def start(self, port: int, tls_key_filepath: Path = None, tls_certificate_filepath: Path = None, dry_run: bool = False): if dry_run: return if tls_key_filepath and tls_certificate_filepath: self.log.info("Starting HTTPS Control...") # HTTPS endpoint hx_deployer = HendrixDeployTLS( action="start", key=str(tls_key_filepath.absolute()), cert=str(tls_certificate_filepath.absolute()), options={ "wsgi": self._transport, "https_port": port, "resources": get_static_resources() }) else: # HTTP endpoint # TODO #845: Make non-blocking web control startup self.log.info("Starting HTTP Control...") hx_deployer = HendrixDeploy(action="start", options={ "wsgi": self._transport, "http_port": port, "resources": get_static_resources() }) hx_deployer.run() # <--- Blocking Call to Reactor
def get_deployer(self, rest_app, port): return HendrixDeployTLS("start", key=self._privkey, cert=X509.from_cryptography(self.certificate), context_factory=ExistingKeyTLSContextFactory, context_factory_kwargs={"curve_name": self.curve.name, "sslmethod": TLSv1_2_METHOD}, options={"wsgi": rest_app, "https_port": port})
def get_deployer(self, rest_app, port): return HendrixDeployTLS("start", key=self._privkey, cert=X509.from_cryptography(self.certificate), context_factory=ExistingKeyTLSContextFactory, context_factory_kwargs={ "curve_name": _TLS_CURVE.name, "sslmethod": TLSv1_2_METHOD }, options={ "wsgi": rest_app, "https_port": port, "max_upload_bytes": MAX_UPLOAD_CONTENT_LENGTH, 'resources': get_static_resources(), })
def _get_deployer(rest_app, host: str, port: int, tls_key_filepath: str = None, certificate_filepath: str = None): if tls_key_filepath and certificate_filepath: deployer = HendrixDeployTLS("start", key=tls_key_filepath, cert=certificate_filepath, options={ "wsgi": rest_app, "https_port": port }) else: tls_hosting_power = _get_self_signed_hosting_power(host=host) deployer = tls_hosting_power.get_deployer(rest_app=rest_app, port=port) return deployer
def test_ssl_request(): port = 9252 pem_path = 'public.pem' statics_path = 'path_on_disk/to/files' os.makedirs(statics_path, exist_ok=True) cert, pk = get_certificate() options = { 'wsgi': application, 'max_upload_bytes': 200, 'https_port': port, 'resources': [MediaResource(statics_path, namespace='statics')], } deployer = HendrixDeployTLS(key=pk, cert=openssl_X509.from_cryptography(cert), context_factory=ExistingKeyTLSContextFactory, context_factory_kwargs={ "curve_name": ec.SECP384R1.name, "sslmethod": TLSv1_2_METHOD }, options=options) deployer.addServices() deployer.start() def test_ssl_static_files(): js_file = 'showmethisfile.js' filepath = os.path.join(statics_path, js_file) with open(pem_path, "w") as pub_file: pub_file.write( cert.public_bytes(serialization.Encoding.PEM).decode('utf-8')) with open(filepath, 'w') as js_write: js_write.write('//console.log("Hello World");') response = requests.get(f"https://127.0.0.1:{port}/statics/{js_file}", verify=pem_path) assert response.status_code == 200 assert '//console.log("Hello World");' in response.text os.remove(filepath) os.removedirs(statics_path) os.remove(pem_path) d = threads.deferToThread(test_ssl_static_files) yield d
from nkms.crypto.api import generate_self_signed_certificate DB_NAME = "non-mining-proxy-node" _URSULA = Ursula(dht_port=3501, rest_port=3601, ip_address="localhost", db_name=DB_NAME) _URSULA.dht_listen() CURVE = ec.SECP256R1 cert, private_key = generate_self_signed_certificate( _URSULA.stamp.fingerprint().decode(), CURVE) deployer = HendrixDeployTLS("start", { "wsgi": _URSULA.rest_app, "https_port": _URSULA.rest_port }, key=private_key, cert=X509.from_cryptography(cert), context_factory=ExistingKeyTLSContextFactory, context_factory_kwargs={ "curve_name": "prime256v1", "sslmethod": TLSv1_2_METHOD }) try: deployer.run() finally: os.remove(DB_NAME)
sys.path.append("../django_nyc_demo") from hendrix_demo.wsgi import application as hendrix_demo_app PORT = 8443 # EC variant # deployer = HendrixDeployTLS("start", # {"wsgi": hendrix_demo_app, "https_port": PORT}, # key="ec-key.pem", # cert="ec-certificate.pem", # context_factory=SpecifiedCurveContextFactory, # context_factory_kwargs={"curve_name": "secp256k1"} # ) # RSA variant deployer = HendrixDeployTLS( "start", { "wsgi": hendrix_demo_app, "https_port": PORT }, key="rsa-privkey.pem", cert="rsa-certificate.pem", ) wss_service = hey_joe.WSSWebSocketService( "127.0.0.1", 9443, allowedOrigins=["https://localhost:{}".format(PORT)]) deployer.add_tls_websocket_service(wss_service) deployer.run()
import sys from hendrix.deploy.tls import HendrixDeployTLS from hendrix.experience import hey_joe sys.path.append("../django_nyc_demo") from hendrix_demo.wsgi import application as hendrix_demo_app PORT = 8443 # EC variant # deployer = HendrixDeployTLS("start", # {"wsgi": hendrix_demo_app, "https_port": PORT}, # key="ec-key.pem", # cert="ec-certificate.pem", # context_factory=SpecifiedCurveContextFactory, # context_factory_kwargs={"curve_name": "secp256k1"} # ) # RSA variant deployer = HendrixDeployTLS("start", {"wsgi": hendrix_demo_app, "https_port": PORT}, key="rsa-privkey.pem", cert="rsa-certificate.pem", ) wss_service = hey_joe.WSSWebSocketService("127.0.0.1", 9443, allowedOrigins=["https://localhost:{}".format(PORT)]) deployer.add_tls_websocket_service(wss_service) deployer.run()