def _create_trc(self, isd): quorum_trc = min(self.core_count[isd], MAX_QUORUM_TRC) self.trcs[isd] = TRC.from_values(isd, "ISD %s" % isd, INITIAL_TRC_VERSION, {}, {}, {}, THRESHOLD_EEPKI, {}, quorum_trc, MAX_QUORUM_CAS, INITIAL_GRACE_PERIOD, False, {}, DEFAULT_TRC_VALIDITY)
def generate_trc(isd): """ Create or update the TRC for the given ISD. Returns the TRC as a dict and a dict containing the private keys needed to sign the next TRC version. :param ISD isd: :returns: (dict, dict) TRC, trc_priv_keys """ if isd.trc: version = isd.trc['Version'] + 1 else: version = 1 core_ases = list(isd.ases.filter(is_core=True)) core_ases_keys = { as_.isd_as_str(): { ONLINE_KEY_STRING: as_.core_online_pub_key, ONLINE_KEY_ALG_STRING: KEYGEN_ALG, OFFLINE_KEY_STRING: as_.core_offline_pub_key, OFFLINE_KEY_ALG_STRING: KEYGEN_ALG } for as_ in core_ases } trc = TRC.from_values(isd=isd.isd_id, description=str(isd), version=version, core_ases=core_ases_keys, root_cas={}, cert_logs={}, threshold_eepki=0, rains={}, quorum_trc=len(core_ases), quorum_cas=0, grace_period=0, quarantine=False, signatures={}, validity_period=TRC_VALIDITY_PERIOD) # Sign with private keys corresponding to public keys (core AS online public keys) in previous # TRC version # For initial version simply use the private online keys core_ases_online_priv_keys = { as_.isd_as_str(): as_.core_online_priv_key for as_ in core_ases } signing_keys = isd.trc_priv_keys or core_ases_online_priv_keys for isd_as, sig_priv_key in signing_keys.items(): trc.sign(isd_as, base64.b64decode(sig_priv_key)) # Return trc and signing keys for next version: # The keys and signatures are contained as bytes-objects in the dict returned, encode them return _base64encode_dict( trc.dict(with_signatures=True)), core_ases_online_priv_keys
def _create_trc(self, isd): self.trcs[isd] = TRC.from_values(isd, "ISD %s" % isd, 0, {}, {}, {}, 2, 'dns_srv_addr', 2, 3, 18000, True, {})
def _create_trc(self, isd): self.trcs[isd] = TRC.from_values(isd, 0, {}, {'ca.com': 'ca.com_cert_base64'}, {}, 2, 'dns_srv_addr', 'dns_srv_cert', 2, 3, 2, True, {}, 18000)
def _create_trc(self, isd): validity_period = TRC.VALIDITY_PERIOD self.trcs[isd] = TRC.from_values(isd, "ISD %s" % isd, INITIAL_TRC_VERSION, {}, {}, {}, 2, {}, 2, 3, 18000, False, {}, validity_period)