async def test_timelord(self, timelord): timelord_api, timelord_server = timelord # timelord should not accept incoming connections pub_crt = timelord_server._private_key_path.parent / "p2p.crt" pub_key = timelord_server._private_key_path.parent / "p2p.key" generate_ca_signed_cert( timelord_server.chia_ca_crt_path.read_bytes(), timelord_server.chia_ca_key_path.read_bytes(), pub_crt, pub_key, ) ssl_context = ssl_context_for_client(timelord_server.chia_ca_crt_path, timelord_server.chia_ca_crt_path, pub_crt, pub_key) connected = await establish_connection(timelord_server, 12312, ssl_context) assert connected is False # Not even signed by private cert priv_crt = timelord_server._private_key_path.parent / "valid.crt" priv_key = timelord_server._private_key_path.parent / "valid.key" generate_ca_signed_cert( timelord_server.ca_private_crt_path.read_bytes(), timelord_server.ca_private_key_path.read_bytes(), priv_crt, priv_key, ) ssl_context = ssl_context_for_client( timelord_server.ca_private_crt_path, timelord_server.ca_private_crt_path, priv_crt, priv_key) connected = await establish_connection(timelord_server, 12312, ssl_context) assert connected is False
async def test_harvester(self, harvester_farmer): harvester, farmer_api = harvester_farmer harvester_server = harvester.server # harvester should not accept incoming connections pub_crt = harvester_server._private_key_path.parent / "p2p.crt" pub_key = harvester_server._private_key_path.parent / "p2p.key" generate_ca_signed_cert( harvester_server.chia_ca_crt_path.read_bytes(), harvester_server.chia_ca_key_path.read_bytes(), pub_crt, pub_key, ) ssl_context = ssl_context_for_client(harvester_server.chia_ca_crt_path, harvester_server.chia_ca_crt_path, pub_crt, pub_key) connected = await establish_connection(harvester_server, 12312, ssl_context) assert connected is False # Not even signed by private cert priv_crt = harvester_server._private_key_path.parent / "valid.crt" priv_key = harvester_server._private_key_path.parent / "valid.key" generate_ca_signed_cert( harvester_server.ca_private_crt_path.read_bytes(), harvester_server.ca_private_key_path.read_bytes(), priv_crt, priv_key, ) ssl_context = ssl_context_for_client( harvester_server.ca_private_crt_path, harvester_server.ca_private_crt_path, priv_crt, priv_key) connected = await establish_connection(harvester_server, 12312, ssl_context) assert connected is False
async def test_wallet(self, wallet_node): full_nodes, wallets = wallet_node wallet_node, wallet_server = wallets[0] # Wallet should not accept incoming connections pub_crt = wallet_server._private_key_path.parent / "p2p.crt" pub_key = wallet_server._private_key_path.parent / "p2p.key" generate_ca_signed_cert(wallet_server.chia_ca_crt_path.read_bytes(), wallet_server.chia_ca_key_path.read_bytes(), pub_crt, pub_key) ssl_context = ssl_context_for_client(wallet_server.chia_ca_crt_path, wallet_server.chia_ca_crt_path, pub_crt, pub_key) connected = await establish_connection(wallet_server, 12312, ssl_context) assert connected is False # Not even signed by private cert priv_crt = wallet_server._private_key_path.parent / "valid.crt" priv_key = wallet_server._private_key_path.parent / "valid.key" generate_ca_signed_cert( wallet_server.ca_private_crt_path.read_bytes(), wallet_server.ca_private_key_path.read_bytes(), priv_crt, priv_key, ) ssl_context = ssl_context_for_client(wallet_server.ca_private_crt_path, wallet_server.ca_private_crt_path, priv_crt, priv_key) connected = await establish_connection(wallet_server, 12312, ssl_context) assert connected is False
async def test_introducer(self, introducer): introducer_api, introducer_server = introducer # Create not authenticated cert pub_crt = introducer_server.chia_ca_key_path.parent / "p2p.crt" pub_key = introducer_server.chia_ca_key_path.parent / "p2p.key" generate_ca_signed_cert( introducer_server.chia_ca_crt_path.read_bytes(), introducer_server.chia_ca_key_path.read_bytes(), pub_crt, pub_key, ) ssl_context = ssl_context_for_client( introducer_server.chia_ca_crt_path, introducer_server.chia_ca_crt_path, pub_crt, pub_key) connected = await establish_connection(introducer_server, 12312, ssl_context) assert connected is True
def generate_ssl_for_nodes(ssl_dir: Path, ca_crt: bytes, ca_key: bytes, private: bool, overwrite=True): if private: names = private_node_names else: names = public_node_names for node_name in names: node_dir = ssl_dir / node_name if not node_dir.exists(): node_dir.mkdir() if private: prefix = "private" else: prefix = "public" key_path = node_dir / f"{prefix}_{node_name}.key" crt_path = node_dir / f"{prefix}_{node_name}.crt" if key_path.exists() and crt_path.exists() and overwrite is False: continue generate_ca_signed_cert(ca_crt, ca_key, crt_path, key_path)
async def test_full_node(self, wallet_node): full_nodes, wallets = wallet_node full_node_api = full_nodes[0] full_node_server = full_node_api.full_node.server # Create not authenticated cert pub_crt = full_node_server._private_key_path.parent / "p2p.crt" pub_key = full_node_server._private_key_path.parent / "p2p.key" generate_ca_signed_cert( full_node_server.chia_ca_crt_path.read_bytes(), full_node_server.chia_ca_key_path.read_bytes(), pub_crt, pub_key, ) ssl_context = ssl_context_for_client(full_node_server.chia_ca_crt_path, full_node_server.chia_ca_crt_path, pub_crt, pub_key) connected = await establish_connection(full_node_server, 12312, ssl_context) assert connected is True
async def add_dummy_connection( server: ChiaServer, dummy_port: int) -> Tuple[asyncio.Queue, bytes32]: timeout = aiohttp.ClientTimeout(total=10) session = aiohttp.ClientSession(timeout=timeout) incoming_queue: asyncio.Queue = asyncio.Queue() dummy_crt_path = server._private_key_path.parent / "dummy.crt" dummy_key_path = server._private_key_path.parent / "dummy.key" generate_ca_signed_cert(server.chia_ca_crt_path.read_bytes(), server.chia_ca_key_path.read_bytes(), dummy_crt_path, dummy_key_path) ssl_context = ssl_context_for_client(server.chia_ca_crt_path, server.chia_ca_key_path, dummy_crt_path, dummy_key_path) pem_cert = x509.load_pem_x509_certificate(dummy_crt_path.read_bytes(), default_backend()) der_cert = x509.load_der_x509_certificate( pem_cert.public_bytes(serialization.Encoding.DER), default_backend()) peer_id = bytes32(der_cert.fingerprint(hashes.SHA256())) url = f"wss://{self_hostname}:{server._port}/ws" ws = await session.ws_connect(url, autoclose=True, autoping=True, ssl=ssl_context) wsc = WSChiaConnection( NodeType.FULL_NODE, ws, server._port, log, True, False, self_hostname, incoming_queue, lambda x: x, peer_id, ) handshake = await wsc.perform_handshake(server._network_id, protocol_version, dummy_port, NodeType.FULL_NODE) assert handshake is True return incoming_queue, peer_id
async def test_farmer(self, harvester_farmer): harvester_api, farmer_api = harvester_farmer farmer_server = farmer_api.farmer.server # Create valid cert (valid meaning signed with private CA) priv_crt = farmer_server._private_key_path.parent / "valid.crt" priv_key = farmer_server._private_key_path.parent / "valid.key" generate_ca_signed_cert( farmer_server.ca_private_crt_path.read_bytes(), farmer_server.ca_private_key_path.read_bytes(), priv_crt, priv_key, ) ssl_context = ssl_context_for_client(farmer_server.ca_private_crt_path, farmer_server.ca_private_crt_path, priv_crt, priv_key) connected = await establish_connection(farmer_server, 12312, ssl_context) assert connected is True # Create not authenticated cert pub_crt = farmer_server._private_key_path.parent / "non_valid.crt" pub_key = farmer_server._private_key_path.parent / "non_valid.key" generate_ca_signed_cert(farmer_server.chia_ca_crt_path.read_bytes(), farmer_server.chia_ca_key_path.read_bytes(), pub_crt, pub_key) ssl_context = ssl_context_for_client(farmer_server.chia_ca_crt_path, farmer_server.chia_ca_crt_path, pub_crt, pub_key) connected = await establish_connection(farmer_server, 12312, ssl_context) assert connected is False ssl_context = ssl_context_for_client(farmer_server.ca_private_crt_path, farmer_server.ca_private_crt_path, pub_crt, pub_key) connected = await establish_connection(farmer_server, 12312, ssl_context) assert connected is False