def generate_self_signed_cert(self, common_name): cryptography_key = self._privkey.to_cryptography_privkey() return generate_self_signed_certificate( host=common_name, curve=self.curve, private_key=cryptography_key, )
def __init__( self, host: str, checksum_public_address: str = None, private_key: Union[UmbralPrivateKey, UmbralPublicKey] = None, curve=None, certificate=None, certificate_filepath: str = None, generate_certificate=True, ) -> None: self.curve = curve or self._DEFAULT_CURVE if private_key and certificate_filepath: from nucypher.config.keyring import _read_tls_public_certificate certificate = _read_tls_public_certificate( filepath=certificate_filepath) super().__init__(private_key=private_key) elif certificate: super().__init__(public_key=certificate.public_key()) elif certificate_filepath: from nucypher.config.keyring import _read_tls_public_certificate certificate = _read_tls_public_certificate( filepath=certificate_filepath) super().__init__(public_key=certificate.public_key()) elif generate_certificate: if not host and checksum_public_address: message = "If you don't supply a TLS certificate, one will be generated for you." \ "But for that, you need to pass a host and checksum address." raise TypeError(message) certificate, private_key = generate_self_signed_certificate( host=host, checksum_address=checksum_public_address, private_key=private_key, curve=self.curve) super().__init__(private_key=private_key) else: raise TypeError( "You didn't provide a cert, but also told us not to generate keys. Not sure what to do." ) if not certificate_filepath: certificate_filepath = constants.CERTIFICATE_NOT_SAVED.bool_value( False) self.certificate = certificate self.certificate_filepath = certificate_filepath
def __init__( self, common_name=None, host=None, private_key: Union[UmbralPrivateKey, UmbralPublicKey] = None, curve=None, certificate=None, certificate_filepath: str = None, certificate_dir=None, generate_certificate=True, ) -> None: self.curve = curve or self._DEFAULT_CURVE if private_key: super().__init__(private_key=private_key) elif certificate: super().__init__(public_key=certificate.public_key()) elif certificate_filepath: certificate = load_tls_certificate(filepath=certificate_filepath) elif generate_certificate: if not all((common_name, host)): message = "If you don't supply the certificate, one will be generated for you." \ "But for that, you need to pass both host and common_name.." raise TypeError(message) certificate, private_key = generate_self_signed_certificate( common_name=common_name, private_key=private_key, curve=self.curve, host=host) super().__init__(private_key=private_key) else: raise TypeError( "You didn't provide a cert, but also told us not to generate keys. Not sure what to do." ) if not certificate_filepath: certificate_filepath = constants.CERTIFICATE_NOT_SAVED self.certificate = certificate self.certificate_filepath = certificate_filepath self.certificate_dir = certificate_dir
def __init__(self, common_name, private_key: Union[UmbralPrivateKey, UmbralPublicKey] = None, certificate=None, curve=None, generate_keys_if_needed=True): self.curve = curve or self._DEFAULT_CURVE if not certificate: self._certificate, private_key = generate_self_signed_certificate( common_name=common_name, private_key=private_key, curve=self.curve) else: self._certificate = certificate super().__init__(private_key=private_key)
def _generate_tls_keys( host: str, curve: EllipticCurve) -> Tuple[_EllipticCurvePrivateKey, Certificate]: cert, private_key = generate_self_signed_certificate(host, curve) return private_key, cert
def generate_self_signed_cert(self, common_name): cryptography_key = self._privkey.to_cryptography_privkey() return generate_self_signed_certificate(common_name, default_curve(), cryptography_key)
def _generate_tls_keys( host: str, checksum_address: str, curve: EllipticCurve) -> Tuple[_EllipticCurvePrivateKey, Certificate]: cert, private_key = generate_self_signed_certificate( host=host, curve=curve, checksum_address=checksum_address) return private_key, cert
from nucypher.characters import Ursula from OpenSSL.crypto import X509 from OpenSSL.SSL import TLSv1_2_METHOD from nucypher.crypto.api import generate_self_signed_certificate DB_NAME = "non-mining-proxy-node" _URSULA = Ursula(dht_port=3501, rest_port=3601, ip_address="localhost", db_name=DB_NAME) _URSULA.dht_listen() CURVE = ec.SECP256R1 cert, private_key = generate_self_signed_certificate( _URSULA.stamp.fingerprint().decode(), CURVE) deployer = HendrixDeployTLS("start", { "wsgi": _URSULA.rest_app, "https_port": _URSULA.rest_port }, key=private_key, cert=X509.from_cryptography(cert), context_factory=ExistingKeyTLSContextFactory, context_factory_kwargs={ "curve_name": "prime256v1", "sslmethod": TLSv1_2_METHOD }) try: deployer.run()