class TrustAnchorRefreshManager(object):
"""
Manages the trust-anchor certificates, including refresh.
"""
def __init__(self):
super(TrustAnchorRefreshManager, self).__init__()
self._certificateCache = CertificateCache()
# maps the directory name to certificate names so they can be
# deleted when necessary
self._refreshDirectories = {}
@staticmethod
def loadIdentityCertificateFromFile(filename):
with open(filename, 'r') as certFile:
encodedData = certFile.read()
decodedData = b64decode(encodedData)
cert = IdentityCertificate()
cert.wireDecode(Blob(decodedData, False))
return cert
def getCertificate(self, certificateName):
# assumes timestamp is already removed
return self._certificateCache.getCertificate(certificateName)
# refershPeriod in milliseconds.
def addDirectory(self, directoryName, refreshPeriod):
allFiles = [
f for f in os.listdir(directoryName)
if os.path.isfile(os.path.join(directoryName, f))
]
certificateNames = []
for f in allFiles:
try:
fullPath = os.path.join(directoryName, f)
cert = self.loadIdentityCertificateFromFile(fullPath)
except SecurityException:
pass # allow files that are not certificates
else:
# cut off timestamp so it matches KeyLocator Name format
certUri = cert.getName()[:-1].toUri()
self._certificateCache.insertCertificate(cert)
certificateNames.append(certUri)
self._refreshDirectories[directoryName] = {
'certificates': certificateNames,
'nextRefresh': Common.getNowMilliseconds() + refreshPeriod,
'refreshPeriod': refreshPeriod
}
def refreshAnchors(self):
refreshTime = Common.getNowMilliseconds()
for directory, info in self._refreshDirectories.items():
nextRefreshTime = info['nextRefresh']
if nextRefreshTime <= refreshTime:
certificateList = info['certificates'][:]
# delete the certificates associated with this directory if possible
# then re-import
# IdentityStorage subclasses may not support deletion
# should we be deleting
for c in certificateList:
try:
self._certificateCache.deleteCertificate(Name(c))
except KeyError:
# was already removed? not supported?
pass
self.addDirectory(directory, info['refreshPeriod'])
class TrustAnchorRefreshManager(object):
"""
Manages the trust-anchor certificates, including refresh.
"""
def __init__(self, isSecurityV1):
self._isSecurityV1 = isSecurityV1
self._certificateCache = CertificateCache()
self._certificateCacheV2 = CertificateCacheV2()
# maps the directory name to certificate names so they can be
# deleted when necessary
self._refreshDirectories = {}
@staticmethod
def loadIdentityCertificateFromFile(filename):
"""
:param str filename:
:rtype: IdentityCertificate
"""
with open(filename, 'r') as certFile:
encodedData = certFile.read()
decodedData = b64decode(encodedData)
cert = IdentityCertificate()
cert.wireDecode(Blob(decodedData, False))
return cert
@staticmethod
def loadCertificateV2FromFile(filename):
"""
:param str filename:
:rtype: CertificateV2
"""
with open(filename, 'r') as certFile:
encodedData = certFile.read()
decodedData = b64decode(encodedData)
cert = CertificateV2()
cert.wireDecode(Blob(decodedData, False))
return cert
def getCertificate(self, certificateName):
"""
:param Name certificateName:
:rtype: IdentityCertificate
"""
if not self._isSecurityV1:
raise SecurityException(
"getCertificate: For security v2, use getCertificateV2()")
# assumes timestamp is already removed
return self._certificateCache.getCertificate(certificateName)
def getCertificateV2(self, certificateName):
"""
:param Name certificateName:
:rtype: CertificateV2
"""
if self._isSecurityV1:
raise SecurityException(
"getCertificateV2: For security v1, use getCertificate()")
# assumes timestamp is already removed
return self._certificateCacheV2.find(certificateName)
# refershPeriod in milliseconds.
def addDirectory(self, directoryName, refreshPeriod):
allFiles = [
f for f in os.listdir(directoryName)
if os.path.isfile(os.path.join(directoryName, f))
]
certificateNames = []
for f in allFiles:
if self._isSecurityV1:
try:
fullPath = os.path.join(directoryName, f)
cert = self.loadIdentityCertificateFromFile(fullPath)
except Exception:
pass # allow files that are not certificates
else:
# Cut off the timestamp so it matches KeyLocator Name format.
certUri = cert.getName()[:-1].toUri()
self._certificateCache.insertCertificate(cert)
certificateNames.append(certUri)
else:
try:
fullPath = os.path.join(directoryName, f)
cert = self.loadCertificateV2FromFile(fullPath)
except Exception:
pass # allow files that are not certificates
else:
# Get the key name since this is in the KeyLocator.
certUri = CertificateV2.extractKeyNameFromCertName(
cert.getName()).toUri()
self._certificateCacheV2.insert(cert)
certificateNames.append(certUri)
self._refreshDirectories[directoryName] = {
'certificates': certificateNames,
'nextRefresh': Common.getNowMilliseconds() + refreshPeriod,
'refreshPeriod': refreshPeriod
}
def refreshAnchors(self):
refreshTime = Common.getNowMilliseconds()
for directory, info in self._refreshDirectories.items():
nextRefreshTime = info['nextRefresh']
if nextRefreshTime <= refreshTime:
certificateList = info['certificates'][:]
# delete the certificates associated with this directory if possible
# then re-import
# IdentityStorage subclasses may not support deletion
# should we be deleting
for c in certificateList:
try:
if self._isSecurityV1:
self._certificateCache.deleteCertificate(Name(c))
else:
# The name in the CertificateCacheV2 contains the
# but the name in the certificateList does not, so
# find the certificate based on the prefix first.
foundCertificate = self._certificateCacheV2.find(
Name(c))
if foundCertificate != None:
self._certificateCacheV2.deleteCertificate(
foundCertificate.getName())
except KeyError:
# was already removed? not supported?
pass
self.addDirectory(directory, info['refreshPeriod'])
class TrustAnchorRefreshManager(object):
"""
Manages the trust-anchor certificates, including refresh.
"""
def __init__(self):
super(TrustAnchorRefreshManager, self).__init__()
self._certificateCache = CertificateCache()
# maps the directory name to certificate names so they can be
# deleted when necessary
self._refreshDirectories = {}
@staticmethod
def loadIdentityCertificateFromFile(filename):
with open(filename, 'r') as certFile:
encodedData = certFile.read()
decodedData = b64decode(encodedData)
cert = IdentityCertificate()
cert.wireDecode(Blob(decodedData, False))
return cert
def getCertificate(self, certificateName):
# assumes timestamp is already removed
return self._certificateCache.getCertificate(certificateName)
# refershPeriod in milliseconds.
def addDirectory(self, directoryName, refreshPeriod):
allFiles = [f for f in os.listdir(directoryName)
if os.path.isfile(os.path.join(directoryName, f))]
certificateNames = []
for f in allFiles:
try:
fullPath = os.path.join(directoryName, f)
cert = self.loadIdentityCertificateFromFile(fullPath)
except SecurityException:
pass # allow files that are not certificates
else:
# cut off timestamp so it matches KeyLocator Name format
certUri = cert.getName()[:-1].toUri()
self._certificateCache.insertCertificate(cert)
certificateNames.append(certUri)
self._refreshDirectories[directoryName] = {
'certificates': certificateNames,
'nextRefresh': Common.getNowMilliseconds() + refreshPeriod,
'refreshPeriod':refreshPeriod }
def refreshAnchors(self):
refreshTime = Common.getNowMilliseconds()
for directory, info in self._refreshDirectories.items():
nextRefreshTime = info['nextRefresh']
if nextRefreshTime <= refreshTime:
certificateList = info['certificates'][:]
# delete the certificates associated with this directory if possible
# then re-import
# IdentityStorage subclasses may not support deletion
# should we be deleting
for c in certificateList:
try:
self._certificateCache.deleteCertificate(Name(c))
except KeyError:
# was already removed? not supported?
pass
self.addDirectory(directory, info['refreshPeriod'])
class TrustAnchorRefreshManager(object):
"""
Manages the trust-anchor certificates, including refresh.
"""
def __init__(self, isSecurityV1):
self._isSecurityV1 = isSecurityV1
self._certificateCache = CertificateCache()
self._certificateCacheV2 = CertificateCacheV2()
# maps the directory name to certificate names so they can be
# deleted when necessary
self._refreshDirectories = {}
@staticmethod
def loadIdentityCertificateFromFile(filename):
"""
:param str filename:
:rtype: IdentityCertificate
"""
with open(filename, 'r') as certFile:
encodedData = certFile.read()
decodedData = b64decode(encodedData)
cert = IdentityCertificate()
cert.wireDecode(Blob(decodedData, False))
return cert
@staticmethod
def loadCertificateV2FromFile(filename):
"""
:param str filename:
:rtype: CertificateV2
"""
with open(filename, 'r') as certFile:
encodedData = certFile.read()
decodedData = b64decode(encodedData)
cert = CertificateV2()
cert.wireDecode(Blob(decodedData, False))
return cert
def getCertificate(self, certificateName):
"""
:param Name certificateName:
:rtype: IdentityCertificate
"""
if not self._isSecurityV1:
raise SecurityException(
"getCertificate: For security v2, use getCertificateV2()")
# assumes timestamp is already removed
return self._certificateCache.getCertificate(certificateName)
def getCertificateV2(self, certificateName):
"""
:param Name certificateName:
:rtype: CertificateV2
"""
if self._isSecurityV1:
raise SecurityException(
"getCertificateV2: For security v1, use getCertificate()")
# assumes timestamp is already removed
return self._certificateCacheV2.find(certificateName)
# refershPeriod in milliseconds.
def addDirectory(self, directoryName, refreshPeriod):
allFiles = [f for f in os.listdir(directoryName)
if os.path.isfile(os.path.join(directoryName, f))]
certificateNames = []
for f in allFiles:
if self._isSecurityV1:
try:
fullPath = os.path.join(directoryName, f)
cert = self.loadIdentityCertificateFromFile(fullPath)
except Exception:
pass # allow files that are not certificates
else:
# Cut off the timestamp so it matches KeyLocator Name format.
certUri = cert.getName()[:-1].toUri()
self._certificateCache.insertCertificate(cert)
certificateNames.append(certUri)
else:
try:
fullPath = os.path.join(directoryName, f)
cert = self.loadCertificateV2FromFile(fullPath)
except Exception:
pass # allow files that are not certificates
else:
# Get the key name since this is in the KeyLocator.
certUri = CertificateV2.extractKeyNameFromCertName(
cert.getName()).toUri()
self._certificateCacheV2.insert(cert)
certificateNames.append(certUri)
self._refreshDirectories[directoryName] = {
'certificates': certificateNames,
'nextRefresh': Common.getNowMilliseconds() + refreshPeriod,
'refreshPeriod':refreshPeriod }
def refreshAnchors(self):
refreshTime = Common.getNowMilliseconds()
for directory, info in self._refreshDirectories.items():
nextRefreshTime = info['nextRefresh']
if nextRefreshTime <= refreshTime:
certificateList = info['certificates'][:]
# delete the certificates associated with this directory if possible
# then re-import
# IdentityStorage subclasses may not support deletion
# should we be deleting
for c in certificateList:
try:
if self._isSecurityV1:
self._certificateCache.deleteCertificate(Name(c))
else:
# The name in the CertificateCacheV2 contains the
# but the name in the certificateList does not, so
# find the certificate based on the prefix first.
foundCertificate = self._certificateCacheV2.find(Name(c))
if foundCertificate != None:
self._certificateCacheV2.deleteCertificate(
foundCertificate.getName())
except KeyError:
# was already removed? not supported?
pass
self.addDirectory(directory, info['refreshPeriod'])
