def start(self):
callbacks = {'connected': [CalvinCB(self._connected)]}
tcp_f = TCPServerFactory(callbacks)
runtime_to_runtime_security = _conf.get("security","runtime_to_runtime_security")
trusted_ca_certs = []
if runtime_to_runtime_security=="tls":
_log.debug("TwistedCalvinServer with TLS chosen")
try:
self._runtime_credentials = runtime_credentials.RuntimeCredentials(self._node_name)
ca_cert_list_str, ca_cert_list_x509, truststore =certificate.get_truststore(certificate.TRUSTSTORE_TRANSPORT)
for ca_cert in ca_cert_list_str:
trusted_ca_certs.append(ssl.Certificate.loadPEM(ca_cert))
server_credentials_data = self._runtime_credentials.get_runtime_credentials()
server_credentials = ssl.PrivateCertificate.loadPEM(server_credentials_data)
except Exception as err:
_log.exception("Server failed to load credentials, err={}".format(err))
try:
self._tcp_server = reactor.listenSSL(self._port, tcp_f, server_credentials.options(*trusted_ca_certs), interface=self._iface)
except Exception as err:
_log.exception("Server failed listenSSL, err={}".format(err))
else:
_log.debug("TwistedCalvinServer without TLS chosen")
try:
self._tcp_server = reactor.listenTCP(self._port, tcp_f, interface=self._iface)
except error.CannotListenError:
_log.exception("Could not listen on port %s:%s", self._iface, self._port)
raise
except Exception as exc:
_log.exception("Failed when trying listening on port %s:%s", self._iface, self._port)
raise
self._port = self._tcp_server.getHost().port
self._callback_execute('server_started', self._port)
return self._port
def get_truststore(self, type):
"""
Returns the truststore for the type of usage as list of
certificate strings, a list of OpenSSL objects and as a
OpenSSL truststore object
"""
ca_cert_list_str, ca_cert_list_x509, truststore = certificate.get_truststore(
type, security_dir=self.security_dir)
return ca_cert_list_str, ca_cert_list_x509, truststore
def join(self):
from twisted.internet._sslverify import OpenSSLCertificateAuthorities
from OpenSSL import crypto
if self._proto:
raise Exception("Already connected")
# Own callbacks
callbacks = {'connected': [CalvinCB(self._connected)],
'disconnected': [CalvinCB(self._disconnected)],
'connection_failed': [CalvinCB(self._connection_failed)],
'data': [CalvinCB(self._data)],
'set_proto': [CalvinCB(self._set_proto)]}
self._factory = TCPClientFactory(callbacks) # addr="%s:%s" % (self._host_ip, self._host_port))
runtime_to_runtime_security = _conf.get("security","runtime_to_runtime_security")
if runtime_to_runtime_security=="tls":
_log.debug("TwistedCalvinTransport with TLS chosen")
trusted_ca_certs = []
try:
self._runtime_credentials = runtime_credentials.RuntimeCredentials(self._node_name)
ca_cert_list_str, ca_cert_list_x509, truststore = certificate.get_truststore(certificate.TRUSTSTORE_TRANSPORT)
for ca_cert in ca_cert_list_str:
trusted_ca_certs.append(crypto.load_certificate(crypto.FILETYPE_PEM, ca_cert))
ca_certs = OpenSSLCertificateAuthorities(trusted_ca_certs)
client_credentials_data =self._runtime_credentials.get_runtime_credentials()
client_credentials = ssl.PrivateCertificate.loadPEM(client_credentials_data)
except Exception as err:
_log.error("TwistedCalvinTransport: Failed to load client credentials, err={}".format(err))
raise
try:
options = ssl.optionsForClientTLS(self._server_node_name,
trustRoot=ca_certs,
clientCertificate=client_credentials)
except Exception as err:
_log.error("TwistedCalvinTransport: Failed to create optionsForClientTLS "
"\n\terr={}"
"\n\tself._server_node_name={}".format(err,
self._server_node_name))
raise
try:
endpoint = endpoints.SSL4ClientEndpoint(reactor,
self._host_ip,
int(self._host_port),
options)
except:
_log.error("TwistedCalvinTransport: Client failed connectSSL")
raise
try:
endpoint.connect(self._factory)
except Exception as e:
_log.error("TwistedCalvinTransport: Failed endpoint.connect, e={}".format(e))
raise
else:
reactor.connectTCP(self._host_ip, int(self._host_port), self._factory)
def join(self):
if self._proto:
raise Exception("Already connected")
# Own callbacks
callbacks = {
'connected': [CalvinCB(self._connected)],
'disconnected': [CalvinCB(self._disconnected)],
'connection_failed': [CalvinCB(self._connection_failed)],
'data': [CalvinCB(self._data)],
'set_proto': [CalvinCB(self._set_proto)]
}
self._factory = TCPClientFactory(
callbacks) # addr="%s:%s" % (self._host_ip, self._host_port))
runtime_to_runtime_security = _conf.get("security",
"runtime_to_runtime_security")
if runtime_to_runtime_security == "tls":
_log.debug("TwistedCalvinTransport with TLS chosen")
try:
self._runtime_credentials = runtime_credentials.RuntimeCredentials(
self._node_name)
ca_cert_list_str, ca_cert_list_x509, truststore = certificate.get_truststore(
certificate.TRUSTSTORE_TRANSPORT)
#TODO: figure out how to set more than one root cert in twisted truststore
twisted_trusted_ca_cert = ssl.Certificate.loadPEM(
ca_cert_list_str[0])
client_credentials_data = self._runtime_credentials.get_runtime_credentials(
)
client_credentials = ssl.PrivateCertificate.loadPEM(
client_credentials_data)
except Exception as err:
_log.error(
"TwistedCalvinTransport: Failed to load client credentials, err={}"
.format(err))
raise
try:
options = ssl.optionsForClientTLS(self._server_node_name,
twisted_trusted_ca_cert,
client_credentials)
except Exception as err:
_log.error(
"TwistedCalvinTransport: Failed to create optionsForClientTLS "
"\n\terr={}"
"\n\tself._server_node_name={}".format(
err, self._server_node_name))
raise
try:
endpoint = endpoints.SSL4ClientEndpoint(
reactor, self._host_ip, int(self._host_port), options)
except:
_log.error("TwistedCalvinTransport: Client failed connectSSL")
raise
try:
endpoint.connect(self._factory)
except Exception as e:
_log.error(
"TwistedCalvinTransport: Failed endpoint.connect, e={}".
format(e))
raise
else:
reactor.connectTCP(self._host_ip, int(self._host_port),
self._factory)