def __reset_by_kms(self, key_load_type: conf.KeyLoadType, force=False):
from loopchain.tools.kms_helper import KmsHelper
if not force and self.__curr_key_load_type == key_load_type:
return
cert_data, key_data = KmsHelper().get_tls_cert_pair()
self.__ssl_pk.reset_by_data(key_data)
self.__ssl_crt.reset_by_data(cert_data)
self.__ssl_root_crt.reset_by_path(
conf.GRPC_SSL_DEFAULT_TRUST_CERT_PATH, force)
def __init_kms_helper(self, agent_pin):
if self.__get_use_kms():
from loopchain.tools.kms_helper import KmsHelper
KmsHelper().set_agent_pin(agent_pin)
def __close_kms_helper(self):
if self.__get_use_kms():
from loopchain.tools.kms_helper import KmsHelper
KmsHelper().remove_agent_pin()
def __init__(self, channel, rand_table=None):
"""create key_pair for signature using conf.CHANNEL_OPTION
:param channel: channel name
:param rand_table: for RandomTable Derivation key set, create using table
:param agent_pin: for KMS, kms connection agent pin
"""
super().__init__(channel)
self.__peer_pri = None
# option check
if not self._channel_option[self.LOAD_CERT]:
if self._channel_option[
self.CONSENSUS_CERT_USE] or self._channel_option[
self.TX_CERT_USE]:
logging.error("public key load type can't use cert")
util.exit_and_msg("public key load type can't use cert")
try:
if self._channel_option[
self.KEY_LOAD_TYPE] == conf.KeyLoadType.FILE_LOAD:
logging.info("key load type : file load")
logging.info(
f"public file : {conf.CHANNEL_OPTION[self._channel][self.PUBLIC_PATH]}"
)
logging.info(
f"private file : {conf.CHANNEL_OPTION[self._channel][self.PRIVATE_PATH]}"
)
# load public key
with open(conf.CHANNEL_OPTION[self._channel][self.PUBLIC_PATH],
"rb") as public:
public_bytes = public.read()
if conf.CHANNEL_OPTION[self._channel][self.LOAD_CERT]:
self.__load_cert(public_bytes)
else:
self.__load_public(public_bytes)
# load private key
self.__load_private(pri_path=conf.CHANNEL_OPTION[
self._channel][self.PRIVATE_PATH],
pri_pass=conf.CHANNEL_OPTION[self._channel]
[self.PRIVATE_PASSWORD])
elif self._channel_option[
self.KEY_LOAD_TYPE] == conf.KeyLoadType.KMS_LOAD:
from loopchain.tools.kms_helper import KmsHelper
cert, private = KmsHelper().get_signature_cert_pair(
conf.CHANNEL_OPTION[self._channel][self.KEY_ID])
# KMS not support public key load
if conf.CHANNEL_OPTION[self._channel][self.LOAD_CERT]:
self.__load_cert(cert)
else:
raise Exception("KMS Load does't support public key load")
self.__load_private_byte(private)
elif self._channel_option[
self.KEY_LOAD_TYPE] == KeyLoadType.RANDOM_TABLE_DERIVATION:
logging.info("key load type : random table derivation")
# Random Table derivation not support cert key load
if conf.CHANNEL_OPTION[self._channel][self.LOAD_CERT]:
raise Exception("KMS Load does't support public key load")
self.__peer_pri = self.__key_derivation(rand_table)
self._load_public_from_object(self.__peer_pri.public_key())
else:
raise Exception(
f"conf.KEY_LOAD_TYPE : {conf.CHANNEL_OPTION[channel][self.KEY_LOAD_TYPE]}"
f"\nkey load option is wrong")
except Exception as e:
logging.error(e)
util.exit_and_msg(f"key load fail cause : {e}")