def get_submitter(store): ca = ca_service() user = User(USER_ID, USER_PASSWD, store) enrollment = ca.enroll(USER_ID, USER_PASSWD) user.enrollment = enrollment return user
def test_enroll(self): casvc = ca_service("http://" + self._ca_server_address) adminEnrollment = casvc.enroll(self._enrollment_id, self._enrollment_secret) new_in_memory_wallet = inmemorywalletstore.InMemoryWalletStore() new_in_memory_wallet.put(self._enrollment_id, adminEnrollment) self.assertTrue(new_in_memory_wallet.exists(self._enrollment_id))
def test_enroll(self): casvc = ca_service("http://" + self._ca_server_address) adminEnrollment = casvc.enroll(self._enrollment_id, self._enrollment_secret) new_wallet = wallet.FileSystenWallet() user_identity = wallet.Identity(self._enrollment_id, adminEnrollment) user_identity.CreateIdentity(new_wallet) self.assertTrue(new_wallet.exists(self._enrollment_id))
def __enter__(self): temp = tempfile.mkstemp() os.write(temp[0], base64.b64decode(self.certificate_authority.pem)) os.close(temp[0]) self.pem_path = temp[1] self.ca_service = ca_service( self.certificate_authority.api_url, self.pem_path, ca_name=self.certificate_authority.ca_name) self.identity_service = self.ca_service.newIdentityService() return self
def test_enroll(self): casvc = ca_service("http://" + self._ca_server_address) adminEnrollment = casvc.enroll(self._enrollment_id, self._enrollment_secret) config = f'http://localhost:5984' server = CouchDBWalletStore(DB_NAME, config) server.put(self._enrollment_id, adminEnrollment) self.assertTrue(server.exists(self._enrollment_id)) server.remove(self._enrollment_id) self.assertFalse(server.exists(self._enrollment_id))
def enroll_user( hf_client: hfc.fabric.Client, org_name: str, user_name: str, user_password: str, ) -> hfc.fabric.user.User: """ Enrolls a user to the Org's Fabric CA Server Args: hf_client: Network HF Client object org_name: Organization's name user_name: Username to enroll user_password: User's password Returns: Enrolled User object """ # Create/Open a wallet on a temp path including the org name # Org name must be included, otherwise usernames must be unique # over all orgs wallet_path = os.path.join(os.getcwd(), 'tmp', 'hfc-kvs', org_name) cred_wallet = wallet.FileSystenWallet(path=wallet_path) # [sic] # Extract CA info network_info = hf_client.get_net_info() org_info = network_info['organizations'][org_name] ca_name = org_info['certificateAuthorities'][0] ca_info = network_info['certificateAuthorities'][ca_name] # if user already exists, pull ID from storage if cred_wallet.exists(user_name): user = cred_wallet.create_user(user_name, org_name, org_info['mspid']) #if user.enrollment_secret != user_password: # # TODO: Check passwords in a *much* more secure way than this # raise ValidationError('Invalid username/password') return user casvc = ca_service(target=ca_info['url']) user_enrollment = casvc.enroll(user_name, user_password, attr_reqs=[{ 'name': 'id', 'optional': True }]) # Store credentials in file kvs wallet; will be stored in ./tmp/hfc-kvs user_identity = wallet.Identity(user_name, user_enrollment) user_identity.CreateIdentity(cred_wallet) return cred_wallet.create_user(user_name, org_name, org_info['mspid'])
def revokeFabricUserAndGenerateCRL(): username = org['users']['user']['name'] port = org['ca']['port'][os.environ.get('ENV', 'external')] ca_certs_path = org['ca']['certfile']['external'] cacli = ca_service(target=f"https://{org['ca']['host']}:{port}", ca_certs_path=ca_certs_path, ca_name=org['ca']['name']) enrolledAdmin = cacli.enroll(org['users']['admin']['name'], org['users']['admin']['pass']) revoked_certs, crl = enrolledAdmin.revoke(username, gencrl=True) return crl
def __init__(self, ca_addr="localhost:7054", ADMIN_ID="admin", ADMIN_SECRET="adminpw"): if cli.CAs(): "client 객체에 CA 서버가 등록되어 있으면 그걸 사용" self._ca_server = cli._CAs else: "CA 서버(컨테이너) 주소로 CA서버 객체 생성" if os.getenv("CA_ADDR"): self._ca_server = ca_service(os.getenv("CA_ADDR")) else: self._ca_server = ca_service(ca_addr) "관리자 계정의 사용자 등록관리 객체를 CA 서버에서 얻어옴" if self._ca_server: self._admin_enroll_x509 = self._ca_server.enroll(ADMIN_ID,ADMIN_SECRET) else: self._admin_enroll_x509 = self._ca_server.enroll("admin","adminpw") "user 체크용 서비스 : 권한 토큰으로 ca 서버와 통신. 반환값이 json 응답 raw객체" self._identity_service = self._ca_server.newIdentityService() "key-value 저장소(./tmp/hfc-kvs)에 user 정보 저장" self._key_value_userinfo = wallet.FileSystemWallet()
def __enter__(self): temp = tempfile.mkstemp() os.write(temp[0], base64.b64decode(self.certificate_authority.pem)) os.close(temp[0]) self.pem_path = temp[1] if self.hsm: self.crypto = PKCS11Crypto(self.hsm['pkcs11library'], self.hsm['label'], self.hsm['pin']) else: self.crypto = ecies() ca_name = self.certificate_authority.ca_name if self.tls: ca_name = self.certificate_authority.tlsca_name self.ca_service = ca_service(self.certificate_authority.api_url, False, ca_name=ca_name, crypto=self.crypto) self.identity_service = self.ca_service.newIdentityService() self.certificate_service = self.ca_service.newCertificateService() return self
def enrollCABootstrapAdmin(org): waitPort(f"{org['ca']['name']} to start", 90, org['ca']['logfile'], org['ca']['host'], org['ca']['port']['internal']) print(f"Enrolling with {org['ca']['name']} as bootstrap identity ...", flush=True) # enroll booststrap admin target = f"https://{org['ca']['host']}:{org['ca']['port']['internal']}" cacli = ca_service(target=target, ca_certs_path=org['ca']['certfile']['internal'], ca_name=org['ca']['name']) bootstrap_admin = cacli.enroll( org['ca']['users']['bootstrap_admin']['name'], org['ca']['users']['bootstrap_admin']['pass']) return bootstrap_admin
def genTLSCert(node, org, cert_file, key_file, ca_file): # Generate our key pkey = rsa.generate_private_key(public_exponent=65537, key_size=2048, backend=default_backend()) name = org['csr']['names'][0] # Generate a CSR csr = x509.CertificateSigningRequestBuilder().subject_name( x509.Name([ # Provide various details about who we are. x509.NameAttribute(NameOID.COUNTRY_NAME, name['C']), x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, name['ST']), x509.NameAttribute(NameOID.LOCALITY_NAME, name['L']), x509.NameAttribute(NameOID.ORGANIZATION_NAME, name['O']), x509.NameAttribute(NameOID.COMMON_NAME, node['host']), ])).add_extension( # Describe what sites we want this certificate for. x509.SubjectAlternativeName([ # Describe what sites we want this certificate for. x509.DNSName(node['host']), ]), critical=False, # Sign the CSR with our private key. ).sign(pkey, hashes.SHA256(), default_backend()) target = f"https://{org['ca']['host']}:{org['ca']['port']['internal']}" cacli = ca_service(target=target, ca_certs_path=org['ca']['certfile']['internal'], ca_name=org['ca']['name']) enrollment = cacli.enroll(node['name'], node['pass'], csr=csr, profile='tls') # cert writeFile(cert_file, enrollment._cert) # private key private_key = pkey.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.NoEncryption()) writeFile(key_file, private_key) # ca writeFile(ca_file, enrollment._caCert)
def enrollWithFiles(user, org, msp_dir, csr=None, profile='', attr_reqs=None, admincerts=False): target = f"https://{org['ca']['host']}:{org['ca']['port']['internal']}" cacli = ca_service(target=target, ca_certs_path=org['ca']['certfile']['internal'], ca_name=org['ca']['name']) enrollment = cacli.enroll(user['name'], user['pass'], csr=csr, profile=profile, attr_reqs=attr_reqs) saveMSP(msp_dir, enrollment, admincerts=admincerts) return enrollment
async def register_user(org_name: str, request: constants.RegisterUserRequest) -> str: """ Registers a user to the Org's Fabric CA Server Args: org_name: Organization's name request: RegisterUserRequest object containing registration information Returns: Pre-generated user secret """ # Create/Open a wallet on a temp path including the org name # Org name must be included, otherwise usernames must be unique # over all orgs wallet_path = os.path.join(os.getcwd(), 'tmp', 'hfc-kvs', org_name) cred_wallet = wallet.FileSystenWallet(path=wallet_path) # [sic] # Setup a HF network client hf_client = Client(net_profile=constants.config_path) hf_client.new_channel(constants.channel_name) # Extract CA info network_info = hf_client.get_net_info() org_info = network_info['organizations'][org_name] ca_name = org_info['certificateAuthorities'][0] ca_info = network_info['certificateAuthorities'][ca_name] # if user already exists, pull ID from storage if cred_wallet.exists(request.user_name): return None casvc = ca_service(target=ca_info['url']) admin_enrollment = casvc.enroll(request.admin_user_name, request.admin_password) secret = admin_enrollment.register(enrollmentID=request.user_name, enrollmentSecret=request.user_password, role=request.role, affiliation=request.affiliation, attrs=[dict(x) for x in request.attrs]) return secret
from substrabac.settings.common import PROJECT_ROOT dir_path = os.path.dirname(os.path.realpath(__file__)) cli = Client(net_profile=os.path.join(dir_path, '../network.json')) admin_owkin = cli.get_user('owkin', 'admin') cli.new_channel('mychannel') loop = asyncio.get_event_loop() from hfc.fabric_ca.caservice import ca_service cacli = ca_service(target="https://rca-owkin:7054", ca_certs_path='/substra/data/orgs/owkin/ca-cert.pem', ca_name='rca-owkin') print('Will try to enroll admin') try: admin = cacli.enroll('admin-owkin', 'admin-owkinpw') except ValueError as e: print(e) except Exception as e: print(e) else: print('Admin enrolled') os.environ['FABRIC_CFG_PATH'] = '/substra/conf/owkin/peer1' os.environ['CORE_PEER_MSPCONFIGPATH'] = '/substra/data/orgs/owkin/user/msp'
def get_submitter(): ca = ca_service() user = User(USER_ID, USER_PASSWD, msp_impl=msp('DEFAULT', ecies()), ca=ca) user.enroll() return user