def _fetch_drkey(self, drkey, _): """ Fetch missing first order DRKey with the same (SrcIA, DstIA, expTime). :param FirstOrderDRKey drkey: The missing DRKey. """ cert = self.trust_store.get_cert(self.addr.isd_as) trc = self.trust_store.get_trc(self.addr.isd_as[0]) if not cert or not trc: logging.warning( "DRKeyRequest for %s not sent. Own CertChain/TRC not present.", drkey.src_ia) return req = get_drkey_request(drkey.src_ia, False, self.signing_key, cert.certs[0].version, trc.version) path_meta = self._get_path_via_sciond(drkey.src_ia) if path_meta: meta = self._build_meta(drkey.src_ia, host=SVCType.CS_A, path=path_meta.fwd_path()) req_id = mk_ctrl_req_id() self.send_meta(CtrlPayload(DRKeyMgmt(req)), meta) logging.info("DRKeyRequest (%s) sent to %s via %s [id: %016x]", req.short_desc(), meta, path_meta, req_id) else: logging.warning("DRKeyRequest (for %s) not sent", req.short_desc())
def _fetch_segments(self, req): """ Called to fetch the requested path. """ try: addr, port = self.dns_query_topo(ServiceType.PS)[0] except SCIONServiceLookupError: log_exception("Error querying path service:") return req_id = mk_ctrl_req_id() logging.debug("Sending path request (%s) to [%s]:%s [id: %016x]", req.short_desc(), addr, port, req_id) meta = self._build_meta(host=addr, port=port) self.send_meta(CtrlPayload(PathMgmt(req), req_id=req_id), meta)
def _send_trc_request(self, isd, ver): trc_req = TRCRequest.from_values(isd, ver, cache_only=True) path_meta = self._get_path_via_sciond(trc_req.isd_as()) if path_meta: meta = self._build_meta(path_meta.dst_ia(), host=SVCType.CS_A, path=path_meta.fwd_path()) req_id = mk_ctrl_req_id() self.send_meta(CtrlPayload(CertMgmt(trc_req), req_id=req_id), meta) logging.info("TRC request sent to %s via [%s]: %s [id: %016x]", meta, path_meta.short_desc(), trc_req.short_desc(), req_id) else: logging.warning("TRC request not sent for %s: no path found.", trc_req.short_desc())
def _send_cc_request(self, isd_as, ver): req = CertChainRequest.from_values(isd_as, ver, cache_only=True) path_meta = self._get_path_via_sciond(isd_as) if path_meta: meta = self._build_meta(isd_as, host=SVCType.CS_A, path=path_meta.fwd_path()) req_id = mk_ctrl_req_id() self.send_meta(CtrlPayload(CertMgmt(req), req_id=req_id), meta) logging.info( "Cert chain request sent to %s via [%s]: %s [id: %016x]", meta, path_meta.short_desc(), req.short_desc(), req_id) else: logging.warning( "Cert chain request (for %s) not sent: " "no path found", req.short_desc())
def _send_waiting_queries(self, dst_isd, pcb): targets = self.waiting_targets[dst_isd] if not targets: return path = pcb.get_path(reverse_direction=True) src_ia = pcb.first_ia() while targets: (seg_req, logger) = targets.pop(0) meta = self._build_meta(ia=src_ia, path=path, host=SVCType.PS_A, reuse=True) req_id = mk_ctrl_req_id() self.send_meta(CtrlPayload(PathMgmt(seg_req), req_id=req_id), meta) logger.info("Waiting request (%s) sent to %s via %s [id: %016x]", seg_req.short_desc(), meta, pcb.short_desc(), req_id)
def _check_trc_reqs(self): """ Checks if TRC requests timeout and resends requests if so. """ with self.req_trcs_lock: now = time.time() for (isd, ver), (req_time, meta) in self.requested_trcs.items(): if now - req_time >= self.TRC_CC_REQ_TIMEOUT: trc_req = TRCRequest.from_values(isd, ver, cache_only=True) meta = meta or self._get_cs() req_id = mk_ctrl_req_id() logging.info("Re-Requesting TRC from %s: %s [id: %016x]", meta, trc_req.short_desc(), req_id) self.send_meta(CtrlPayload(CertMgmt(trc_req), req_id=req_id), meta) self.requested_trcs[(isd, ver)] = (time.time(), meta) if self._labels: PENDING_TRC_REQS_TOTAL.labels(**self._labels).set(len(self.requested_trcs))
def _check_cert_reqs(self): """ Checks if certificate requests timeout and resends requests if so. """ with self.req_certs_lock: now = time.time() for (isd_as, ver), (req_time, meta) in self.requested_certs.items(): if now - req_time >= self.TRC_CC_REQ_TIMEOUT: cert_req = CertChainRequest.from_values(isd_as, ver, cache_only=True) meta = meta or self._get_cs() req_id = mk_ctrl_req_id() logging.info("Re-Requesting CERTCHAIN from %s: %s [id: %016x]", meta, cert_req.short_desc(), req_id) self.send_meta(CtrlPayload(CertMgmt(cert_req), req_id=req_id), meta) self.requested_certs[(isd_as, ver)] = (time.time(), meta) if self._labels: PENDING_CERT_REQS_TOTAL.labels(**self._labels).set( len(self.requested_certs))
def _request_missing_certs(self, seg_meta): """ For all missing CCs which are missing to verify this pcb/path segment, request them. Request is sent to certificate server, if the pcb/path segment was received by zk. Otherwise the sender of this pcb/path segment is asked. """ missing_certs = set() with seg_meta.miss_cert_lock: missing_certs = seg_meta.missing_certs.copy() if not missing_certs: return for isd_as, ver in missing_certs: with self.req_certs_lock: req_time, meta = self.requested_certs.get((isd_as, ver), (None, None)) if meta: # There is already an outstanding request for the missing cert # from somewhere else than than the local CS if seg_meta.meta: # Update the stored meta with the latest known server that has the cert. self.requested_certs[(isd_as, ver)] = (req_time, seg_meta.meta) continue if req_time and not seg_meta.meta: # There is already an outstanding request for the missing cert # to the local CS and we don't have a new meta. continue cert_req = CertChainRequest.from_values(isd_as, ver, cache_only=True) meta = seg_meta.meta or self._get_cs() if not meta: logging.error("Couldn't find a CS to request CERTCHAIN for PCB %s", seg_meta.seg.short_id()) continue req_id = mk_ctrl_req_id() logging.info("Requesting %sv%s CERTCHAIN from %s for PCB %s [id: %016x]", isd_as, ver, meta, seg_meta.seg.short_id(), req_id) with self.req_certs_lock: self.requested_certs[(isd_as, ver)] = (time.time(), seg_meta.meta) if self._labels: PENDING_CERT_REQS_TOTAL.labels(**self._labels).set(len(self.requested_certs)) self.send_meta(CtrlPayload(CertMgmt(cert_req), req_id=req_id), meta)