def __init__(self, config=None, reactor=None, personality=None):
# base ctor
NativeProcess.__init__(self, config=config, reactor=reactor, personality=personality)
# Release (public) key
self._release_pubkey = _read_release_key()
# Node (private) key (as a string, in hex)
node_key_hex = _read_node_key(self.config.extra.cbdir, private=True)['hex']
privkey = nacl.signing.SigningKey(node_key_hex, encoder=nacl.encoding.HexEncoder)
# WAMP-cryptosign signing key
self._node_key = cryptosign.SigningKey(privkey)
def maybe_generate_key(self,
cbdir,
privkey_path=u'key.priv',
pubkey_path=u'key.pub'):
privkey_path = os.path.join(cbdir, privkey_path)
pubkey_path = os.path.join(cbdir, pubkey_path)
if os.path.exists(privkey_path):
# node private key seems to exist already .. check!
priv_tags = _parse_keyfile(privkey_path, private=True)
for tag in [
u'creator', u'created-at', u'machine-id',
u'public-key-ed25519', u'private-key-ed25519'
]:
if tag not in priv_tags:
raise Exception(
"Corrupt node private key file {} - {} tag not found".
format(privkey_path, tag))
privkey_hex = priv_tags[u'private-key-ed25519']
privkey = SigningKey(privkey_hex, encoder=HexEncoder)
pubkey = privkey.verify_key
pubkey_hex = pubkey.encode(encoder=HexEncoder).decode('ascii')
if priv_tags[u'public-key-ed25519'] != pubkey_hex:
raise Exception((
"Inconsistent node private key file {} - public-key-ed25519 doesn't"
" correspond to private-key-ed25519").format(pubkey_path))
if os.path.exists(pubkey_path):
pub_tags = _parse_keyfile(pubkey_path, private=False)
for tag in [
u'creator', u'created-at', u'machine-id',
u'public-key-ed25519'
]:
if tag not in pub_tags:
raise Exception(
"Corrupt node public key file {} - {} tag not found"
.format(pubkey_path, tag))
if pub_tags[u'public-key-ed25519'] != pubkey_hex:
raise Exception((
"Inconsistent node public key file {} - public-key-ed25519 doesn't"
" correspond to private-key-ed25519"
).format(pubkey_path))
else:
self.log.info(
"Node public key file {pub_path} not found - re-creating from node private key file {priv_path}",
pub_path=pubkey_path,
priv_path=privkey_path,
)
pub_tags = OrderedDict([
(u'creator', priv_tags[u'creator']),
(u'created-at', priv_tags[u'created-at']),
(u'machine-id', priv_tags[u'machine-id']),
(u'public-key-ed25519', pubkey_hex),
])
msg = u'Crossbar.io node public key\n\n'
_write_node_key(pubkey_path, pub_tags, msg)
self.log.debug("Node key already exists (public key: {hex})",
hex=pubkey_hex)
else:
# node private key does not yet exist: generate one
privkey = SigningKey.generate()
privkey_hex = privkey.encode(encoder=HexEncoder).decode('ascii')
pubkey = privkey.verify_key
pubkey_hex = pubkey.encode(encoder=HexEncoder).decode('ascii')
# first, write the public file
tags = OrderedDict([
(u'creator', _creator()),
(u'created-at', utcnow()),
(u'machine-id', _machine_id()),
(u'public-key-ed25519', pubkey_hex),
])
msg = u'Crossbar.io node public key\n\n'
_write_node_key(pubkey_path, tags, msg)
# now, add the private key and write the private file
tags[u'private-key-ed25519'] = privkey_hex
msg = u'Crossbar.io node private key - KEEP THIS SAFE!\n\n'
_write_node_key(privkey_path, tags, msg)
self.log.info("New node key pair generated!")
# fix file permissions on node public/private key files
# note: we use decimals instead of octals as octal literals have changed between Py2/3
#
if os.stat(pubkey_path
).st_mode & 511 != 420: # 420 (decimal) == 0644 (octal)
os.chmod(pubkey_path, 420)
self.log.info("File permissions on node public key fixed!")
if os.stat(privkey_path
).st_mode & 511 != 384: # 384 (decimal) == 0600 (octal)
os.chmod(privkey_path, 384)
self.log.info("File permissions on node private key fixed!")
self._node_key = cryptosign.SigningKey(privkey)
return pubkey_hex
def _maybe_generate_key(cbdir, privfile='key.priv', pubfile='key.pub'):
was_new = True
privkey_path = os.path.join(cbdir, privfile)
pubkey_path = os.path.join(cbdir, pubfile)
if os.path.exists(privkey_path):
# node private key seems to exist already .. check!
priv_tags = _parse_key_file(privkey_path, private=True)
for tag in ['creator', 'created-at', 'machine-id', 'public-key-ed25519', 'private-key-ed25519']:
if tag not in priv_tags:
raise Exception("Corrupt node private key file {} - {} tag not found".format(privkey_path, tag))
privkey_hex = priv_tags['private-key-ed25519']
privkey = signing.SigningKey(privkey_hex, encoder=encoding.HexEncoder)
pubkey = privkey.verify_key
pubkey_hex = pubkey.encode(encoder=encoding.HexEncoder).decode('ascii')
if priv_tags['public-key-ed25519'] != pubkey_hex:
raise Exception(
("Inconsistent node private key file {} - public-key-ed25519 doesn't"
" correspond to private-key-ed25519").format(pubkey_path)
)
if os.path.exists(pubkey_path):
pub_tags = _parse_key_file(pubkey_path, private=False)
for tag in ['creator', 'created-at', 'machine-id', 'public-key-ed25519']:
if tag not in pub_tags:
raise Exception("Corrupt node public key file {} - {} tag not found".format(pubkey_path, tag))
if pub_tags['public-key-ed25519'] != pubkey_hex:
raise Exception(
("Inconsistent node public key file {} - public-key-ed25519 doesn't"
" correspond to private-key-ed25519").format(pubkey_path)
)
else:
log.info(
"Node public key file {pub_path} not found - re-creating from node private key file {priv_path}",
pub_path=pubkey_path,
priv_path=privkey_path,
)
pub_tags = OrderedDict([
('creator', priv_tags['creator']),
('created-at', priv_tags['created-at']),
('machine-id', priv_tags['machine-id']),
('public-key-ed25519', pubkey_hex),
])
msg = 'Crossbar.io node public key\n\n'
_write_node_key(pubkey_path, pub_tags, msg)
log.info('Node key files exist and are valid. Node public key is {pubkey}',
pubkey=hlid('0x' + pubkey_hex))
was_new = False
else:
# node private key does not yet exist: generate one
privkey = signing.SigningKey.generate()
privkey_hex = privkey.encode(encoder=encoding.HexEncoder).decode('ascii')
pubkey = privkey.verify_key
pubkey_hex = pubkey.encode(encoder=encoding.HexEncoder).decode('ascii')
# first, write the public file
tags = OrderedDict([
('creator', _creator()),
('created-at', utcnow()),
('machine-id', _machine_id()),
('public-key-ed25519', pubkey_hex),
])
msg = 'Crossbar.io node public key\n\n'
_write_node_key(pubkey_path, tags, msg)
# now, add the private key and write the private file
tags['private-key-ed25519'] = privkey_hex
msg = 'Crossbar.io node private key - KEEP THIS SAFE!\n\n'
_write_node_key(privkey_path, tags, msg)
log.info('New node key pair generated! Public key is {pubkey}', pubkey=hlid('0x' + pubkey_hex))
# fix file permissions on node public/private key files
# note: we use decimals instead of octals as octal literals have changed between Py2/3
#
if os.stat(pubkey_path).st_mode & 511 != 420: # 420 (decimal) == 0644 (octal)
os.chmod(pubkey_path, 420)
log.info("File permissions on node public key fixed")
if os.stat(privkey_path).st_mode & 511 != 384: # 384 (decimal) == 0600 (octal)
os.chmod(privkey_path, 384)
log.info("File permissions on node private key fixed")
log.info(
'Node key loaded from {priv_path}',
priv_path=hlid(privkey_path),
)
return was_new, cryptosign.SigningKey(privkey)
def _load_and_maybe_generate(self,
privkey_path,
pubkey_path,
yes_to_all=False):
if os.path.exists(privkey_path):
# node private key seems to exist already .. check!
priv_tags = _parse_keyfile(privkey_path, private=True)
for tag in [
u'creator', u'created-at', u'user-id',
u'public-key-ed25519', u'private-key-ed25519'
]:
if tag not in priv_tags:
raise Exception(
"Corrupt user private key file {} - {} tag not found".
format(privkey_path, tag))
creator = priv_tags[u'creator']
created_at = priv_tags[u'created-at']
user_id = priv_tags[u'user-id']
privkey_hex = priv_tags[u'private-key-ed25519']
privkey = SigningKey(privkey_hex, encoder=HexEncoder)
pubkey = privkey.verify_key
pubkey_hex = pubkey.encode(encoder=HexEncoder).decode('ascii')
if priv_tags[u'public-key-ed25519'] != pubkey_hex:
raise Exception((
"Inconsistent user private key file {} - public-key-ed25519 doesn't"
" correspond to private-key-ed25519").format(pubkey_path))
if os.path.exists(pubkey_path):
pub_tags = _parse_keyfile(pubkey_path, private=False)
for tag in [
u'creator', u'created-at', u'user-id',
u'public-key-ed25519'
]:
if tag not in pub_tags:
raise Exception(
"Corrupt user public key file {} - {} tag not found"
.format(pubkey_path, tag))
if pub_tags[u'public-key-ed25519'] != pubkey_hex:
raise Exception((
"Inconsistent user public key file {} - public-key-ed25519 doesn't"
" correspond to private-key-ed25519"
).format(pubkey_path))
else:
# public key is missing! recreate it
pub_tags = OrderedDict([
(u'creator', priv_tags[u'creator']),
(u'created-at', priv_tags[u'created-at']),
(u'user-id', priv_tags[u'user-id']),
(u'public-key-ed25519', pubkey_hex),
])
msg = u'Crossbar.io user public key\n\n'
_write_node_key(pubkey_path, pub_tags, msg)
click.echo(
'Re-created user public key from private key: {}'.format(
style_ok(pubkey_path)))
# click.echo('User public key loaded: {}'.format(style_ok(pubkey_path)))
# click.echo('User private key loaded: {}'.format(style_ok(privkey_path)))
else:
# user private key does not yet exist: generate one
creator = _creator(yes_to_all)
created_at = utcnow()
user_id = _user_id(yes_to_all)
privkey = SigningKey.generate()
privkey_hex = privkey.encode(encoder=HexEncoder).decode('ascii')
pubkey = privkey.verify_key
pubkey_hex = pubkey.encode(encoder=HexEncoder).decode('ascii')
# first, write the public file
tags = OrderedDict([
(u'creator', creator),
(u'created-at', created_at),
(u'user-id', user_id),
(u'public-key-ed25519', pubkey_hex),
])
msg = u'Crossbar.io FX user public key\n\n'
_write_node_key(pubkey_path, tags, msg)
os.chmod(pubkey_path, 420)
# now, add the private key and write the private file
tags[u'private-key-ed25519'] = privkey_hex
msg = u'Crossbar.io FX user private key - KEEP THIS SAFE!\n\n'
_write_node_key(privkey_path, tags, msg)
os.chmod(privkey_path, 384)
click.echo('New user public key generated: {}'.format(
style_ok(pubkey_path)))
click.echo('New user private key generated ({}): {}'.format(
style_error('keep this safe!'), style_ok(privkey_path)))
# fix file permissions on node public/private key files
# note: we use decimals instead of octals as octal literals have changed between Py2/3
if os.stat(pubkey_path
).st_mode & 511 != 420: # 420 (decimal) == 0644 (octal)
os.chmod(pubkey_path, 420)
click.echo(
style_error('File permissions on user public key fixed!'))
if os.stat(privkey_path
).st_mode & 511 != 384: # 384 (decimal) == 0600 (octal)
os.chmod(privkey_path, 384)
click.echo(
style_error('File permissions on user private key fixed!'))
# load keys into object
self._creator = creator
self._created_at = created_at
self.user_id = user_id
self._privkey = privkey
self._privkey_hex = privkey_hex
self._pubkey = pubkey
self._pubkey_hex = pubkey_hex
self.key = cryptosign.SigningKey(privkey)