def start(self,
port: int,
tls_key_filepath: Path = None,
tls_certificate_filepath: Path = None,
dry_run: bool = False):
if dry_run:
return
if tls_key_filepath and tls_certificate_filepath:
self.log.info("Starting HTTPS Control...")
# HTTPS endpoint
hx_deployer = HendrixDeployTLS(
action="start",
key=str(tls_key_filepath.absolute()),
cert=str(tls_certificate_filepath.absolute()),
options={
"wsgi": self._transport,
"https_port": port,
"resources": get_static_resources()
})
else:
# HTTP endpoint
# TODO #845: Make non-blocking web control startup
self.log.info("Starting HTTP Control...")
hx_deployer = HendrixDeploy(action="start",
options={
"wsgi": self._transport,
"http_port": port,
"resources":
get_static_resources()
})
hx_deployer.run() # <--- Blocking Call to Reactor
def get_deployer(self, rest_app, port):
return HendrixDeployTLS("start",
key=self._privkey,
cert=X509.from_cryptography(self.certificate),
context_factory=ExistingKeyTLSContextFactory,
context_factory_kwargs={"curve_name": self.curve.name,
"sslmethod": TLSv1_2_METHOD},
options={"wsgi": rest_app, "https_port": port})
def get_deployer(self, rest_app, port):
return HendrixDeployTLS("start",
key=self._privkey,
cert=X509.from_cryptography(self.certificate),
context_factory=ExistingKeyTLSContextFactory,
context_factory_kwargs={
"curve_name": _TLS_CURVE.name,
"sslmethod": TLSv1_2_METHOD
},
options={
"wsgi": rest_app,
"https_port": port,
"max_upload_bytes":
MAX_UPLOAD_CONTENT_LENGTH,
'resources': get_static_resources(),
})
def _get_deployer(rest_app,
host: str,
port: int,
tls_key_filepath: str = None,
certificate_filepath: str = None):
if tls_key_filepath and certificate_filepath:
deployer = HendrixDeployTLS("start",
key=tls_key_filepath,
cert=certificate_filepath,
options={
"wsgi": rest_app,
"https_port": port
})
else:
tls_hosting_power = _get_self_signed_hosting_power(host=host)
deployer = tls_hosting_power.get_deployer(rest_app=rest_app, port=port)
return deployer
def test_ssl_request():
port = 9252
pem_path = 'public.pem'
statics_path = 'path_on_disk/to/files'
os.makedirs(statics_path, exist_ok=True)
cert, pk = get_certificate()
options = {
'wsgi': application,
'max_upload_bytes': 200,
'https_port': port,
'resources': [MediaResource(statics_path, namespace='statics')],
}
deployer = HendrixDeployTLS(key=pk,
cert=openssl_X509.from_cryptography(cert),
context_factory=ExistingKeyTLSContextFactory,
context_factory_kwargs={
"curve_name": ec.SECP384R1.name,
"sslmethod": TLSv1_2_METHOD
},
options=options)
deployer.addServices()
deployer.start()
def test_ssl_static_files():
js_file = 'showmethisfile.js'
filepath = os.path.join(statics_path, js_file)
with open(pem_path, "w") as pub_file:
pub_file.write(
cert.public_bytes(serialization.Encoding.PEM).decode('utf-8'))
with open(filepath, 'w') as js_write:
js_write.write('//console.log("Hello World");')
response = requests.get(f"https://127.0.0.1:{port}/statics/{js_file}",
verify=pem_path)
assert response.status_code == 200
assert '//console.log("Hello World");' in response.text
os.remove(filepath)
os.removedirs(statics_path)
os.remove(pem_path)
d = threads.deferToThread(test_ssl_static_files)
yield d
from nkms.crypto.api import generate_self_signed_certificate
DB_NAME = "non-mining-proxy-node"
_URSULA = Ursula(dht_port=3501,
rest_port=3601,
ip_address="localhost",
db_name=DB_NAME)
_URSULA.dht_listen()
CURVE = ec.SECP256R1
cert, private_key = generate_self_signed_certificate(
_URSULA.stamp.fingerprint().decode(), CURVE)
deployer = HendrixDeployTLS("start", {
"wsgi": _URSULA.rest_app,
"https_port": _URSULA.rest_port
},
key=private_key,
cert=X509.from_cryptography(cert),
context_factory=ExistingKeyTLSContextFactory,
context_factory_kwargs={
"curve_name": "prime256v1",
"sslmethod": TLSv1_2_METHOD
})
try:
deployer.run()
finally:
os.remove(DB_NAME)
sys.path.append("../django_nyc_demo")
from hendrix_demo.wsgi import application as hendrix_demo_app
PORT = 8443
# EC variant
# deployer = HendrixDeployTLS("start",
# {"wsgi": hendrix_demo_app, "https_port": PORT},
# key="ec-key.pem",
# cert="ec-certificate.pem",
# context_factory=SpecifiedCurveContextFactory,
# context_factory_kwargs={"curve_name": "secp256k1"}
# )
# RSA variant
deployer = HendrixDeployTLS(
"start",
{
"wsgi": hendrix_demo_app,
"https_port": PORT
},
key="rsa-privkey.pem",
cert="rsa-certificate.pem",
)
wss_service = hey_joe.WSSWebSocketService(
"127.0.0.1", 9443, allowedOrigins=["https://localhost:{}".format(PORT)])
deployer.add_tls_websocket_service(wss_service)
deployer.run()
import sys
from hendrix.deploy.tls import HendrixDeployTLS
from hendrix.experience import hey_joe
sys.path.append("../django_nyc_demo")
from hendrix_demo.wsgi import application as hendrix_demo_app
PORT = 8443
# EC variant
# deployer = HendrixDeployTLS("start",
# {"wsgi": hendrix_demo_app, "https_port": PORT},
# key="ec-key.pem",
# cert="ec-certificate.pem",
# context_factory=SpecifiedCurveContextFactory,
# context_factory_kwargs={"curve_name": "secp256k1"}
# )
# RSA variant
deployer = HendrixDeployTLS("start",
{"wsgi": hendrix_demo_app, "https_port": PORT},
key="rsa-privkey.pem",
cert="rsa-certificate.pem",
)
wss_service = hey_joe.WSSWebSocketService("127.0.0.1", 9443,
allowedOrigins=["https://localhost:{}".format(PORT)])
deployer.add_tls_websocket_service(wss_service)
deployer.run()