def _check_key_cert(self, cs_configs: List[pathlib.Path]):
not_ready = [*cs_configs]
for _ in range(5):
logger.info(
"Checking if all control servers have reloaded the key and certificate..."
)
for cs_config in not_ready:
conn = client.HTTPConnection(self._http_endpoint(cs_config))
conn.request("GET", "/signer")
resp = conn.getresponse()
if resp.status != 200:
logger.info("Unexpected response: %d %s", resp.status,
resp.reason)
continue
pld = json.loads(resp.read().decode("utf-8"))
as_dir = self._to_as_dir(
scion_addr.ISD_AS(cs_config.stem[2:-2]))
if pld["subject_key_id"] != self._extract_skid(
as_dir / "crypto/as/renewed.pem"):
continue
logger.info(
"Control server successfully loaded new key and certificate: %s"
% self._rel(cs_config))
not_ready.remove(cs_config)
if not not_ready:
break
time.sleep(3)
else:
logger.error(
"Control servers without reloaded key and certificate: %s" %
[cs_config.name for cs_config in not_ready])
sys.exit(1)
def setup(self):
self.setup_prepare()
logger.info("==> Remove client certificate for 112")
path = pathlib.Path("%s/crypto/ca/clients/ISD1-ASff00_0_112.pem" %
self._to_as_dir(scion_addr.ISD_AS("1-ff00:0:110")))
path.unlink()
self.setup_start()
logger.info("==> Restore client certificate for 112")
cert = pathlib.Path("%s/gen/certs/ISD1-ASff00_0_112.pem" %
self.test_state.artifacts)
shutil.copy2(cert, path)
logger.info("==> Sleep thirty seconds to make sure the CS "
"has picked up the client certificate")
time.sleep(30)
def load(file: str = "gen/as_list.yml") -> "ASList":
with open(file, "r") as content:
data = yaml.load(content, yaml.Loader)
cores = [scion_addr.ISD_AS(raw) for raw in data["Core"]]
non_cores = [scion_addr.ISD_AS(raw) for raw in data["Non-core"]]
return ASList(cores, non_cores)