def write_certs_trc_keys(isd_as, instance_path): """ Writes the certificate and the keys for the given service instance of the given AS. :param ISD_AS isd_as: ISD the AS belongs to. :param str instance_path: Location (in the file system) to write the configuration into. """ try: as_obj = AD.objects.get(isd_id=isd_as[0], as_id=isd_as[1]) except AD.DoesNotExist: logger.error("AS %s-%s was not found." % (isd_as[0], isd_as[1])) return # write keys sig_path = get_sig_key_file_path(instance_path) enc_path = get_enc_key_file_path(instance_path) write_file(sig_path, as_obj.sig_priv_key) write_file(enc_path, as_obj.enc_priv_key) # write cert cert_chain_path = get_cert_chain_file_path( instance_path, isd_as, INITIAL_CERT_VERSION) write_file(cert_chain_path, as_obj.certificate) # write trc trc_path = get_trc_file_path(instance_path, isd_as[0], INITIAL_TRC_VERSION) write_file(trc_path, as_obj.trc)
def _gen_as_keys(self, topo_id, as_conf): sig_pub, sig_priv = generate_sign_keypair() enc_pub, enc_priv = generate_enc_keypair() self.sig_priv_keys[topo_id] = sig_priv self.sig_pub_keys[topo_id] = sig_pub self.enc_pub_keys[topo_id] = enc_pub self.enc_priv_keys[topo_id] = enc_priv sig_path = get_sig_key_file_path("") enc_path = get_enc_key_file_path("") self.cert_files[topo_id][sig_path] = base64.b64encode(sig_priv).decode() self.cert_files[topo_id][enc_path] = base64.b64encode(enc_priv).decode() if self.is_core(as_conf): # generate_sign_key_pair uses Ed25519 on_root_pub, on_root_priv = generate_sign_keypair() off_root_pub, off_root_priv = generate_sign_keypair() core_sig_pub, core_sig_priv = generate_sign_keypair() self.pub_online_root_keys[topo_id] = on_root_pub self.priv_online_root_keys[topo_id] = on_root_priv self.pub_offline_root_keys[topo_id] = off_root_pub self.priv_offline_root_keys[topo_id] = off_root_priv self.pub_core_sig_keys[topo_id] = core_sig_pub self.priv_core_sig_keys[topo_id] = core_sig_priv online_key_path = get_online_key_file_path("") offline_key_path = get_offline_key_file_path("") core_sig_path = get_core_sig_key_file_path("") self.cert_files[topo_id][online_key_path] = base64.b64encode(on_root_priv).decode() self.cert_files[topo_id][offline_key_path] = base64.b64encode(off_root_priv).decode() self.cert_files[topo_id][core_sig_path] = base64.b64encode(core_sig_priv).decode()
def _load_credentials(as_path, isd_as): print("Updating AS%s" % isd_as) # The element to get the credentials from. # We assume that the beacon server exists in every AS configuration. key_dict = {} core_key_dict = {} as_path = os.path.join(PROJECT_ROOT, GEN_PATH, 'ISD%s/AS%s' % (isd_as.isd_str(), isd_as.as_file_fmt())) instance_id = "bs%s-%s-1" % (isd_as.isd_str(), isd_as.as_file_fmt()) instance_path = os.path.join(as_path, instance_id) topo_path = os.path.join(instance_path, TOPO_FILE) # Credential files for all ASes as_key_path = { 'cert_path': get_cert_chain_file_path(instance_path, isd_as, INITIAL_CERT_VERSION), 'trc_path': get_trc_file_path(instance_path, isd_as[0], INITIAL_TRC_VERSION), 'enc_key_path': get_enc_key_file_path(instance_path), 'sig_key_path': get_sig_key_file_path(instance_path), 'sig_key_raw_path': get_sig_key_raw_file_path(instance_path), 'as_config_path': os.path.join(instance_path, AS_CONF_FILE), } # Credential files for core ASes core_key_path = { 'core_sig_key_path': get_core_sig_key_file_path(instance_path), 'core_sig_key_raw_path': get_core_sig_key_raw_file_path(instance_path), 'online_key_path': get_online_key_file_path(instance_path), 'online_key_raw_path': get_online_key_raw_file_path(instance_path), 'offline_key_path': get_offline_key_file_path(instance_path), 'offline_key_raw_path': get_offline_key_raw_file_path(instance_path), } for key, path in as_key_path.items(): try: if key.startswith('cert'): cert = _json_file_to_str(path) elif key.startswith('trc'): trc = _json_file_to_str(path) elif key.startswith('as'): as_config_dict = _yaml_file_to_dict(path) key_dict['master_as_key'] = as_config_dict['MasterASKey'] else: key_name = key[:len(key)-5] key_dict[key_name] = read_file(path)[:-1] except IOError as err: print("IOError({0}): {1}" % (err, path)) exit(1) tp = Topology.from_file(topo_path) if tp.is_core_as: for key, path in core_key_path.items(): try: key_name = key[:len(key)-5] core_key_dict[key_name] = read_file(path)[:-1] except IOError as err: print("IOError({0}): {1}" % (err, path)) exit(1) return ASCredential(cert, trc, key_dict, core_key_dict)
def _write_keys(archive, elem_dir, as_): archive.write_text(get_sig_key_file_path(elem_dir), as_.sig_priv_key) archive.write_text(get_enc_key_file_path(elem_dir), as_.enc_priv_key) archive.write_text(get_master_key_file_path(elem_dir, MASTER_KEY_0), as_.master_as_key) archive.write_text(get_master_key_file_path(elem_dir, MASTER_KEY_1), as_.master_as_key) # TODO if as_.is_core: archive.write_text(get_core_sig_key_file_path(elem_dir), as_.core_sig_priv_key) archive.write_text(get_online_key_file_path(elem_dir), as_.core_online_priv_key) archive.write_text(get_offline_key_file_path(elem_dir), as_.core_offline_priv_key)
def _write_keys(self, elem_dir): as_ = self.AS archive = self.archive archive.write_text(get_sig_key_file_path(elem_dir), as_.sig_priv_key) archive.write_text(get_enc_key_file_path(elem_dir), as_.enc_priv_key) archive.write_text(get_master_key_file_path(elem_dir, MASTER_KEY_0), as_.master_as_key) archive.write_text(get_master_key_file_path(elem_dir, MASTER_KEY_1), as_.master_as_key) if as_.is_core: archive.write_text(get_core_sig_key_file_path(elem_dir), as_.core_sig_priv_key) archive.write_text(get_online_key_file_path(elem_dir), as_.core_online_priv_key) archive.write_text(get_offline_key_file_path(elem_dir), as_.core_offline_priv_key)
def write_certs_trc_keys(isd_as, as_obj, instance_path): """ Writes the certificate and the keys for the given service instance of the given AS. :param ISD_AS isd_as: ISD the AS belongs to. :param str instance_path: Location (in the file system) to write the configuration into. """ # write keys sig_path = get_sig_key_file_path(instance_path) enc_path = get_enc_key_file_path(instance_path) write_file(sig_path, as_obj.sig_priv_key) write_file(enc_path, as_obj.enc_priv_key) # write cert cert_chain_path = get_cert_chain_file_path(instance_path, isd_as, INITIAL_CERT_VERSION) write_file(cert_chain_path, as_obj.certificate) # write trc trc_path = get_trc_file_path(instance_path, isd_as[0], INITIAL_TRC_VERSION) write_file(trc_path, as_obj.trc)
def write_certs_trc_keys(isd_as, as_obj, instance_path): """ Writes the certificate and the keys for the given service instance of the given AS. :param ISD_AS isd_as: ISD the AS belongs to. :param obj as_obj: An object that stores crypto information for AS :param str instance_path: Location (in the file system) to write the configuration into. """ # write keys as_key_path = { 'cert': get_cert_chain_file_path(instance_path, isd_as, INITIAL_CERT_VERSION), 'trc': get_trc_file_path(instance_path, isd_as[0], INITIAL_TRC_VERSION), 'enc_key': get_enc_key_file_path(instance_path), 'sig_key': get_sig_key_file_path(instance_path), 'sig_key_raw': get_sig_key_raw_file_path(instance_path), } core_key_path = { 'core_sig_key': get_core_sig_key_file_path(instance_path), 'core_sig_key_raw': get_core_sig_key_raw_file_path(instance_path), 'online_key': get_online_key_file_path(instance_path), 'online_key_raw': get_online_key_raw_file_path(instance_path), 'offline_key': get_offline_key_file_path(instance_path), 'offline_key_raw': get_offline_key_raw_file_path(instance_path), } for key, path in as_key_path.items(): if key == 'cert': # write certificates write_file(path, as_obj.certificate) elif key == 'trc': # write trc write_file(path, as_obj.trc) else: # write keys write_file(path, as_obj.keys[key]) if as_obj.core_keys: for key, path in core_key_path.items(): write_file(path, as_obj.core_keys[key])