def rotate_keys(self): """Call this function to rotate the cluster keys. This is worth performing periodically to ensure that the system remains secure - this will also rotate the cluster secret """ if self.is_null(): return if Cluster._is_running_service(): raise PermissionError("Only the client Cluster can rotate keys") passphrase = self.passphrase("set_cluster") from Acquire.Crypto import PrivateKey as _PrivateKey self._oldkeys.append(self._private_key) self._private_key = _PrivateKey() self._public_key = self._private_key.public_key() self._secret = _PrivateKey.random_passphrase() args = {"passphrase": passphrase, "cluster": self.to_data()} self.compute_service().call_function(function="set_cluster", args=args)
def create(service_url=None, service_uid=None, user=None): """Create a new cluster""" if Cluster._is_running_service(): raise PermissionError( "You cannot create a Cluster on a running service") from Acquire.Client import PrivateKey as _PrivateKey from Acquire.ObjectStore import create_uid as _create_uid from Acquire.Client import Wallet as _Wallet wallet = _Wallet() compute_service = wallet.get_service(service_url=service_url, service_uid=service_uid) if not compute_service.is_compute_service(): raise TypeError( "You can only create a cluster that will communicate " "with a valid compute service - not %s" % compute_service) cluster = Cluster() cluster._uid = _create_uid() cluster._private_key = _PrivateKey() cluster._public_key = cluster._private_key.public_key() cluster._compute_service = compute_service cluster._secret = _PrivateKey.random_passphrase() cluster._oldkeys = [] if user is not None: Cluster.set_cluster(cluster=cluster, user=user) return cluster
def _create_wallet_key(self, filename): """Create a new wallet key for the user""" password = _get_wallet_password(confirm_password=True) from Acquire.Client import PrivateKey as _PrivateKey key = _PrivateKey(name="wallet_key") bytes = key.bytes(password) with open(filename, "wb") as FILE: FILE.write(bytes) return key
def request_login(self, login_message=None): """Request to authenticate as this user. This returns a login URL that you must connect to to supply your login credentials If 'login_message' is supplied, then this is passed to the identity service so that it can be displayed when the user accesses the login page. This helps the user validate that they have accessed the correct login page. Note that if the message is None, then a random message will be generated. """ self._check_for_error() from Acquire.Client import LoginError if not self.is_empty(): raise LoginError("You cannot try to log in twice using the same " "User object. Create another object if you want " "to try to log in again.") if self._username is None or len(self._username) == 0: raise LoginError("Please supply a valid username!") # first, create a private key that will be used # to sign all requests and identify this login from Acquire.Client import PrivateKey as _PrivateKey session_key = _PrivateKey(name="user_session_key %s" % self._username) signing_key = _PrivateKey(name="user_session_cert %s" % self._username) args = {"username": self._username, "public_key": session_key.public_key().to_data(), "public_certificate": signing_key.public_key().to_data(), "scope": self._scope, "permissions": self._permissions } # get information from the local machine to help # the user validate that the login details are correct try: hostname = _socket.gethostname() ipaddr = _socket.gethostbyname(hostname) args["hostname"] = hostname args["ipaddr"] = ipaddr except: pass if login_message is None: try: login_message = _get_random_sentence() except: pass if login_message is not None: args["login_message"] = login_message identity_service = self.identity_service() result = identity_service.call_function( function="request_login", args=args) try: login_url = result["login_url"] except: login_url = None if login_url is None: error = "Failed to login. Could not extract the login URL! " \ "Result is %s" % (str(result)) self._set_error_state(error) raise LoginError(error) try: session_uid = result["session_uid"] except: session_uid = None if session_uid is None: error = "Failed to login. Could not extract the login " \ "session UID! Result is %s" % (str(result)) self._set_error_state(error) raise LoginError(error) # now save all of the needed data self._login_url = result["login_url"] self._session_key = session_key self._signing_key = signing_key self._session_uid = session_uid self._status = _LoginStatus.LOGGING_IN self._user_uid = None _output("Login by visiting: %s" % self._login_url) if login_message is not None: _output("(please check that this page displays the message '%s')" % login_message) from Acquire.Identity import LoginSession as _LoginSession return {"login_url": self._login_url, "session_uid": session_uid, "short_uid": _LoginSession.to_short_uid(session_uid)}