl.PrivateCertificate.loadPEM(client_credentials_data) except Exception as err: _log.error("TwistedCalvinTransport: Failed to load client credentials, err={}".format(err)) raise try: options = ssl.optionsForClientTLS(self._server_node_name, trustRoot=ca_certs, clientCertificate=client_credentials) except Exception as err: _log.error("TwistedCalvinTransport: Failed to create optionsForClientTLS " "\n\terr={}" "\n\tself._server_node_name={}".format(err, self._server_node_name)) raise try: endpoint = endpoints.SSL4ClientEndpoint(reactor, self._host_ip, int(self._host_port), options) except: _log.error("TwistedCalvinTransport: Client failed connectSSL") raise try: endpoint.connect(self._factory) except Exception as e: _log.error("TwistedCalvinTransport: Failed endpoint.connect, e={}".format(e)) raise else: reactor.connectTCP(self._host_ip, int(self._host_port), self._factory)
def join(self): if self._proto: raise Exception("Already connected") # Own callbacks callbacks = { 'connected': [CalvinCB(self._connected)], 'disconnected': [CalvinCB(self._disconnected)], 'connection_failed': [CalvinCB(self._connection_failed)], 'data': [CalvinCB(self._data)], 'set_proto': [CalvinCB(self._set_proto)] } self._factory = TCPClientFactory( callbacks) # addr="%s:%s" % (self._host_ip, self._host_port)) runtime_to_runtime_security = _conf.get("security", "runtime_to_runtime_security") if runtime_to_runtime_security == "tls": _log.debug("TwistedCalvinTransport with TLS chosen") try: self._runtime_credentials = runtime_credentials.RuntimeCredentials( self._node_name) ca_cert_list_str, ca_cert_list_x509, truststore = certificate.get_truststore( certificate.TRUSTSTORE_TRANSPORT) #TODO: figure out how to set more than one root cert in twisted truststore twisted_trusted_ca_cert = ssl.Certificate.loadPEM( ca_cert_list_str[0]) client_credentials_data = self._runtime_credentials.get_runtime_credentials( ) client_credentials = ssl.PrivateCertificate.loadPEM( client_credentials_data) except Exception as err: _log.error( "TwistedCalvinTransport: Failed to load client credentials, err={}" .format(err)) raise try: options = ssl.optionsForClientTLS(self._server_node_name, twisted_trusted_ca_cert, client_credentials) except Exception as err: _log.error( "TwistedCalvinTransport: Failed to create optionsForClientTLS " "\n\terr={}" "\n\tself._server_node_name={}".format( err, self._server_node_name)) raise try: endpoint = endpoints.SSL4ClientEndpoint( reactor, self._host_ip, int(self._host_port), options) except: _log.error("TwistedCalvinTransport: Client failed connectSSL") raise try: endpoint.connect(self._factory) except Exception as e: _log.error( "TwistedCalvinTransport: Failed endpoint.connect, e={}". format(e)) raise else: reactor.connectTCP(self._host_ip, int(self._host_port), self._factory)