def test_cert_gen(self): gen = NuclideCertificatesGenerator(tempfile.gettempdir(), 'localhost', 'test') self.verify_key_file(gen.ca_key) self.verify_cert_file(gen.ca_cert) self.verify_key_file(gen.server_key) self.verify_cert_file(gen.server_cert) self.verify_key_file(gen.client_key) self.verify_cert_file(gen.client_cert) self.assertEquals( 'localhost', NuclideCertificatesGenerator.get_common_name(gen.server_cert))
def start_server(self, server): self.logger.info('Starting NuclideServer...') if self.options.insecure: # Use http. self.logger.info('Using http.') return server.start(self.options.timeout, quiet=self.options.quiet, debug=self.options.debug) else: # Use https. self.logger.info('Using https.') certs_dir = self.options.certs_dir or self._ensure_certs_dir() # Add prefix "user.nuclide" to avoid collision. common_name = self.options.common_name or \ '%s.nuclide.%s' % (getpass.getuser(), socket.gethostname()) # TODO: Client common name is 'nuclide'. # We may want to generate unique common name and verify it. certs_generator = NuclideCertificatesGenerator( certs_dir, common_name, 'nuclide', expiration_days=CERTS_EXPIRATION_DAYS) self.logger.info( 'Initialized NuclideCertificatesGenerator with common_name: {0}' .format(common_name)) return server.start(self.options.timeout, cert=certs_generator.server_cert, key=certs_generator.server_key, ca=certs_generator.ca_cert, quiet=self.options.quiet, debug=self.options.debug)
def test_get_certificates(self): gen = NuclideCertificatesGenerator(tempfile.gettempdir(), 'localhost', 'test') server_9090 = NuclideServer(9090) ret = server_9090.start(timeout=TIMEOUT, cert=gen.server_cert, key=gen.server_key, ca=gen.ca_cert) self.assertEquals(ret, 0) # Verify cert files. server_cert, server_key, ca = server_9090.get_server_certificate_files( ) self.assertEquals(server_cert, gen.server_cert) self.assertEquals(server_key, gen.server_key) self.assertEquals(ca, gen.ca_cert) client_cert, client_key = NuclideServer.get_client_certificate_files( ca) self.assertEquals(client_cert, gen.client_cert) self.assertEquals(client_key, gen.client_key) # Verify same cert files after restart. server_9090.restart(timeout=TIMEOUT) server_cert, server_key, ca = server_9090.get_server_certificate_files( ) self.assertEquals(server_cert, gen.server_cert) self.assertEquals(server_key, gen.server_key) self.assertEquals(ca, gen.ca_cert)
def print_json(self): output = {'version': self.get_version(), 'port': self.port, 'workspace': self.workspace} server_cert, server_key, ca = self.get_server_certificate_files() if server_cert is not None and server_key is not None and ca is not None: client_cert, client_key = self.get_client_certificate_files(ca) output['cert'] = self._read_cert_file(client_cert) output['key'] = self._read_cert_file(client_key) output['ca'] = self._read_cert_file(ca) output['hostname'] = NuclideCertificatesGenerator.get_common_name(server_cert) print(json.dumps(output))
def get_server_info(self): output = {'version': self.get_version(), 'port': self.port, 'workspace': self.workspace} output['pid'] = self._get_proc_info().get_pid() server_cert, server_key, ca = self.get_server_certificate_files() if server_cert is not None and server_key is not None and ca is not None: client_cert, client_key = self.get_client_certificate_files(ca) output['cert'] = self._read_cert_file(client_cert) output['key'] = self._read_cert_file(client_key) output['ca'] = self._read_cert_file(ca) output['hostname'] = NuclideCertificatesGenerator.get_common_name(server_cert) return output
def get_version(self): # Return version if it is cached. if self._version is not None: return self._version if self.is_https(): server_cert, server_key, ca = self.get_server_certificate_files() client_cert, client_key = self.get_client_certificate_files(ca) common_name = NuclideCertificatesGenerator.get_common_name(server_cert) self._version = utils.http_get(common_name, self.port, method='POST', url='/heartbeat', key_file=client_key, cert_file=client_cert, ca_cert=ca) else: self._version = utils.http_get('localhost', self.port, method='POST', url='/heartbeat') return self._version
def _generate_certificates(self): # Add prefix "user.nuclide" to avoid collision. common_name = self.options.common_name or \ '%s.nuclide.%s' % (getpass.getuser(), socket.gethostname()) # TODO: Client common name is 'nuclide'. # We may want to generate unique common name and verify it. certs_dir = self.options.certs_dir or self._ensure_certs_dir() generator = NuclideCertificatesGenerator( certs_dir, common_name, 'nuclide', expiration_days=CERTS_EXPIRATION_DAYS) self.logger.info( 'Initialized NuclideCertificatesGenerator with common_name: {0}'. format(common_name)) return generator.ca_cert, generator.server_cert, generator.server_key
def start_server(self, server): self.logger.info('Starting NuclideServer...') if self.options.insecure: # Use http. self.logger.info('Using http.') return server.start( self.options.timeout, quiet=self.options.quiet, debug=self.options.debug, inspect=self.options.inspect, abort_on_uncaught_exception=self.options.dump_core) else: # Use https. self.logger.info('Using https.') certs_dir = self.options.certs_dir or self._ensure_certs_dir() # Add prefix "user.nuclide" to avoid collision. common_name = self.options.common_name or \ '%s.nuclide.%s' % (getpass.getuser(), socket.gethostname()) # TODO: Client common name is 'nuclide'. # We may want to generate unique common name and verify it. certs_generator = NuclideCertificatesGenerator( certs_dir, common_name, 'nuclide', expiration_days=CERTS_EXPIRATION_DAYS) self.logger.info( 'Initialized NuclideCertificatesGenerator with common_name: {0}' .format(common_name)) self._check_if_certs_files_exist(certs_generator) return server.start( self.options.timeout, cert=certs_generator.server_cert, key=certs_generator.server_key, ca=certs_generator.ca_cert, quiet=self.options.quiet, debug=self.options.debug, inspect=self.options.inspect, abort_on_uncaught_exception=self.options.dump_core, # After the server certificate expires, clients won't be able to connect. # Automatically exit to avoid zombie servers. expiration_days=CERTS_EXPIRATION_DAYS + 1)
def start_server(self, server): print('Starting Nuclide server...', file=sys.stderr) if self.options.insecure: # Use http. return server.start(self.options.timeout, quiet=self.options.quiet) else: # Use https. certs_dir = self.options.certs_dir or self._ensure_certs_dir() # Add prefix "user.nuclide" to avoid collision. common_name = self.options.common_name or \ '%s.nuclide.%s' % (getpass.getuser(), socket.gethostname()) # TODO: Client common name is 'nuclide'. # We may want to generate unique common name and verify it. certs_generator = NuclideCertificatesGenerator( certs_dir, common_name, 'nuclide', expiration_days=CERTS_EXPIRATION_DAYS) return server.start(self.options.timeout, cert=certs_generator.server_cert, key=certs_generator.server_key, ca=certs_generator.ca_cert, quiet=self.options.quiet)
def get_common_name(self): server_cert, _, _ = self.get_server_certificate_files() if server_cert is not None: return NuclideCertificatesGenerator.get_common_name(server_cert) else: return None
def test_altnames(self): gen = NuclideCertificatesGenerator(tempfile.gettempdir(), '127.0.0.1', 'test') text = NuclideCertificatesGenerator.get_text(gen.server_cert) self.assertTrue('Subject Alternative Name' in text) self.assertTrue('IP Address:127.0.0.1' in text)