def main(): """Top-level logic.""" env_required = ["DANE_ID", "APP_UID", "CRYPTO_PATH"] for x in env_required: if not os.getenv(x): print("Missing environment variable: {}".format(x)) sys.exit(1) bootstrapper = Bootstrap(os.getenv("DANE_ID"), os.getenv("CRYPTO_PATH"), os.getenv("APP_UID")) cert_obj = bootstrapper.get_local_cert_obj() if not bootstrapper.cert_matches_private_key(cert_obj): print("Public key in certificate does not match private key!") tlsa_record = bootstrapper.render_tlsa_record(3) print("TLSA record for {}: {}".format(os.getenv("DANE_ID"), tlsa_record))
def main(): """Top-level logic.""" env_required = ["DANE_ID", "APP_UID", "CRYPTO_PATH"] for x in env_required: if not os.getenv(x): print("Missing environment variable: {}".format(x)) sys.exit(1) bootstrapper = Bootstrap(os.getenv("DANE_ID"), os.getenv("CRYPTO_PATH"), os.getenv("APP_UID")) print("Checking DNS identity against local private key...") if not bootstrapper.public_identity_is_valid(): print( "Public identity and local private key not aligned. Check TTL and try again." ) try: identity = Identity(os.getenv("DANE_ID")) print("Identity information:\n{}".format(identity.report())) except TLSAError as err: print("Error retrieving certificate from DNS: {}".format(err))
def message_decryption_thread(crypto_path, id_name): """Get messages from queue of encrypted messages, place in auth queue.""" global ENCRYPTED_MESSAGES global BAIL crypto = Bootstrap(id_name, crypto_path, os.getenv("APP_UID")) while True: if BAIL: print("Bailing out of decryption thread.") break if not crypto.public_identity_is_valid(): print("Public identity is not valid!") print("Ensure that your identity is provisioned at {}".format(id_name)) time.sleep(10) continue priv = crypto.get_path_for_pki_asset("key") content = ENCRYPTED_MESSAGES.get() try: decrypted = Encryption.decrypt(content, priv) DECRYPTED_MESSAGES.put(decrypted) print("Message decrypted") except ValueError as err: print("Error in decryption: {}".format(err)) continue
def main(): """Top-level logic.""" env_required = ["DANE_ID", "APP_UID", "CRYPTO_PATH"] env_optional = ["STATE", "COUNTRY", "LOCALITY", "ORGANIZATION"] for x in env_required: if not os.getenv(x): print("Missing environment variable: {}".format(x)) sys.exit(1) kwargs = {x.lower: os.getenv(x) for x in env_optional if os.getenv(x)} bootstrapper = Bootstrap(os.getenv("DANE_ID"), os.getenv("CRYPTO_PATH"), int(os.getenv("APP_UID")), **kwargs) print("Generating private key...") bootstrapper.generate_private_key() print("Generating self-signed certificate...") bootstrapper.generate_selfsigned_certificate() print("Test key and certificate...") cert_obj = bootstrapper.get_local_cert_obj() bootstrapper.cert_matches_private_key(cert_obj) print("Identity created locally. Now, run generate_tlsa.py.") return
def main(): """Top-level logic.""" env_required = ["DANE_ID", "APP_UID", "CRYPTO_PATH"] for x in env_required: if not os.getenv(x): print("Missing environment variable: {}".format(x)) sys.exit(1) bootstrapper = Bootstrap(os.getenv("DANE_ID"), os.getenv("CRYPTO_PATH"), os.getenv("APP_UID")) print("Checking DNS identity against local private key...") if not bootstrapper.public_identity_is_valid(): print( "Public identity and local private key not aligned. Check TTL and try again." ) try: public_cert = DANE.get_first_leaf_certificate( bootstrapper.identity_name) entity_cert = public_cert["certificate_association"].encode() dns_cert_obj = DANE.build_x509_object(binascii.unhexlify(entity_cert)) asset = dns_cert_obj.public_bytes(serialization.Encoding.PEM) bootstrapper.write_pki_asset(asset, "cert") print("Local cert matches DNS cert.") except TLSAError as err: print("Error retrieving certificate from DNS: {}".format(err))
def main(): """Top-level logic.""" env_required = ["IDENTITY_NAME", "APP_UID", "CRYPTO_PATH"] env_optional = ["STATE", "COUNTRY", "LOCALITY", "ORGANIZATION"] for x in env_required: if not os.getenv(x): print("Missing environment variable: {}".format(x)) sys.exit(1) kwargs = {x.lower: os.getenv(x) for x in env_optional if os.getenv(x)} bootstrapper = Bootstrap(os.getenv("IDENTITY_NAME"), os.getenv("CRYPTO_PATH"), os.getenv("APP_UID"), **kwargs) print("Generating private key...") bootstrapper.generate_private_key() print("Generating CSR...") bootstrapper.generate_csr() csr_path = bootstrapper.get_path_for_pki_asset("csr") cert_path = bootstrapper.get_path_for_pki_asset("cert") print("CSR created at {}.".format(csr_path)) print("Use the CSR to obtain a certificate, " "and place the certificate PEM at {}".format(cert_path)) print("Once the certificate is in place, run generate_tlsa.py")
def sign_and_encrypt(source_name, crypto_path, app_uid, message, recipient): """Return a signed and encrypted JSON object.""" crypto = Bootstrap(source_name, crypto_path, app_uid) signed = Authentication.sign(message, crypto.get_path_for_pki_asset("key"), source_name) return Encryption.encrypt(signed, recipient)