def __init__(self, address: str, port: int, use_ssl: bool = False, access_token: str = "", channel_shutdown_timeout: timedelta = timedelta(minutes=2)): if (address is None): raise ValueError("address") if (port is None): raise ValueError("port") host = "{0}:{1}".format(address, port) metadata_transormer = (lambda x: [('authorization', access_token)]) grpc.composite_channel_credentials( grpc.ssl_channel_credentials(), grpc.metadata_call_credentials(metadata_transormer)) if use_ssl: self._channel_func = lambda: grpc.secure_channel( host, grpc.ssl_channel_credentials()) else: self._channel_func = lambda: grpc.insecure_channel(host) self.__channel_shutdown_timeout = channel_shutdown_timeout self.__channel_usable_until = None self.__channel = None
def __init__(self, server, ca, creds=None): with open(ca, 'rb') as f: cert = f.read() ssl_creds = grpc.ssl_channel_credentials(root_certificates=cert) if creds: channel_creds = grpc.composite_channel_credentials( ssl_creds, creds) else: channel_creds = grpc.composite_channel_credentials(ssl_creds) channel = grpc.secure_channel(server, channel_creds) self.stub = epp_pb2_grpc.EPPProxyStub(channel)
def main(args): # read the file containing a session token to authenticate with token = args.token_file.read().strip() # create the header object for the token callCreds = grpc.access_token_call_credentials(token) # if using a self-signed certificate (should be provided as arg) if args.cert_file: # create the channel using the self-signed cert cert = args.cert_file.read() channelCreds = grpc.ssl_channel_credentials(root_certificates=cert) else: # otherwise default to checking against CAs channelCreds = grpc.ssl_channel_credentials() connCreds = grpc.composite_channel_credentials(channelCreds, callCreds) if args.tag_value: tag_value = args.tag_value if args.tag_name: tag_name = args.tag_name # initialize a connection to the server using our connection settings (auth + TLS) with grpc.secure_channel(args.server, connCreds) as channel: tag_stub = services.InterfaceTagConfigServiceStub(channel) req = services.InterfaceTagConfigSetRequest( value=models.InterfaceTagConfig( key=models.TagKey(label=wrappers.StringValue(value=tag_name), value=wrappers.StringValue( value=tag_value)))) tag_stub.Set(req, timeout=RPC_TIMEOUT)
def get_credentials(lnd_dir): tls_certificate = open(lnd_dir + '/tls.cert', 'rb').read() ssl_credentials = grpc.ssl_channel_credentials(tls_certificate) macaroon = codecs.encode(open(lnd_dir + '/data/chain/bitcoin/mainnet/admin.macaroon', 'rb').read(), 'hex') auth_credentials = grpc.metadata_call_credentials(lambda _, callback: callback([('macaroon', macaroon)], None)) combined_credentials = grpc.composite_channel_credentials(ssl_credentials, auth_credentials) return combined_credentials
def run(): # Read exported (PEM formatted) server TLS certificate from disk certificate = open('<< ADD PATH TO EXPORTED SERVER CERTIFICATE >>', 'rb').read() tls_credentials = grpc.ssl_channel_credentials(certificate) # Apply the api key to every request that is made with the client apikey_credentials = grpc.metadata_call_credentials( ApiKeyCallCredentials('<< ADD API KEY >>')) combined_credentials = grpc.composite_channel_credentials( tls_credentials, apikey_credentials) # gRPC channel setup to connect to ibaHD-API endpoint in ibaHD-Server # Increasing the default message size (~4MB) is recommended (c int32 max = 2147483647) with grpc.secure_channel('127.0.0.1:9003', combined_credentials, options=[('grpc.max_receive_message_length', 2147483647)]) as channel: # Instantiate ibaHD-API client on the gRPC channel client = ibaHD_API_pb2_grpc.HdApiServiceStub(channel) # Simple request to retrieve stores response = client.GetHdStores( request=ibaHD_API_pb2.GetHdStoresRequest()) # Clean channel shutdown channel.close() print(response)
def MakeSecureChannel(target): """Creates grpc secure channel. Args: target: str, The server address, for example: bigtableadmin.googleapis.com:443. Returns: grpc.secure channel. """ credentials = cred_store.Load() # ssl_channel_credentials() loads root certificates from # `grpc/_adapter/credentials/roots.pem`. transport_creds = grpc.ssl_channel_credentials() custom_metadata_plugin = _MetadataPlugin(credentials) auth_creds = grpc.metadata_call_credentials( custom_metadata_plugin, name='google_creds') channel_creds = grpc.composite_channel_credentials( transport_creds, auth_creds) channel_args = ( ('grpc.primary_user_agent', http.MakeUserAgentString(properties.VALUES.metrics.command_name.Get())), ) return grpc.secure_channel(target, channel_creds, options=channel_args)
def _conn(host: str = "localhost", rpc_port: int = 50051, conf_address: str = "http://localhost/auth", client_id: str = None, client_secret: str = None, pkey=None, cert=None, ca=None): """ `host` The host to connect to. `rpc_port` The gRPC port for host. `conf_address` The complete address for the auth configuration endpoint. `client_id` Your client id for your OAuth Auth provider. `client_secret` Corresponding client secret. `pkey` Private key for client authentication `cert` Corresponding signed certificate. CN must reflect your hosts FQDN, and must be signed by the servers CA. `ca` CA trust for the server. `secure_conf` Whether the server hosting configuration is secured (https) Returns A gRPC channel """ # TODO: make this more robust so it can handle SSL without client verification if pkey and cert and client_id and client_secret: call_credentials = grpc.metadata_call_credentials(AuthTokenPlugin(host, conf_address, client_id, client_secret)) # Channel credential will be valid for the entire channel channel_credentials = grpc.ssl_channel_credentials(ca, pkey, cert) # Combining channel credentials and call credentials together composite_credentials = grpc.composite_channel_credentials( channel_credentials, call_credentials, ) channel = grpc.secure_channel(f"{host}:{rpc_port}", composite_credentials) else: channel = grpc.insecure_channel(f"{host}:{rpc_port}") return channel
def make_secure_channel(credentials, user_agent, host): """Makes a secure channel for an RPC service. Uses / depends on gRPC. :type credentials: :class:`oauth2client.client.OAuth2Credentials` :param credentials: The OAuth2 Credentials to use for creating access tokens. :type user_agent: str :param user_agent: The user agent to be used with API requests. :type host: str :param host: The host for the service. :rtype: :class:`grpc._channel.Channel` :returns: gRPC secure channel with credentials attached. """ # ssl_channel_credentials() loads root certificates from # `grpc/_adapter/credentials/roots.pem`. transport_creds = grpc.ssl_channel_credentials() custom_metadata_plugin = MetadataPlugin(credentials) auth_creds = grpc.metadata_call_credentials(custom_metadata_plugin, name='google_creds') channel_creds = grpc.composite_channel_credentials(transport_creds, auth_creds) target = '%s:%d' % (host, http_client.HTTPS_PORT) channel_args = (('grpc.primary_user_agent', user_agent), ) return grpc.secure_channel(target, channel_creds, options=channel_args)
def make_secure_stub(credentials, user_agent, stub_class, host): """Makes a secure stub for an RPC service. Uses / depends on gRPC. :type credentials: :class:`oauth2client.client.OAuth2Credentials` :param credentials: The OAuth2 Credentials to use for creating access tokens. :type user_agent: str :param user_agent: (Optional) The user agent to be used with API requests. :type stub_class: type :param stub_class: A gRPC stub type for a given service. :type host: str :param host: The host for the service. :rtype: object, instance of ``stub_class`` :returns: The stub object used to make gRPC requests to a given API. """ # ssl_channel_credentials() loads root certificates from # `grpc/_adapter/credentials/roots.pem`. transport_creds = grpc.ssl_channel_credentials() custom_metadata_plugin = MetadataPlugin(credentials) auth_creds = grpc.metadata_call_credentials(custom_metadata_plugin, name='google_creds') channel_creds = grpc.composite_channel_credentials(transport_creds, auth_creds) target = '%s:%d' % (host, http_client.HTTPS_PORT) channel_args = (('grpc.primary_user_agent', user_agent), ) channel = grpc.secure_channel(target, channel_creds, options=channel_args) return stub_class(channel)
def run(): with open("kyma.pem", "rb") as fp: channel_credential = grpc.ssl_channel_credentials(fp.read()) call_credentials = grpc.metadata_call_credentials(AuthGateway(), name='auth gateway') composite_credentials = grpc.composite_channel_credentials( channel_credential, call_credentials, ) if os.environ.get("_DEV_") == "true": print("-------------- insecure_channel --------------") channel = grpc.insecure_channel('127.0.0.1:50051') else: print("-------------- secure_channel --------------") channel = grpc.secure_channel(os.environ.get( "_GRPC_SERVER_"), composite_credentials) stub = orders_pb2_grpc.OrderStub(channel) print("-------------- RecordOrder--------------") record_orders(stub) print("-------------- GetOrders --------------") get_orders(stub) channel.close()
def main(args): # read the file containing a session token to authenticate with token = args.token_file.read().strip() # create the header object for the token callCreds = grpc.access_token_call_credentials(token) # if using a self-signed certificate (should be provided as arg) if args.cert_file: cert = args.cert_file.read() channelCreds = grpc.ssl_channel_credentials(root_certificates=cert) else: # otherwise default to checking against CAs channelCreds = grpc.ssl_channel_credentials() connCreds = grpc.composite_channel_credentials(channelCreds, callCreds) # create a stream request subscribe = services.EventStreamRequest() # create a filter model event_filter = models.Event() if args.event_type: event_filter.event_type.value = args.event_type if args.severity: # enum with val 0 is always unset event_filter.severity = SEVERITIES.index(args.severity) + 1 subscribe.partial_eq_filter.append(event_filter) # initialize a connection to the server using our connection settings (auth + TLS) with grpc.secure_channel(args.server, connCreds) as channel: event_stub = services.EventServiceStub(channel) for resp in event_stub.Subscribe(subscribe, timeout=RPC_TIMEOUT): print(resp.value) print("\n")
def __init__( self, consul_endpoint=None, work_dir="/tmp/xos_grpc_protos", endpoint="localhost:50055", reconnect_callback=None, cacert=SERVER_CA, username=None, password=None, sessionid=None, ): server_ca = open(cacert, "r").read() if sessionid: call_creds = metadata_call_credentials(SessionIdCallCredentials(sessionid)) else: call_creds = metadata_call_credentials( UsernamePasswordCallCredentials(username, password) ) chan_creds = ssl_channel_credentials(server_ca) chan_creds = composite_channel_credentials(chan_creds, call_creds) super(SecureClient, self).__init__( consul_endpoint, work_dir, endpoint, self.reconnected, chan_creds ) self.reconnect_callback2 = reconnect_callback
def create_channel(config: "Config") -> "Channel": """ Create a :class:`Channel` for the specified configuration. """ u = urlparse(config.url.url) options = [ ("grpc.max_send_message_length", -1), ("grpc.max_receive_message_length", -1), ] if not config.url.use_http_proxy: options.append(("grpc.enable_http_proxy", 0)) if (u.scheme in ("https", "grpcs")) or config.ssl: credentials = ssl_channel_credentials( root_certificates=config.ssl.ca, private_key=config.ssl.cert_key, certificate_chain=config.ssl.cert, ) if config.access.token: credentials = composite_channel_credentials( credentials, metadata_call_credentials(GrpcAuth(config)) ) return secure_channel(u.netloc, credentials, options) else: return insecure_channel(u.netloc, options)
def __init__(self, config): self.displayName = config['name'] with open(config['tls_cert'], 'rb') as tls_cert_file: cert_credentials = grpc.ssl_channel_credentials( tls_cert_file.read()) if config['admin_macaroon']: with open(config['admin_macaroon'], 'rb') as macaroon_file: macaroon = codecs.encode(macaroon_file.read(), 'hex') macaroon_credentials = self.get_macaroon_credentials( macaroon) credentials = grpc.composite_channel_credentials( cert_credentials, macaroon_credentials) else: credentials = cert_credentials channel = grpc.secure_channel(config["rpc_host"], credentials) # Due to updated ECDSA generated tls.cert we need to let gprc know that # we need to use that cipher suite otherwise there will be a handhsake # error when we communicate with the lnd rpc server. os.environ["GRPC_SSL_CIPHER_SUITES"] = 'HIGH+ECDSA' logger.info( f'CONNECTING TO {config["name"]}: {config["rpc_host"]}') self.client = lnrpc.LightningStub(channel) self.identity_pubkey = self.getinfo().identity_pubkey
def _get_stub(self): # pragma: no cover url = "{}:{}".format(self.host, self.port) # Lnd cert is at ~/.lnd/tls.cert on Linux and # ~/Library/Application Support/Lnd/tls.cert on Mac cert = open(os.path.expanduser(self.tls_cert_path), "rb").read() cert_creds = grpc.ssl_channel_credentials(cert) # Lnd admin macaroon is at ~/.lnd/data/chain/bitcoin/simnet/admin.macaroon on Linux and # ~/Library/Application Support/Lnd/data/chain/bitcoin/simnet/admin.macaroon on Mac with open(os.path.expanduser(self.macaroon_path), "rb") as f: macaroon_bytes = f.read() macaroon = codecs.encode(macaroon_bytes, "hex") self.macaroon = codecs.encode(macaroon_bytes, "hex") def metadata_callback(context, callback): # for more info see grpc docs callback([("macaroon", macaroon)], None) # now build meta data credentials auth_creds = grpc.metadata_call_credentials(metadata_callback) # combine the cert credentials and the macaroon auth credentials # such that every call is properly encrypted and authenticated combined_creds = grpc.composite_channel_credentials( cert_creds, auth_creds) # finally pass in the combined credentials when creating a channel channel = grpc.secure_channel(url, combined_creds) return lnd_pb2_grpc.LightningStub(channel)
def get_stub(self): def metadata_callback(context, callback): with open('resources/admin.macaroon', 'rb') as f: macaroon_bytes = f.read() macaroon = codecs.encode(macaroon_bytes, 'hex') callback([('macaroon', macaroon)], None) os.environ["GRPC_SSL_CIPHER_SUITES"] = "HIGH+ECDSA" cert = open('resources/tls.cert').read() # build ssl credentials using the cert the same as before cert_creds = grpc.ssl_channel_credentials(cert) # now build meta data credentials auth_creds = grpc.metadata_call_credentials(metadata_callback) # combine the cert credentials and the macaroon auth credentials # such that every call is properly encrypted and authenticated combined_creds = grpc.composite_channel_credentials( cert_creds, auth_creds) # finally pass in the combined credentials when creating a channel channel = grpc.secure_channel('projects.koshikraj.com:10009', combined_creds) stub = lnrpc.LightningStub(channel) return stub
def get_homegraph(self): """Returns the entire Google Home Foyer V2 service""" if self.homegraph is None or self._has_expired(self.homegraph_date, HOMEGRAPH_DURATION): LOGGER.debug( "There is no stored homegraph, or it has expired, getting a new one..." ) log_prefix = "[GRPC]" access_token = self.get_access_token() if not access_token: LOGGER.debug("%s Unable to obtain access token.", log_prefix) return None try: LOGGER.debug("%s Creating SSL channel credentials...", log_prefix) scc = grpc.ssl_channel_credentials(root_certificates=None) LOGGER.debug("%s Creating access token call credentials...", log_prefix) tok = grpc.access_token_call_credentials(access_token) LOGGER.debug("%s Compositing channel credentials...", log_prefix) channel_credentials = grpc.composite_channel_credentials( scc, tok) LOGGER.debug( "%s Establishing secure channel with " "the Google Home Foyer API...", log_prefix, ) with grpc.secure_channel(GOOGLE_HOME_FOYER_API, channel_credentials) as channel: LOGGER.debug( "%s Getting channels StructuresServiceStub...", log_prefix) rpc_service = v1_pb2_grpc.StructuresServiceStub(channel) LOGGER.debug("%s Getting HomeGraph request...", log_prefix) request = v1_pb2.GetHomeGraphRequest(string1="", num2="") LOGGER.debug("%s Fetching HomeGraph...", log_prefix) response = rpc_service.GetHomeGraph(request) LOGGER.debug("%s Storing obtained HomeGraph...", log_prefix) self.homegraph = response self.homegraph_date = datetime.now() except grpc.RpcError as rpc_error: LOGGER.debug("%s Got an RpcError", log_prefix) if (rpc_error.code().name # pylint: disable=no-member == "UNAUTHENTICATED"): LOGGER.warning( "%s The access token has expired. Getting a new one.", log_prefix, ) self.invalidate_access_token() return self.get_homegraph() LOGGER.error( "%s Received unknown RPC error: code=%s message=%s", log_prefix, rpc_error.code(), # pylint: disable=no-member rpc_error.details(), # pylint: disable=no-member ) return self.homegraph
def main(): assert TOKEN != '', 'You need to set TOKEN. To obtain your token visit https://cryptomood.com/business/products/sentiment-analysis-api/.' # Create credentials for use with an secured channel credentials = grpc.ssl_channel_credentials(open(PATH_TO_CERT_FILE, 'rb').read()) call_credentials = grpc.access_token_call_credentials(TOKEN) credentials = grpc.composite_channel_credentials(credentials, call_credentials) channel = grpc.secure_channel(SERVER_ADDRESS, credentials) # create stub stub = types_pb2_grpc.SentimentsStub(channel) # create timeframe now = time.time() seconds = int(now) to_time = timestamp_pb2.Timestamp(seconds=seconds - int(86400 / 6)) from_time = timestamp_pb2.Timestamp(seconds=to_time.seconds - int(2 * 86400)) # last two days # in our case we have to use kwarg because `from` is # is recognized as python keyword so there would syntax be error # if you want get value you have to use getattr()} sentiment_historic_request_kwargs = { 'from': from_time, 'to': to_time, 'resolution': 'D1', 'asset': 'BTC' } req = types_pb2.SentimentHistoricRequest(**sentiment_historic_request_kwargs) candle_stream = stub.HistoricSocialSentiment(req) for candle in candle_stream: print(candle.id, candle.a)
def __init__( self, consul_endpoint=None, work_dir="/tmp/xos_grpc_protos", endpoint="localhost:50055", reconnect_callback=None, cacert=SERVER_CA, username=None, password=None, sessionid=None, ): server_ca = open(cacert, "r").read() if sessionid: call_creds = metadata_call_credentials( SessionIdCallCredentials(sessionid)) else: call_creds = metadata_call_credentials( UsernamePasswordCallCredentials(username, password)) chan_creds = ssl_channel_credentials(server_ca) chan_creds = composite_channel_credentials(chan_creds, call_creds) super(SecureClient, self).__init__(consul_endpoint, work_dir, endpoint, self.reconnected, chan_creds) self.reconnect_callback2 = reconnect_callback
def _local_composite_credentials(self): """ Creates the credentials for the local emulator channel :return: grpc.ChannelCredentials """ credentials = google.auth.credentials.with_scopes_if_required( self._credentials, None ) request = google.auth.transport.requests.Request() # Create the metadata plugin for inserting the authorization header. metadata_plugin = google.auth.transport.grpc.AuthMetadataPlugin( credentials, request ) # Create a set of grpc.CallCredentials using the metadata plugin. google_auth_credentials = grpc.metadata_call_credentials(metadata_plugin) # Using the local_credentials to allow connection to emulator local_credentials = grpc.local_channel_credentials() # Combine the local credentials and the authorization credentials. return grpc.composite_channel_credentials( local_credentials, google_auth_credentials )
def _run(flags): """Runs the main uploader program given parsed flags. Args: flags: An `argparse.Namespace`. """ logging.set_stderrthreshold(logging.WARNING) intent = _get_intent(flags) store = auth.CredentialsStore() if isinstance(intent, _AuthRevokeIntent): store.clear() sys.stderr.write("Logged out of uploader.\n") sys.stderr.flush() return # TODO(b/141723268): maybe reconfirm Google Account prior to reuse. credentials = store.read_credentials() if not credentials: _prompt_for_user_ack(intent) client_config = json.loads(auth.OAUTH_CLIENT_CONFIG) flow = auth.build_installed_app_flow(client_config) credentials = flow.run(force_console=flags.auth_force_console) sys.stderr.write("\n") # Extra newline after auth flow messages. store.write_credentials(credentials) channel_options = None if flags.grpc_creds_type == "local": channel_creds = grpc.local_channel_credentials() elif flags.grpc_creds_type == "ssl": channel_creds = grpc.ssl_channel_credentials() elif flags.grpc_creds_type == "ssl_dev": channel_creds = grpc.ssl_channel_credentials(dev_creds.DEV_SSL_CERT) channel_options = [("grpc.ssl_target_name_override", "localhost")] else: msg = "Invalid --grpc_creds_type %s" % flags.grpc_creds_type raise base_plugin.FlagsError(msg) try: server_info = _get_server_info(flags) except server_info_lib.CommunicationError as e: _die(str(e)) _handle_server_info(server_info) if not server_info.api_server.endpoint: logging.error("Server info response: %s", server_info) _die("Internal error: frontend did not specify an API server") composite_channel_creds = grpc.composite_channel_credentials( channel_creds, auth.id_token_call_credentials(credentials) ) # TODO(@nfelt): In the `_UploadIntent` case, consider waiting until # logdir exists to open channel. channel = grpc.secure_channel( server_info.api_server.endpoint, composite_channel_creds, options=channel_options, ) with channel: intent.execute(server_info, channel)
def channel(self, endpoint): if not self._channels: self._unauthenticated_channel = grpc.secure_channel( self._endpoint, self._channel_creds, options=self.channel_options()) endpoint_service = ApiEndpointServiceStub( self._unauthenticated_channel) resp = endpoint_service.List(ListApiEndpointsRequest()) endpoints = resp.endpoints plugin = _auth_plugin.Credentials(self._token_requester, lambda: self._channels["iam"]) call_creds = grpc.metadata_call_credentials(plugin) creds = grpc.composite_channel_credentials(self._channel_creds, call_creds) self._channels = { ep.id: grpc.secure_channel(ep.address, creds, options=self.channel_options()) for ep in endpoints } if endpoint not in self._channels: raise RuntimeError("Unknown endpoint: {}".format(endpoint)) return self._channels[endpoint]
def real_jail_session(token): """ Create a Jail service for testing, using TCP sockets, uses the token for auth """ auth_interceptor = Auth().get_auth_interceptor(allow_jailed=True) with futures.ThreadPoolExecutor(1) as executor: server = grpc.server(executor, interceptors=[auth_interceptor]) port = server.add_secure_port("localhost:0", grpc.local_server_credentials()) servicer = Jail() jail_pb2_grpc.add_JailServicer_to_server(servicer, server) server.start() call_creds = grpc.metadata_call_credentials( CookieMetadataPlugin(token)) comp_creds = grpc.composite_channel_credentials( grpc.local_channel_credentials(), call_creds) try: with grpc.secure_channel(f"localhost:{port}", comp_creds) as channel: yield jail_pb2_grpc.JailStub(channel) finally: server.stop(None).wait()
def get_ln_stub(): def metadata_callback(context, callback): # for more info see grpc docs callback([('macaroon', macaroon)], None) os.environ["GRPC_SSL_CIPHER_SUITES"] = 'HIGH+ECDSA' # Lnd admin macaroon is at ~/.lnd/data/chain/bitcoin/simnet/admin.macaroon on Linux and # ~/Library/Application Support/Lnd/data/chain/bitcoin/simnet/admin.macaroon on Mac with open(os.path.expanduser(settings.MACAROON_PATH), 'rb') as f: macaroon_bytes = f.read() macaroon = codecs.encode(macaroon_bytes, 'hex') cert = open(settings.CERT_PATH, 'rb').read() creds = grpc.ssl_channel_credentials(cert) # now build meta data credentials auth_creds = grpc.metadata_call_credentials(metadata_callback) # combine the cert credentials and the macaroon auth credentials # such that every call is properly encrypted and authenticated combined_creds = grpc.composite_channel_credentials(creds, auth_creds) # channel = grpc.secure_channel(settings.LND_RPCHOST, creds) channel = grpc.secure_channel(settings.LND_RPCHOST, combined_creds) # stub.GetInfo(ln.GetInfoRequest(), metadata=[('macaroon', macaroon)]) stub = lnrpc.LightningStub(channel) return stub
def main(): assert TOKEN != '', 'You need to set TOKEN. To obtain your token visit https://cryptomood.com/business/products/sentiment-analysis-api/.' # Create credentials for use with an secured channel credentials = grpc.ssl_channel_credentials(open(PATH_TO_CERT_FILE, 'rb').read()) call_credentials = grpc.access_token_call_credentials(TOKEN) credentials = grpc.composite_channel_credentials(credentials, call_credentials) channel = grpc.secure_channel(SERVER_ADDRESS, credentials) # create stub stub = types_pb2_grpc.HistoricDataStub(channel) # create timeframe now = time.time() seconds = int(now) to_time = timestamp_pb2.Timestamp(seconds=seconds) from_time = timestamp_pb2.Timestamp(seconds=to_time.seconds - int(86400 / 4)) # last 6 hours # in our case we have to use kwarg because `from` is # is recognized as python keyword so there would syntax be error # if you want get value you have to use getattr() historic_request_kwargs = { 'from': from_time, 'to': to_time, 'filter': types_pb2.AssetsFilter(assets=['BTC', 'ETH'], all_assets=False)} req = types_pb2.HistoricRequest(**historic_request_kwargs) article_stream = stub.HistoricArticles(req) for article in article_stream: print(article.base.id, article.base.title)
def connect(): # Due to updated ECDSA generated tls.cert we need to let gprc know that # we need to use that cipher suite otherwise there will be a handshake # error when we communicate with the lnd rpc server. os.environ["GRPC_SSL_CIPHER_SUITES"] = 'HIGH+ECDSA' with open('/home/lnd/.lnd/tls.cert', 'rb') as f: cert = f.read() with open('/home/lnd/.lnd/data/chain/smartcash/mainnet/invoice.macaroon', 'rb') as f: macaroon_bytes = f.read() macaroon = codecs.encode(macaroon_bytes, 'hex') def metadata_callback(_context, callback): # for more info see grpc docs callback([('macaroon', macaroon)], None) # build ssl credentials using the cert the same as before cert_creds = grpc.ssl_channel_credentials(cert) # now build meta data credentials auth_creds = grpc.metadata_call_credentials(metadata_callback) # combine the cert credentials and the macaroon auth credentials # such that every call is properly encrypted and authenticated combined_creds = grpc.composite_channel_credentials(cert_creds, auth_creds) # finally pass in the combined credentials when creating a channel channel = grpc.secure_channel('localhost:10009', combined_creds) stub = lnrpc.LightningStub(channel) return stub
def main(): # Due to updated ECDSA generated tls.cert we need to let gprc know that # we need to use that cipher suite otherwise there will be a handshake # error when we communicate with the lnd rpc server. os.environ["GRPC_SSL_CIPHER_SUITES"] = 'HIGH+ECDSA' with open('/home/lnd/.lnd/tls.cert', 'rb') as f: cert = f.read() with open('/home/lnd/.lnd/data/chain/smartcash/mainnet/invoice.macaroon', 'rb') as f: macaroon_bytes = f.read() macaroon = codecs.encode(macaroon_bytes, 'hex') def metadata_callback(context, callback): # for more info see grpc docs callback([('macaroon', macaroon)], None) # build ssl credentials using the cert the same as before cert_creds = grpc.ssl_channel_credentials(cert) # now build meta data credentials auth_creds = grpc.metadata_call_credentials(metadata_callback) # combine the cert credentials and the macaroon auth credentials # such that every call is properly encrypted and authenticated combined_creds = grpc.composite_channel_credentials(cert_creds, auth_creds) # finally pass in the combined credentials when creating a channel channel = grpc.secure_channel('localhost:10009', combined_creds) stub = lnrpc.LightningStub(channel) invoice = stub.AddInvoice(ln.Invoice(memo="Donation for Mempool")) print("Content-Type: application/json; charset=UTF-8") print("") print('{"r_hash":"%s","payment_request":"%s","add_index":%d}' % (binascii.hexlify(invoice.r_hash),invoice.payment_request,invoice.add_index))
def __init__( self, hostname, port=50051, cacert=SERVER_CA, username=None, password=None, sessionid=None, ): super(SecureClient, self).__init__(hostname, port) server_ca = open(cacert, "r").read() if sessionid: call_creds = metadata_call_credentials(SessionIdCallCredentials(sessionid)) else: call_creds = metadata_call_credentials( UsernamePasswordCallCredentials(username, password) ) chan_creds = ssl_channel_credentials(server_ca) chan_creds = composite_channel_credentials(chan_creds, call_creds) self.channel = grpc.secure_channel( "%s:%d" % (self.hostname, self.port), chan_creds ) self.stub = xos_pb2_grpc.xosStub(self.channel) self.modeldefs = modeldefs_pb2_grpc.modeldefsStub(self.channel) self.utility = utility_pb2_grpc.utilityStub(self.channel) self.xos_orm = orm.ORMStub(self.stub, "xos")
def create_channel(config: "Config") -> "Channel": """ Create a :class:`Channel` for the specified configuration. """ u = urlparse(config.url.url) options = [ ("grpc.max_send_message_length", -1), ("grpc.max_receive_message_length", -1), ] if not config.url.use_http_proxy: options.append(("grpc.enable_http_proxy", 0)) if (u.scheme in ("https", "grpcs")) or config.ssl: credentials = ssl_channel_credentials( root_certificates=config.ssl.ca, private_key=config.ssl.cert_key, certificate_chain=config.ssl.cert, ) if config.access.token: # The grpc Credential objects do not actually define a formal interface, and are # used interchangeably in the code. # # Additionally there are some incorrect rules in the grpc-stubs typing rules that force # us to work around the type system. credentials = cast( ChannelCredentials, composite_channel_credentials( credentials, metadata_call_credentials(GrpcAuth(config))), ) return secure_channel(u.netloc, credentials, options) else: return insecure_channel(u.netloc, options)
def main(args): # read the file containing a session token to authenticate with token = args.token_file.read().strip() # create the header object for the token callCreds = grpc.access_token_call_credentials(token) # if using a self-signed certificate (should be provided as arg) if args.cert_file: # create the channel using the self-signed cert cert = args.cert_file.read() channelCreds = grpc.ssl_channel_credentials(root_certificates=cert) else: # otherwise default to checking against CAs channelCreds = grpc.ssl_channel_credentials() # create channel settings (auth + TLS) connCreds = grpc.composite_channel_credentials(channelCreds, callCreds) # initialize a connection to the server using our connection settings (auth + TLS) with grpc.secure_channel(args.server, connCreds) as channel: # create the Python stub for the inventory API # this is essentially the client, but Python gRPC refers to them as "stubs" # because they call into the gRPC C API stub = services.DeviceServiceStub(channel) if args.hostname: get_device_with_filter(stub, args.serial, args.hostname) else: get_device_by_serial(stub, args.serial)
def make_secure_stub(credentials, user_agent, stub_class, host): """Makes a secure stub for an RPC service. Uses / depends on gRPC. :type credentials: :class:`oauth2client.client.OAuth2Credentials` :param credentials: The OAuth2 Credentials to use for creating access tokens. :type user_agent: str :param user_agent: (Optional) The user agent to be used with API requests. :type stub_class: type :param stub_class: A gRPC stub type for a given service. :type host: str :param host: The host for the service. :rtype: object, instance of ``stub_class`` :returns: The stub object used to make gRPC requests to a given API. """ # ssl_channel_credentials() loads root certificates from # `grpc/_adapter/credentials/roots.pem`. transport_creds = grpc.ssl_channel_credentials() custom_metadata_plugin = MetadataPlugin(credentials, user_agent) auth_creds = grpc.metadata_call_credentials( custom_metadata_plugin, name='google_creds') channel_creds = grpc.composite_channel_credentials( transport_creds, auth_creds) target = '%s:%d' % (host, http_client.HTTPS_PORT) channel = grpc.secure_channel(target, channel_creds) return stub_class(channel)
def __init__(self, hostname, port=50051, cacert=SERVER_CA, username=None, password=None, sessionid=None): super(SecureClient, self).__init__(hostname, port) server_ca = open(cacert, "r").read() if (sessionid): call_creds = metadata_call_credentials( SessionIdCallCredentials(sessionid)) else: call_creds = metadata_call_credentials( UsernamePasswordCallCredentials(username, password)) chan_creds = ssl_channel_credentials(server_ca) chan_creds = composite_channel_credentials(chan_creds, call_creds) self.channel = grpc.secure_channel( "%s:%d" % (self.hostname, self.port), chan_creds) self.stub = xos_pb2_grpc.xosStub(self.channel) self.modeldefs = modeldefs_pb2_grpc.modeldefsStub(self.channel) self.utility = utility_pb2_grpc.utilityStub(self.channel) self.xos_orm = orm.ORMStub(self.stub, "xos")
def __init__(self, logdir, name=None, description=None, origin="", api_endpoint=""): self.logdir = logdir self.name = name self.description = description self.origin = name self.api_endpoint = description self.args = Namespace(logdir=self.logdir, name=self.name, description=self.description, origin=self.origin, api_endpoint=self.api_endpoint) store = auth.CredentialsStore() credentials = store.read_credentials() composite_channel_creds = grpc.composite_channel_credentials( grpc.ssl_channel_credentials(), auth.id_token_call_credentials(credentials)) self.server_info = _get_server_info(self.args) self.channel = grpc.secure_channel( self.server_info.api_server.endpoint, composite_channel_creds, options=None)
def test_channel_credentials_composition(self): first_call_credentials = grpc.access_token_call_credentials('abc') second_call_credentials = grpc.access_token_call_credentials('def') third_call_credentials = grpc.access_token_call_credentials('ghi') channel_credentials = grpc.ssl_channel_credentials() channel_and_first = grpc.composite_channel_credentials( channel_credentials, first_call_credentials) channel_first_and_second = grpc.composite_channel_credentials( channel_credentials, first_call_credentials, second_call_credentials) channel_first_second_and_third = grpc.composite_channel_credentials( channel_credentials, first_call_credentials, second_call_credentials, third_call_credentials) self.assertIsInstance(channel_and_first, grpc.ChannelCredentials) self.assertIsInstance(channel_first_and_second, grpc.ChannelCredentials) self.assertIsInstance( channel_first_second_and_third, grpc.ChannelCredentials)
def secure_authorized_channel( credentials, request, target, ssl_credentials=None, **kwargs): """Creates a secure authorized gRPC channel. This creates a channel with SSL and :class:`AuthMetadataPlugin`. This channel can be used to create a stub that can make authorized requests. Example:: import google.auth import google.auth.transport.grpc import google.auth.transport.requests from google.cloud.speech.v1 import cloud_speech_pb2 # Get credentials. credentials, _ = google.auth.default() # Get an HTTP request function to refresh credentials. request = google.auth.transport.requests.Request() # Create a channel. channel = google.auth.transport.grpc.secure_authorized_channel( credentials, 'speech.googleapis.com:443', request) # Use the channel to create a stub. cloud_speech.create_Speech_stub(channel) Args: credentials (google.auth.credentials.Credentials): The credentials to add to requests. request (google.auth.transport.Request): A HTTP transport request object used to refresh credentials as needed. Even though gRPC is a separate transport, there's no way to refresh the credentials without using a standard http transport. target (str): The host and port of the service. ssl_credentials (grpc.ChannelCredentials): Optional SSL channel credentials. This can be used to specify different certificates. kwargs: Additional arguments to pass to :func:`grpc.secure_channel`. Returns: grpc.Channel: The created gRPC channel. """ # Create the metadata plugin for inserting the authorization header. metadata_plugin = AuthMetadataPlugin(credentials, request) # Create a set of grpc.CallCredentials using the metadata plugin. google_auth_credentials = grpc.metadata_call_credentials(metadata_plugin) if ssl_credentials is None: ssl_credentials = grpc.ssl_channel_credentials() # Combine the ssl credentials and the authorization credentials. composite_credentials = grpc.composite_channel_credentials( ssl_credentials, google_auth_credentials) return grpc.secure_channel(target, composite_credentials, **kwargs)
def secure_authorized_channel( credentials, target, ssl_credentials=None): """Creates a secure authorized gRPC channel.""" if ssl_credentials is None: ssl_credentials = grpc.ssl_channel_credentials() metadata_plugin = AuthMetadataPlugin(credentials) call_credentials = grpc.metadata_call_credentials(metadata_plugin) channel_creds = grpc.composite_channel_credentials( ssl_credentials, call_credentials) return grpc.secure_channel(target, channel_creds)
def create_channel( target, credentials=None, scopes=None, ssl_credentials=None, **kwargs ): """Create a secure channel with credentials. Args: target (str): The target service address in the format 'hostname:port'. credentials (google.auth.credentials.Credentials): The credentials. If not specified, then this function will attempt to ascertain the credentials from the environment using :func:`google.auth.default`. scopes (Sequence[str]): A optional list of scopes needed for this service. These are only used when credentials are not specified and are passed to :func:`google.auth.default`. ssl_credentials (grpc.ChannelCredentials): Optional SSL channel credentials. This can be used to specify different certificates. kwargs: Additional key-word args passed to :func:`grpc_gcp.secure_channel` or :func:`grpc.secure_channel`. Returns: grpc.Channel: The created channel. """ if credentials is None: credentials, _ = google.auth.default(scopes=scopes) else: credentials = google.auth.credentials.with_scopes_if_required( credentials, scopes ) request = google.auth.transport.requests.Request() # Create the metadata plugin for inserting the authorization header. metadata_plugin = google.auth.transport.grpc.AuthMetadataPlugin( credentials, request ) # Create a set of grpc.CallCredentials using the metadata plugin. google_auth_credentials = grpc.metadata_call_credentials(metadata_plugin) if ssl_credentials is None: ssl_credentials = grpc.ssl_channel_credentials() # Combine the ssl credentials and the authorization credentials. composite_credentials = grpc.composite_channel_credentials( ssl_credentials, google_auth_credentials ) if HAS_GRPC_GCP: # If grpc_gcp module is available use grpc_gcp.secure_channel, # otherwise, use grpc.secure_channel to create grpc channel. return grpc_gcp.secure_channel(target, composite_credentials, **kwargs) else: return grpc.secure_channel(target, composite_credentials, **kwargs)
def _stub(args): target = '{}:{}'.format(args.server_host, args.server_port) if args.test_case == 'oauth2_auth_token': google_credentials, unused_project_id = google_auth.default( scopes=[args.oauth_scope]) google_credentials.refresh(google_auth.transport.requests.Request()) call_credentials = grpc.access_token_call_credentials( google_credentials.token) elif args.test_case == 'compute_engine_creds': google_credentials, unused_project_id = google_auth.default( scopes=[args.oauth_scope]) call_credentials = grpc.metadata_call_credentials( google_auth.transport.grpc.AuthMetadataPlugin( credentials=google_credentials, request=google_auth.transport.requests.Request())) elif args.test_case == 'jwt_token_creds': google_credentials = google_auth_jwt.OnDemandCredentials.from_service_account_file( os.environ[google_auth.environment_vars.CREDENTIALS]) call_credentials = grpc.metadata_call_credentials( google_auth.transport.grpc.AuthMetadataPlugin( credentials=google_credentials, request=None)) else: call_credentials = None if args.use_tls: if args.use_test_ca: root_certificates = resources.test_root_certificates() else: root_certificates = None # will load default roots. channel_credentials = grpc.ssl_channel_credentials(root_certificates) if call_credentials is not None: channel_credentials = grpc.composite_channel_credentials( channel_credentials, call_credentials) channel_opts = None if args.server_host_override: channel_opts = (( 'grpc.ssl_target_name_override', args.server_host_override, ),) channel = grpc.secure_channel(target, channel_credentials, channel_opts) else: channel = grpc.insecure_channel(target) if args.test_case == "unimplemented_service": return test_pb2_grpc.UnimplementedServiceStub(channel) else: return test_pb2_grpc.TestServiceStub(channel)
def _stub(args): target = '{}:{}'.format(args.server_host, args.server_port) if args.test_case == 'oauth2_auth_token': google_credentials = _application_default_credentials() scoped_credentials = google_credentials.create_scoped( [args.oauth_scope]) access_token = scoped_credentials.get_access_token().access_token call_credentials = grpc.access_token_call_credentials(access_token) elif args.test_case == 'compute_engine_creds': google_credentials = _application_default_credentials() scoped_credentials = google_credentials.create_scoped( [args.oauth_scope]) # TODO(https://github.com/grpc/grpc/issues/6799): Eliminate this last # remaining use of the Beta API. call_credentials = implementations.google_call_credentials( scoped_credentials) elif args.test_case == 'jwt_token_creds': google_credentials = _application_default_credentials() # TODO(https://github.com/grpc/grpc/issues/6799): Eliminate this last # remaining use of the Beta API. call_credentials = implementations.google_call_credentials( google_credentials) else: call_credentials = None if args.use_tls: if args.use_test_ca: root_certificates = resources.test_root_certificates() else: root_certificates = None # will load default roots. channel_credentials = grpc.ssl_channel_credentials(root_certificates) if call_credentials is not None: channel_credentials = grpc.composite_channel_credentials( channel_credentials, call_credentials) channel = grpc.secure_channel(target, channel_credentials, (( 'grpc.ssl_target_name_override', args.server_host_override,),)) else: channel = grpc.insecure_channel(target) if args.test_case == "unimplemented_service": return test_pb2.UnimplementedServiceStub(channel) else: return test_pb2.TestServiceStub(channel)
def __init__(self, rpc_uri: str, peer_uri: str): self.peer_uri = peer_uri if LND_AUTH_DATA_PATH != 'default': path = LND_AUTH_DATA_PATH elif platform == "linux" or platform == "linux2": path = '~/.lnd/' elif platform == "darwin": path = '~/Library/Application Support/Lnd/' else: raise Exception(f"What's the {platform} path for the lnd tls cert?") self.main_lnd_path = os.path.expanduser(path) lnd_tls_cert_path = os.path.join(self.main_lnd_path, 'tls.cert') self.lnd_tls_cert = open(lnd_tls_cert_path, 'rb').read() cert_credentials = grpc.ssl_channel_credentials(self.lnd_tls_cert) admin_macaroon_path = os.path.join(self.main_lnd_path, 'admin.macaroon') with open(admin_macaroon_path, 'rb') as f: macaroon_bytes = f.read() self.macaroon = codecs.encode(macaroon_bytes, 'hex') def metadata_callback(context: _AuthMetadataPluginCallback, callback: _AuthMetadataContext): callback([('macaroon', self.macaroon)], None) auth_credentials = grpc.metadata_call_credentials(metadata_callback) self.credentials = grpc.composite_channel_credentials(cert_credentials, auth_credentials) self.grpc_channel = grpc.secure_channel(rpc_uri, self.credentials ) self.lnd_client = lnrpc.LightningStub(self.grpc_channel)