def create_new_ad_files(parent_ad_topo, isd_id, ad_id, out_dir):
assert isinstance(parent_ad_topo, dict), 'Invalid topology dict'
isd_ad_id = '{}-{}'.format(isd_id, ad_id)
ad_dict = {
"default_zookeepers": {"1": {"manage": False, "addr": "localhost"}},
isd_ad_id: {'level': 'LEAF'},
}
gen = ConfigGenerator(out_dir=out_dir)
path_policy_file = DEFAULT_PATH_POLICY_FILE
zk_config = DEFAULT_ZK_CONFIG
# Write basic config files for the new AD
with tempfile.NamedTemporaryFile('w') as temp_fh:
json.dump(ad_dict, temp_fh)
temp_fh.flush()
gen.generate_all(temp_fh.name, path_policy_file, zk_config)
# Copy TRC file
trc_path = get_some_trc_path(isd_id)
if trc_path:
dst_path = get_trc_file_path(isd_id, ad_id, isd_id, 0,
isd_dir=out_dir)
shutil.copyfile(trc_path, dst_path)
new_topo_path = gen.path_dict(isd_id, ad_id)['topo_file_abs']
new_topo_file = read_file(new_topo_path)
new_topo = json.loads(new_topo_file)
existing_topo, new_topo = link_topologies(parent_ad_topo, new_topo, 'PARENT_CHILD')
# Update the config files for the new AD
write_file(new_topo_path, json.dumps(new_topo, sort_keys=4, indent=4))
gen.write_derivatives(new_topo)
return new_topo, existing_topo
def write_certs_trc_keys(isd_as, instance_path):
"""
Writes the certificate and the keys for the given service
instance of the given AS.
:param ISD_AS isd_as: ISD the AS belongs to.
:param str instance_path: Location (in the file system) to write
the configuration into.
"""
try:
as_obj = AD.objects.get(isd_id=isd_as[0], as_id=isd_as[1])
except AD.DoesNotExist:
logger.error("AS %s-%s was not found." % (isd_as[0], isd_as[1]))
return
# write keys
sig_path = get_sig_key_file_path(instance_path)
enc_path = get_enc_key_file_path(instance_path)
write_file(sig_path, as_obj.sig_priv_key)
write_file(enc_path, as_obj.enc_priv_key)
# write cert
cert_chain_path = get_cert_chain_file_path(
instance_path, isd_as, INITIAL_CERT_VERSION)
write_file(cert_chain_path, as_obj.certificate)
# write trc
trc_path = get_trc_file_path(instance_path, isd_as[0], INITIAL_TRC_VERSION)
write_file(trc_path, as_obj.trc)
def _load_credentials(as_path, isd_as):
print("Updating AS%s" % isd_as)
# The element to get the credentials from.
# We assume that the beacon server exists in every AS configuration.
key_dict = {}
core_key_dict = {}
as_path = os.path.join(PROJECT_ROOT, GEN_PATH, 'ISD%s/AS%s' % (isd_as.isd_str(), isd_as.as_file_fmt()))
instance_id = "bs%s-%s-1" % (isd_as.isd_str(), isd_as.as_file_fmt())
instance_path = os.path.join(as_path, instance_id)
topo_path = os.path.join(instance_path, TOPO_FILE)
# Credential files for all ASes
as_key_path = {
'cert_path': get_cert_chain_file_path(instance_path, isd_as, INITIAL_CERT_VERSION),
'trc_path': get_trc_file_path(instance_path, isd_as[0], INITIAL_TRC_VERSION),
'enc_key_path': get_enc_key_file_path(instance_path),
'sig_key_path': get_sig_key_file_path(instance_path),
'sig_key_raw_path': get_sig_key_raw_file_path(instance_path),
'as_config_path': os.path.join(instance_path, AS_CONF_FILE),
}
# Credential files for core ASes
core_key_path = {
'core_sig_key_path': get_core_sig_key_file_path(instance_path),
'core_sig_key_raw_path': get_core_sig_key_raw_file_path(instance_path),
'online_key_path': get_online_key_file_path(instance_path),
'online_key_raw_path': get_online_key_raw_file_path(instance_path),
'offline_key_path': get_offline_key_file_path(instance_path),
'offline_key_raw_path': get_offline_key_raw_file_path(instance_path),
}
for key, path in as_key_path.items():
try:
if key.startswith('cert'):
cert = _json_file_to_str(path)
elif key.startswith('trc'):
trc = _json_file_to_str(path)
elif key.startswith('as'):
as_config_dict = _yaml_file_to_dict(path)
key_dict['master_as_key'] = as_config_dict['MasterASKey']
else:
key_name = key[:len(key)-5]
key_dict[key_name] = read_file(path)[:-1]
except IOError as err:
print("IOError({0}): {1}" % (err, path))
exit(1)
tp = Topology.from_file(topo_path)
if tp.is_core_as:
for key, path in core_key_path.items():
try:
key_name = key[:len(key)-5]
core_key_dict[key_name] = read_file(path)[:-1]
except IOError as err:
print("IOError({0}): {1}" % (err, path))
exit(1)
return ASCredential(cert, trc, key_dict, core_key_dict)
def get_some_trc_path(isd_id):
dst_path = get_trc_file_path(isd_id, 0, isd_dir=GEN_PATH)
components = os.path.normpath(dst_path).split(os.sep)
components[-2] = 'AD*'
files_glob = os.path.join(os.sep, *components)
files = glob.glob(files_glob)
if not files:
raise Exception("No TRC files found: cannot generate the package")
return files[0]
def write_certs_trc_keys(isd_as, as_obj, instance_path):
"""
Writes the certificate and the keys for the given service
instance of the given AS.
:param ISD_AS isd_as: ISD the AS belongs to.
:param str instance_path: Location (in the file system) to write
the configuration into.
"""
# write keys
sig_path = get_sig_key_file_path(instance_path)
enc_path = get_enc_key_file_path(instance_path)
write_file(sig_path, as_obj.sig_priv_key)
write_file(enc_path, as_obj.enc_priv_key)
# write cert
cert_chain_path = get_cert_chain_file_path(instance_path, isd_as,
INITIAL_CERT_VERSION)
write_file(cert_chain_path, as_obj.certificate)
# write trc
trc_path = get_trc_file_path(instance_path, isd_as[0], INITIAL_TRC_VERSION)
write_file(trc_path, as_obj.trc)
def write_certs_trc_keys(isd_as, as_obj, instance_path):
"""
Writes the certificate and the keys for the given service
instance of the given AS.
:param ISD_AS isd_as: ISD the AS belongs to.
:param obj as_obj: An object that stores crypto information for AS
:param str instance_path: Location (in the file system) to write
the configuration into.
"""
# write keys
as_key_path = {
'cert':
get_cert_chain_file_path(instance_path, isd_as, INITIAL_CERT_VERSION),
'trc':
get_trc_file_path(instance_path, isd_as[0], INITIAL_TRC_VERSION),
'enc_key':
get_enc_key_file_path(instance_path),
'sig_key':
get_sig_key_file_path(instance_path),
'sig_key_raw':
get_sig_key_raw_file_path(instance_path),
}
core_key_path = {
'core_sig_key': get_core_sig_key_file_path(instance_path),
'core_sig_key_raw': get_core_sig_key_raw_file_path(instance_path),
'online_key': get_online_key_file_path(instance_path),
'online_key_raw': get_online_key_raw_file_path(instance_path),
'offline_key': get_offline_key_file_path(instance_path),
'offline_key_raw': get_offline_key_raw_file_path(instance_path),
}
for key, path in as_key_path.items():
if key == 'cert': # write certificates
write_file(path, as_obj.certificate)
elif key == 'trc': # write trc
write_file(path, as_obj.trc)
else: # write keys
write_file(path, as_obj.keys[key])
if as_obj.core_keys:
for key, path in core_key_path.items():
write_file(path, as_obj.core_keys[key])
def _gen_trc_files(self, topo_id, _):
trc = self.trcs[topo_id[0]]
trc_path = get_trc_file_path("", topo_id[0], INITIAL_TRC_VERSION)
self.trc_files[topo_id][trc_path] = str(trc)