def main():
"""Top-level logic."""
env_required = ["DANE_ID", "APP_UID", "CRYPTO_PATH"]
for x in env_required:
if not os.getenv(x):
print("Missing environment variable: {}".format(x))
sys.exit(1)
bootstrapper = Bootstrap(os.getenv("DANE_ID"), os.getenv("CRYPTO_PATH"),
os.getenv("APP_UID"))
cert_obj = bootstrapper.get_local_cert_obj()
if not bootstrapper.cert_matches_private_key(cert_obj):
print("Public key in certificate does not match private key!")
tlsa_record = bootstrapper.render_tlsa_record(3)
print("TLSA record for {}: {}".format(os.getenv("DANE_ID"), tlsa_record))
def main():
"""Top-level logic."""
env_required = ["DANE_ID", "APP_UID", "CRYPTO_PATH"]
for x in env_required:
if not os.getenv(x):
print("Missing environment variable: {}".format(x))
sys.exit(1)
bootstrapper = Bootstrap(os.getenv("DANE_ID"), os.getenv("CRYPTO_PATH"),
os.getenv("APP_UID"))
print("Checking DNS identity against local private key...")
if not bootstrapper.public_identity_is_valid():
print(
"Public identity and local private key not aligned. Check TTL and try again."
)
try:
identity = Identity(os.getenv("DANE_ID"))
print("Identity information:\n{}".format(identity.report()))
except TLSAError as err:
print("Error retrieving certificate from DNS: {}".format(err))
def message_decryption_thread(crypto_path, id_name):
"""Get messages from queue of encrypted messages, place in auth queue."""
global ENCRYPTED_MESSAGES
global BAIL
crypto = Bootstrap(id_name, crypto_path, os.getenv("APP_UID"))
while True:
if BAIL:
print("Bailing out of decryption thread.")
break
if not crypto.public_identity_is_valid():
print("Public identity is not valid!")
print("Ensure that your identity is provisioned at {}".format(id_name))
time.sleep(10)
continue
priv = crypto.get_path_for_pki_asset("key")
content = ENCRYPTED_MESSAGES.get()
try:
decrypted = Encryption.decrypt(content, priv)
DECRYPTED_MESSAGES.put(decrypted)
print("Message decrypted")
except ValueError as err:
print("Error in decryption: {}".format(err))
continue
def main():
"""Top-level logic."""
env_required = ["DANE_ID", "APP_UID", "CRYPTO_PATH"]
env_optional = ["STATE", "COUNTRY", "LOCALITY", "ORGANIZATION"]
for x in env_required:
if not os.getenv(x):
print("Missing environment variable: {}".format(x))
sys.exit(1)
kwargs = {x.lower: os.getenv(x) for x in env_optional if os.getenv(x)}
bootstrapper = Bootstrap(os.getenv("DANE_ID"), os.getenv("CRYPTO_PATH"),
int(os.getenv("APP_UID")), **kwargs)
print("Generating private key...")
bootstrapper.generate_private_key()
print("Generating self-signed certificate...")
bootstrapper.generate_selfsigned_certificate()
print("Test key and certificate...")
cert_obj = bootstrapper.get_local_cert_obj()
bootstrapper.cert_matches_private_key(cert_obj)
print("Identity created locally. Now, run generate_tlsa.py.")
return
def main():
"""Top-level logic."""
env_required = ["DANE_ID", "APP_UID", "CRYPTO_PATH"]
for x in env_required:
if not os.getenv(x):
print("Missing environment variable: {}".format(x))
sys.exit(1)
bootstrapper = Bootstrap(os.getenv("DANE_ID"), os.getenv("CRYPTO_PATH"),
os.getenv("APP_UID"))
print("Checking DNS identity against local private key...")
if not bootstrapper.public_identity_is_valid():
print(
"Public identity and local private key not aligned. Check TTL and try again."
)
try:
public_cert = DANE.get_first_leaf_certificate(
bootstrapper.identity_name)
entity_cert = public_cert["certificate_association"].encode()
dns_cert_obj = DANE.build_x509_object(binascii.unhexlify(entity_cert))
asset = dns_cert_obj.public_bytes(serialization.Encoding.PEM)
bootstrapper.write_pki_asset(asset, "cert")
print("Local cert matches DNS cert.")
except TLSAError as err:
print("Error retrieving certificate from DNS: {}".format(err))
def main():
"""Top-level logic."""
env_required = ["IDENTITY_NAME", "APP_UID", "CRYPTO_PATH"]
env_optional = ["STATE", "COUNTRY", "LOCALITY", "ORGANIZATION"]
for x in env_required:
if not os.getenv(x):
print("Missing environment variable: {}".format(x))
sys.exit(1)
kwargs = {x.lower: os.getenv(x) for x in env_optional if os.getenv(x)}
bootstrapper = Bootstrap(os.getenv("IDENTITY_NAME"), os.getenv("CRYPTO_PATH"),
os.getenv("APP_UID"), **kwargs)
print("Generating private key...")
bootstrapper.generate_private_key()
print("Generating CSR...")
bootstrapper.generate_csr()
csr_path = bootstrapper.get_path_for_pki_asset("csr")
cert_path = bootstrapper.get_path_for_pki_asset("cert")
print("CSR created at {}.".format(csr_path))
print("Use the CSR to obtain a certificate, "
"and place the certificate PEM at {}".format(cert_path))
print("Once the certificate is in place, run generate_tlsa.py")
def sign_and_encrypt(source_name, crypto_path, app_uid, message, recipient):
"""Return a signed and encrypted JSON object."""
crypto = Bootstrap(source_name, crypto_path, app_uid)
signed = Authentication.sign(message, crypto.get_path_for_pki_asset("key"),
source_name)
return Encryption.encrypt(signed, recipient)