def prep_approved_join_reply(request, join_rep_dict, own_isdas, own_as_obj): """ Prepares the join reply for the APPROVED case. """ logger.info("New AS ID = %s", request.POST['newASId']) joining_as = request.POST['newASId'] is_core = request.POST['join_as_a_core'] sig_pub_key = from_b64(request.POST['sig_pub_key']) enc_pub_key = from_b64(request.POST['enc_pub_key']) signing_as_sig_priv_key = from_b64(own_as_obj.sig_priv_key) joining_ia = TopoID.from_values(own_isdas[0], joining_as) if is_core.lower() == "true": validity = Certificate.CORE_AS_VALIDITY_PERIOD comment = "Core AS Certificate" else: validity = Certificate.AS_VALIDITY_PERIOD comment = "AS Certificate" cert = Certificate.from_values( str(joining_ia), str(own_isdas), INITIAL_TRC_VERSION, INITIAL_CERT_VERSION, comment, is_core, validity, enc_pub_key, sig_pub_key, SigningKey(signing_as_sig_priv_key) ) respond_ia_chain = CertificateChain.from_raw(own_as_obj.certificate) request_ia_chain = CertificateChain([cert, respond_ia_chain.core_as_cert]) join_rep_dict['JoiningIA'] = str(joining_ia) join_rep_dict['IsCore'] = is_core.lower() == "true" join_rep_dict['RespondIA'] = str(own_isdas) join_rep_dict['JoiningIACertificate'] = request_ia_chain.to_json() join_rep_dict['RespondIACertificate'] = respond_ia_chain.to_json() join_rep_dict['TRC'] = TRC.from_raw(own_as_obj.trc).to_json() logger.debug("Accepting Join Request = %s", join_rep_dict)
def send_connection_reply(request, con_req_id, status, respond_as, data): """ Sends connection reply to SCION Coordination Service. :param HttpRequest request: Django HTTP Request. :param str con_req_id: The ID of the connection request to be replied to. :param str status: The status of the the request. (e.g APPROVED) :param str respond_as: The AS responding to the connection request. :param dict data: Dictionary object containing the reply parameters. """ coord = get_object_or_404(OrganisationAdmin, user_id=request.user.id) con_rep_dict = { "RequestId": int(con_req_id), "Status": status, "RequestIA": data['RequestIA'], "RespondIA": str(respond_as) } if status == REQ_APPROVED: router_info = data['router_info'] overlay_type = data['accepted_overlay_type'] con_rep_dict["IP"] = router_info.split(':')[0] if "UDP" in overlay_type: con_rep_dict["Port"] = int(router_info.split(':')[1]) con_rep_dict["OverlayType"] = overlay_type con_rep_dict["MTU"] = int(data['accepted_mtu']) con_rep_dict["Bandwidth"] = int(data['accepted_bandwidth']) cert_chain = CertificateChain.from_raw(respond_as.certificate) con_rep_dict["Certificate"] = cert_chain.to_json() request_url = urljoin(COORD_SERVICE_URI, posixpath.join( UPLOAD_CONN_REPLY_SVC, coord.account_id, coord.secret)) _, error = post_req_to_scion_coord(request_url, con_rep_dict, "connection reply %s" % con_req_id) if error: return error logging.info("Connection reply %s successfully sent.", con_rep_dict['RequestId'])
def prep_con_req_dict(con_req, isd_id, as_id): """ Prepares the connection request as a dictionary to be sent to the SCION coordination service. :param ConnectionRequest con_req: Connection request object. :returns: Connection request as a dictionary. :rtype: dict """ isd_as = TopoID.from_values(isd_id, as_id) as_obj = get_object_or_404(AD, isd_id=isd_id, as_id=as_id) cert_chain = CertificateChain.from_raw(as_obj.certificate) con_req_dict = { "RequestId": con_req.id, "Info": con_req.info, "RequestIA": str(isd_as), "RespondIA": con_req.connect_to, "IP": con_req.router_public_ip, "OverlayType": con_req.overlay_type, "MTU": int(con_req.mtu), "Bandwidth": int(con_req.bandwidth), "Timestamp": iso_timestamp(time.time()), "Signature": "", # TODO(ercanucan): generate and set the signature "Certificate": cert_chain.to_json() } if con_req.router_public_port: con_req_dict["Port"] = int(con_req.router_public_port) # Adjust the link type for the receiving party (i.e if the requestIA # wants to have the respondIA as a PARENT, then the respondIA should # see it as a request to have a CHILD AS. if con_req.link_type == LinkType.PARENT: con_req_dict["LinkType"] = LinkType.CHILD elif con_req.link_type == LinkType.CHILD: con_req_dict["LinkType"] = LinkType.PARENT else: con_req_dict["LinkType"] = con_req.link_type return con_req_dict
def send_connection_reply(request, con_req_id, status, respond_as, data): """ Sends connection reply to SCION Coordination Service. :param HttpRequest request: Django HTTP Request. :param str con_req_id: The ID of the connection request to be replied to. :param str status: The status of the the request. (e.g APPROVED) :param str respond_as: The AS responding to the connection request. :param dict data: Dictionary object containing the reply parameters. """ coord = get_object_or_404(OrganisationAdmin, user_id=request.user.id) con_rep_dict = { "RequestId": int(con_req_id), "Status": status, "RequestIA": data['RequestIA'], "RespondIA": str(respond_as) } if status == REQ_APPROVED: router_info = data['router_info'] overlay_type = data['accepted_overlay_type'] con_rep_dict["IP"] = router_info.split(':')[0] if "UDP" in overlay_type: con_rep_dict["Port"] = int(router_info.split(':')[1]) con_rep_dict["OverlayType"] = overlay_type con_rep_dict["MTU"] = int(data['accepted_mtu']) con_rep_dict["Bandwidth"] = int(data['accepted_bandwidth']) cert_chain = CertificateChain.from_raw(respond_as.certificate) con_rep_dict["Certificate"] = cert_chain.to_json() request_url = urljoin( COORD_SERVICE_URI, posixpath.join(UPLOAD_CONN_REPLY_SVC, coord.account_id, coord.secret)) _, error = post_req_to_scion_coord(request_url, con_rep_dict, "connection reply %s" % con_req_id) if error: return error logging.info("Connection reply %s successfully sent.", con_rep_dict['RequestId'])
def prep_con_req_dict(con_req, isd_id, as_id): """ Prepares the connection request as a dictionary to be sent to the SCION coordination service. :param ConnectionRequest con_req: Connection request object. :returns: Connection request as a dictionary. :rtype: dict """ isd_as = ISD_AS.from_values(isd_id, as_id) as_obj = get_object_or_404(AD, isd_id=isd_id, as_id=as_id) cert_chain = CertificateChain.from_raw(as_obj.certificate) con_req_dict = { "RequestId": con_req.id, "Info": con_req.info, "RequestIA": str(isd_as), "RespondIA": con_req.connect_to, "IP": con_req.router_public_ip, "OverlayType": con_req.overlay_type, "MTU": int(con_req.mtu), "Bandwidth": int(con_req.bandwidth), "Timestamp": iso_timestamp(time.time()), "Signature": "", # TODO(ercanucan): generate and set the signature "Certificate": cert_chain.to_json() } if con_req.router_public_port: con_req_dict["Port"] = int(con_req.router_public_port) # Adjust the link type for the receiving party (i.e if the requestIA # wants to have the respondIA as a PARENT, then the respondIA should # see it as a request to have a CHILD AS. if con_req.link_type == LinkType.PARENT: con_req_dict["LinkType"] = LinkType.CHILD elif con_req.link_type == LinkType.CHILD: con_req_dict["LinkType"] = LinkType.PARENT else: con_req_dict["LinkType"] = con_req.link_type return con_req_dict
def generate_certificate(joining_ia, core_ia, core_sign_priv_key_file, core_cert_file): """ """ validity = Certificate.AS_VALIDITY_PERIOD comment = "AS Certificate" core_ia_sig_priv_key = base64.b64decode(read_file(core_sign_priv_key_file)) public_key_sign, private_key_sign = generate_sign_keypair() public_key_encr, private_key_encr = generate_enc_keypair() cert = Certificate.from_values(str(joining_ia), str(core_ia), INITIAL_TRC_VERSION, INITIAL_CERT_VERSION, comment, False, validity, public_key_encr, public_key_sign, SigningKey(core_ia_sig_priv_key)) core_ia_chain = CertificateChain.from_raw(read_file(core_cert_file)) sig_priv_key = base64.b64encode(private_key_sign).decode() enc_priv_key = base64.b64encode(private_key_encr).decode() joining_ia_chain = CertificateChain([cert, core_ia_chain.core_as_cert ]).to_json() trc = open(DEFAULT_TRC_FILE).read() master_as_key = base64.b64encode(Random.new().read(16)).decode('utf-8') as_obj = ASCredential(sig_priv_key, enc_priv_key, joining_ia_chain, trc, master_as_key) return as_obj
def prep_approved_join_reply(request, join_rep_dict, own_isdas, own_as_obj): """ Prepares the join reply for the APPROVED case. """ logger.info("New AS ID = %s", request.POST['newASId']) joining_as = request.POST['newASId'] is_core = request.POST['join_as_a_core'] sig_pub_key = from_b64(request.POST['sig_pub_key']) enc_pub_key = from_b64(request.POST['enc_pub_key']) signing_as_sig_priv_key = from_b64(own_as_obj.sig_priv_key) joining_ia = ISD_AS.from_values(own_isdas[0], joining_as) cert = Certificate.from_values(str(joining_ia), str(own_isdas), INITIAL_CERT_VERSION, "", False, enc_pub_key, sig_pub_key, SigningKey(signing_as_sig_priv_key)) respond_ia_chain = CertificateChain.from_raw(own_as_obj.certificate) request_ia_chain = CertificateChain([cert, respond_ia_chain.certs[0]]) join_rep_dict['JoiningIA'] = str(joining_ia) join_rep_dict['IsCore'] = is_core.lower() == "true" join_rep_dict['RespondIA'] = str(own_isdas) join_rep_dict['JoiningIACertificate'] = request_ia_chain.to_json() join_rep_dict['RespondIACertificate'] = respond_ia_chain.to_json() join_rep_dict['TRC'] = TRC.from_raw(own_as_obj.trc).to_json() logger.debug("Accepting Join Request = %s", join_rep_dict)
def chain(self): # pragma: no cover return CertificateChain.from_raw(self.p.chain, lz4_=True)
def _init_certs(self): # pragma: no cover for path in glob.glob("%s/*.crt" % self._dir): cert_raw = read_file(path) self.add_cert(CertificateChain.from_raw(cert_raw), write=False) logging.debug("Loaded: %s" % path)
def __init__(self, p): super().__init__(p) self.chain = CertificateChain.from_raw(p.chain, lz4_=True)
def _check_cert_chain(self, as_, trc): self.assertIsNotNone(as_.certificate_chain) json_cert_chain = json.dumps(as_.certificate_chain) cert_chain = CertificateChain.from_raw(json_cert_chain) cert_chain.verify(as_.isd_as_str(), TRC(trc))