def create_new_ad_files(parent_ad_topo, isd_id, ad_id, out_dir):
assert isinstance(parent_ad_topo, dict), 'Invalid topology dict'
isd_ad_id = '{}-{}'.format(isd_id, ad_id)
ad_dict = {
"default_zookeepers": {"1": {"manage": False, "addr": "localhost"}},
isd_ad_id: {'level': 'LEAF'},
}
gen = ConfigGenerator(out_dir=out_dir)
path_policy_file = DEFAULT_PATH_POLICY_FILE
zk_config = DEFAULT_ZK_CONFIG
# Write basic config files for the new AD
with tempfile.NamedTemporaryFile('w') as temp_fh:
json.dump(ad_dict, temp_fh)
temp_fh.flush()
gen.generate_all(temp_fh.name, path_policy_file, zk_config)
# Copy TRC file
trc_path = get_some_trc_path(isd_id)
if trc_path:
dst_path = get_trc_file_path(isd_id, ad_id, isd_id, 0,
isd_dir=out_dir)
shutil.copyfile(trc_path, dst_path)
new_topo_path = gen.path_dict(isd_id, ad_id)['topo_file_abs']
new_topo_file = read_file(new_topo_path)
new_topo = json.loads(new_topo_file)
existing_topo, new_topo = link_topologies(parent_ad_topo, new_topo,
'PARENT_CHILD')
# Update the config files for the new AD
write_file(new_topo_path, json.dumps(new_topo, sort_keys=4, indent=4))
gen.write_derivatives(new_topo)
return new_topo, existing_topo
def get_some_trc_path(isd_id):
dst_path = get_trc_file_path(isd_id, 0, isd_dir=GEN_PATH)
components = os.path.normpath(dst_path).split(os.sep)
components[-2] = 'AD*'
files_glob = os.path.join(os.sep, *components)
files = glob.glob(files_glob)
if not files:
raise Exception("No TRC files found: cannot generate the package")
return files[0]
def get_some_trc_path(isd_id):
dst_path = get_trc_file_path(isd_id, 0, isd_dir=GEN_PATH)
components = os.path.normpath(dst_path).split(os.sep)
components[-2] = 'AD*'
files_glob = os.path.join(os.sep, *components)
files = glob.glob(files_glob)
if not files:
raise Exception("No TRC files found: cannot generate the package")
return files[0]
def create_new_ad_files(parent_ad_topo, isd_id, ad_id, out_dir):
assert isinstance(parent_ad_topo, dict), 'Invalid topology dict'
isd_ad_id = '{}-{}'.format(isd_id, ad_id)
ad_dict = {
"default_zookeepers": {
"1": {
"manage": False,
"addr": "localhost"
}
},
isd_ad_id: {
'level': 'LEAF'
},
}
gen = ConfigGenerator(out_dir=out_dir)
path_policy_file = DEFAULT_PATH_POLICY_FILE
zk_config = DEFAULT_ZK_CONFIG
# Write basic config files for the new AD
with tempfile.NamedTemporaryFile('w') as temp_fh:
json.dump(ad_dict, temp_fh)
temp_fh.flush()
gen.generate_all(temp_fh.name, path_policy_file, zk_config)
# Copy TRC file
trc_path = get_some_trc_path(isd_id)
if trc_path:
dst_path = get_trc_file_path(isd_id, ad_id, isd_id, 0, isd_dir=out_dir)
shutil.copyfile(trc_path, dst_path)
new_topo_path = gen.path_dict(isd_id, ad_id)['topo_file_abs']
new_topo_file = read_file(new_topo_path)
new_topo = json.loads(new_topo_file)
existing_topo, new_topo = link_topologies(parent_ad_topo, new_topo,
'PARENT_CHILD')
# Update the config files for the new AD
write_file(new_topo_path, json.dumps(new_topo, sort_keys=4, indent=4))
gen.write_derivatives(new_topo)
return new_topo, existing_topo
def _gen_trc_files(self, topo_id, _):
for isd in self.trcs:
trc_path = get_trc_file_path("", isd, INITIAL_TRC_VERSION)
self.trc_files[topo_id][trc_path] = str(self.trcs[isd])
def _gen_trc_files(self, topo_id, _):
trc = self.trcs[topo_id[0]]
trc_path = get_trc_file_path("", topo_id[0], INITIAL_TRC_VERSION)
self.trc_files[topo_id][trc_path] = str(trc)
def test(self):
"""
Create a certificate chain and verify it with a TRC file. Sign a message
with the private key of the last certificate in the chain and verify it.
"""
cert10 = CertificateChain(get_cert_chain_file_path(1, 10, 1, 10, 0))
trc = TRC(get_trc_file_path(1, 10, 1, 0))
print('TRC verification', trc.verify())
print('Cert Chain verification:', cert10.verify('ISD:1-AD:10', trc, 0))
sig_priv10 = read_file(get_sig_key_file_path(1, 10))
sig_priv10 = base64.b64decode(sig_priv10)
msg = b'abcd'
sig = sign(msg, sig_priv10)
print('Sig test:', verify_sig_chain_trc(msg, sig, 'ISD:1-AD:10', cert10,
trc, 0))
sig_priv13 = read_file(get_sig_key_file_path(1, 13))
sig_priv13 = base64.b64decode(sig_priv13)
msg = b'abd'
sig = sign(msg, sig_priv13)
CertificateChain.from_values([])
print('Sig test 2:', verify_sig_chain_trc(msg, sig, 'ISD:1-AD:13',
cert10, trc, 0), '\n')
topology = Topology.from_file(
"topology/ISD1/topologies/ISD:1-AD:10.json")
src_addr = SCIONAddr.from_values(topology.isd_id, topology.ad_id,
IPv4Address("127.0.0.1"))
dst_addr = topology.certificate_servers[0].addr
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.bind((str(src_addr.host_addr), SCION_UDP_PORT))
print("Sending TRC request (ISD:1-V:0) to local CS.")
msg = TRCRequest.from_values(
PT.TRC_REQ_LOCAL, src_addr,
topology.parent_border_routers[0].interface.if_id,
topology.isd_id, topology.ad_id, 1, 0).pack()
sock.sendto(msg, (str(dst_addr), SCION_UDP_PORT))
temp_file = './temp.txt'
timeout = 5
ready = select.select([sock], [], [], timeout)
if not ready[0]:
print("Error: no TRC reply was received!")
sock.close()
return
data, _ = sock.recvfrom(SCION_BUFLEN)
print("Received TRC reply from local CS.")
trc_reply = TRCReply(data)
write_file(temp_file, trc_reply.trc.decode('utf-8'))
trc = TRC(temp_file)
assert trc.verify()
print("Sending cert chain request (ISD:1-AD:16-V:0) to local CS.")
msg = CertChainRequest.from_values(
PT.CERT_CHAIN_REQ_LOCAL, src_addr,
topology.parent_border_routers[0].interface.if_id,
topology.isd_id, topology.ad_id, 1, 16, 0).pack()
sock.sendto(msg, (str(dst_addr), SCION_UDP_PORT))
ready = select.select([sock], [], [], timeout)
if not ready[0]:
print("Error: no cert chain reply was received!")
sock.close()
return
data, _ = sock.recvfrom(SCION_BUFLEN)
print("Received cert chain reply from local CS.")
cert_chain_reply = CertChainReply(data)
write_file(temp_file, cert_chain_reply.cert_chain.decode('utf-8'))
cert_chain = CertificateChain(temp_file)
assert cert_chain.verify('ISD:1-AD:16', trc, 0)
os.remove(temp_file)
sock.close()