def start(self, iface='', network=None, bootstrap=None, cb=None, name=None, nodeid=None): if bootstrap is None: bootstrap = [] if network is None: network = _conf.get_in_order("dht_network_filter", "ALL") self._network = network self._iface = iface self._bootstrap = bootstrap self._cb = cb self._name = name self._dlist = [] self._ssdps = SSDPServiceDiscovery(iface) self._dlist += self._ssdps.start() domain = _conf.get("security", "security_domain_name") is_ca=False try: if _conf.get("security","certificate_authority")=="True": ca = certificate_authority.CA(domain) #make sure private key exist if ca.verify_private_key_exist(): is_ca = True except: is_ca = False self._ssdps.update_server_params(CA_SERVICE_UUID, sign=is_ca, name=name) cert, certstr = certificate.get_own_cert(self._name) if not cert: _log.debug("runtime cert not available, let's create CSR") if is_ca: # We are the CA, just generate CSR and sign it csrfile = certificate.new_runtime(name, domain, nodeid=nodeid) _log.debug("Local CA sign runtime CSR") try: content = open(csrfile, 'rt').read() certpath=ca.sign_csr(csrfile) certificate.store_own_cert(certpath=certpath) return self._signed_cert_available() except: _log.exception("Failed signing with local CA") raise else: # Discover the signing CA _log.debug("No signed cert, discover CA signing CSR") self._sde_client = sde.Client(name, nodeid, CalvinCB(self._ssdps.start_search, CA_SERVICE_UUID, callback=self._signed_cert_received), self._signed_cert_available) else: _log.debug("runtime cert available") self._signed_cert_available(cert=cert, certstr=certstr)
def store_certificate(self, cert): """ Store a `cert` in path defined by configuration. raise StoreFailed if storing failed. raise IOError if path is not found. raise OSError if permissions are insuficcient. """ _log.debug("client.store_certificate") try: certificate.store_own_cert(certstring=cert) except (Exception), err: _log.exception("Storing signed cert failed") raise StoreFailed(err)
def manage_runtime_import(args): if not args.certificate: raise Exception("No certificate supplied") certificate.store_own_cert(certpath=args.certificate, security_dir=args.dir )
homefolder = get_home() domain = "sec-dht-security-test" testdir = os.path.join(homefolder, ".calvin", "sec_dht_security_test") configdir = os.path.join(testdir, domain) runtimesdir = os.path.join(testdir, "runtimes") runtimes_truststore = os.path.join(runtimesdir, "truststore_for_transport") try: shutil.rmtree(testdir) except: print "Failed to remove old tesdir" pass print "Creating new domain." testca = CA(domain="test", commonName="sec-dht-test-security-CA", security_dir=testdir) print "Created new domain." print "Generate runtime credentials and sign their certificates" for i in range(1, 5): for j in range(0, 6): name = "node{}:{}".format(i, j) certreq = certificate.new_runtime(name, "test", security_dir=testdir) certpath = testca.sign_csr(certreq) certificate.store_own_cert(certpath=certpath, security_dir=testdir) certreq = certificate.new_runtime("evil", "test", security_dir=testdir) certpath = testca.sign_csr(certreq) certificate.store_own_cert(certpath=certpath, security_dir=testdir) testca.export_ca_cert(runtimes_truststore)
def start(self, iface='', network=None, bootstrap=None, cb=None, name=None, nodeid=None): if bootstrap is None: bootstrap = [] if network is None: network = _conf.get_in_order("dht_network_filter", "ALL") self._network = network self._iface = iface self._bootstrap = bootstrap self._cb = cb self._name = name self._dlist = [] self._ssdps = SSDPServiceDiscovery(iface) self._dlist += self._ssdps.start() domain = _conf.get("security", "security_domain_name") is_ca = False try: if _conf.get("security", "certificate_authority") == "True": ca = certificate_authority.CA(domain) #make sure private key exist if ca.verify_private_key_exist(): is_ca = True except: is_ca = False self._ssdps.update_server_params(CA_SERVICE_UUID, sign=is_ca, name=name) cert, certstr = certificate.get_own_cert(self._name) if not cert: _log.debug("runtime cert not available, let's create CSR") if is_ca: # We are the CA, just generate CSR and sign it csrfile = certificate.new_runtime(name, domain, nodeid=nodeid) _log.debug("Local CA sign runtime CSR") try: content = open(csrfile, 'rt').read() certpath = ca.sign_csr(csrfile) certificate.store_own_cert(certpath=certpath) return self._signed_cert_available() except: _log.exception("Failed signing with local CA") raise else: # Discover the signing CA _log.debug("No signed cert, discover CA signing CSR") self._sde_client = sde.Client( name, nodeid, CalvinCB(self._ssdps.start_search, CA_SERVICE_UUID, callback=self._signed_cert_received), self._signed_cert_available) else: _log.debug("runtime cert available") self._signed_cert_available(cert=cert, certstr=certstr)