def _key_generate(self, keys_dir, key_type):
"""Generate certificate.
:param keys_dir: Full Directory path where a given key will be stored.
:type keys_dir: String
:param key_type: Key type to be generated.
:type key_type: String
"""
zmq_auth.create_certificates(keys_dir, key_type)
def generate_keypair(filename):
"""Generate a new key-pair."""
from os.path import abspath, dirname, basename
fpath = abspath(filename)
basedir = dirname(fpath)
from zmq.auth import create_certificates
try:
name = basename(fpath)
(
public_key_file,
secret_key_file,
) = create_certificates(basedir, name)
except OSError as message:
print("error: %s" % message)
from jomiel_kore.app import exit_error
exit_error()
from os import chmod
chmod(public_key_file, 0o644)
chmod(secret_key_file, 0o400)
print("Created:\n %s\n %s" %
(public_key_file, secret_key_file), )
def generate_certificates(base_dir, broker_bool, client_bool, client_file):
"""Generate client and/or broker Curve certificates"""
keys_dir = os.path.join(base_dir, "tmp_certificates")
if broker_bool:
broker_keys_dir = os.path.join(keys_dir, "broker_keys")
if client_bool:
client_keys_dir = os.path.join(keys_dir, "client_keys")
if os.path.exists(keys_dir):
shutil.rmtree(keys_dir)
os.mkdir(keys_dir)
if broker_bool:
os.mkdir(broker_keys_dir)
if client_bool:
os.mkdir(client_keys_dir)
if broker_bool:
(broker_public_file,
broker_secret_file) = auth.create_certificates(broker_keys_dir,
"broker")
if client_bool:
if client_file:
with open(client_file) as f:
clients = [line.rstrip("\n") for line in f]
if clients:
for client_hostname in clients:
(client_public_file,
client_secret_file) = auth.create_certificates(client_keys_dir,
f"client_{client_hostname}")
else:
print(f"No client hostnames found in {client_file}")
sys.exit()
else:
(client_public_file,
client_secret_file) = auth.create_certificates(client_keys_dir,
"client")
def _generate_security_keys():
"""
Checks if the directory for security keys already exists. If not, create
them, generate keys, and organize into public-private directories.
"""
gen_keys = False
if not os.path.exists(KEYSDIR):
os.mkdir(KEYSDIR)
gen_keys = True
if not os.path.exists(PUBKEYS):
os.mkdir(PUBKEYS)
gen_keys = True
if not os.path.exists(PRIVKEYS):
os.mkdir(PRIVKEYS)
gen_keys = True
if gen_keys:
tx_public_file, tx_private_file = auth.create_certificates(
KEYSDIR,
"tx"
)
rx_public_file, rx_private_file = auth.create_certificates(
KEYSDIR,
"rx"
)
# Move keys around to the appropriate directories
for key_file in os.listdir(KEYSDIR):
if key_file.endswith(".key"):
shutil.move(
os.path.join(KEYSDIR, key_file),
os.path.join(PUBKEYS, ".")
)
elif key_file.endswith(".key_secret"):
shutil.move(
os.path.join(KEYSDIR, key_file),
os.path.join(PRIVKEYS, ".")
)
def test_encryption(tmpdir):
# Create the tmp names
conf_filename = str(tmpdir.join("conf.yaml"))
pull_url = tmpdir.join("input.pull.socket")
pull_cert_dir = tmpdir.mkdir("input.pull")
pull_clients_cert_dir = pull_cert_dir.mkdir("clients")
sub_url = tmpdir.join("input.sub.socket")
sub_cert_dir = tmpdir.mkdir("input.sub")
push_url = tmpdir.join("output.push.socket")
inbound = tmpdir.join("inbound")
outbound = tmpdir.join("outbound")
stdout = tmpdir.join("stdout")
stderr = tmpdir.join("stderr")
# Create the certificates
create_certificates(str(pull_cert_dir), "pull")
create_certificates(str(pull_clients_cert_dir), "client1")
create_certificates(str(pull_clients_cert_dir), "client2")
create_certificates(str(sub_cert_dir), "sub")
create_certificates(str(sub_cert_dir), "sub-server")
with open(conf_filename, "w") as f:
f.write("inputs:\n")
f.write("- class: ZMQPull\n")
f.write(" name: in-pull\n")
f.write(" options:\n")
f.write(" url: ipc://%s\n" % pull_url)
f.write(" encryption:\n")
f.write(" self: %s\n" % pull_cert_dir.join("pull.key_secret"))
f.write(" clients: %s\n" % pull_clients_cert_dir)
f.write("- class: ZMQSub\n")
f.write(" name: in-sub\n")
f.write(" options:\n")
f.write(" url: ipc://%s\n" % sub_url)
f.write(" encryption:\n")
f.write(" self: %s\n" % sub_cert_dir.join("sub.key_secret"))
f.write(" server: %s\n" % sub_cert_dir.join("sub-server.key"))
f.write("core:\n")
f.write(" inbound: ipc://%s\n" % inbound)
f.write(" outbound: ipc://%s\n" % outbound)
f.write("outputs:\n")
f.write("- class: ZMQPush\n")
f.write(" name: out-push\n")
f.write(" options:\n")
f.write(" url: ipc://%s\n" % push_url)
args = [
"python3",
"-m",
"reactobus",
"--conf",
conf_filename,
"--level",
"DEBUG",
"--log-file",
"-",
]
proc = subprocess.Popen(args,
stdout=open(str(stdout), "w"),
stderr=open(str(stderr), "w"))
# Create the input sockets
ctx = zmq.Context.instance()
in_sock = ctx.socket(zmq.PUSH)
(server_public, _) = load_certificate(str(pull_cert_dir.join("pull.key")))
in_sock.curve_serverkey = server_public
(client_public, client_private) = load_certificate(
str(pull_clients_cert_dir.join("client1.key_secret")))
in_sock.curve_publickey = client_public
in_sock.curve_secretkey = client_private
in_sock.connect("ipc://%s" % pull_url)
out_sock = ctx.socket(zmq.PULL)
out_sock.bind("ipc://%s" % push_url)
pub_sock = ctx.socket(zmq.PUB)
auth = ThreadAuthenticator(ctx)
auth.start()
auth.configure_curve(domain="*", location=str(sub_cert_dir))
(server_public, server_secret) = load_certificate(
str(sub_cert_dir.join("sub-server.key_secret")))
pub_sock.curve_publickey = server_public
pub_sock.curve_secretkey = server_secret
pub_sock.curve_server = True
pub_sock.bind("ipc://%s" % sub_url)
# Allow the process sometime to setup and connect
time.sleep(1)
# Send some data
data = [
b"org.videolan.git",
b(str(uuid.uuid1())),
b(datetime.datetime.utcnow().isoformat()),
b("videolan-git"),
b(
json.dumps({
"url": "https://code.videolan.org/éêï",
"username": "******"
})),
]
in_sock.send_multipart(data)
msg = out_sock.recv_multipart()
assert msg == data
data = [
b"org.videolan.git",
b(str(uuid.uuid1())),
b(datetime.datetime.utcnow().isoformat()),
b("videolan-git"),
b(
json.dumps({
"url": "https://code.videolan.org/éêï",
"username": "******"
})),
]
pub_sock.send_multipart(data)
msg = out_sock.recv_multipart()
assert msg == data
# End the process
proc.terminate()
proc.wait()
def create_keys(indir):
"""
Generate client and server keys
"""
create_certificates(indir, "client")
create_certificates(indir, "server")