mirror of https://github.com/nucypher/nucypher.git
When generating from config, Ursula's TLS cert uses her new wallet address (that has just been generated during the same call).
parent
12d5ab0489
commit
242dbb9b50
|
@ -98,21 +98,20 @@ class UrsulaConfiguration(NodeConfiguration):
|
|||
return ursula_config
|
||||
|
||||
def write_keyring(self,
|
||||
host: str,
|
||||
password: str,
|
||||
checksum_address: str,
|
||||
encrypting: bool = True,
|
||||
wallet: bool = False,
|
||||
rest: bool = True,
|
||||
tls_curve: EllipticCurve = None,
|
||||
wallet: bool = True,
|
||||
) -> NucypherKeyring:
|
||||
|
||||
host = self.rest_host
|
||||
tls_curve = self.tls_curve
|
||||
|
||||
self.keyring = NucypherKeyring.generate(password=password,
|
||||
encrypting=encrypting,
|
||||
wallet=wallet,
|
||||
rest=rest,
|
||||
rest=True,
|
||||
host=host,
|
||||
checksum_address=checksum_address,
|
||||
# checksum_address=checksum_address, # TODO: Do we actually want to allow passing this? Or force the use of the new address that comes from the wallet being created?
|
||||
curve=tls_curve,
|
||||
keyring_root=self.keyring_dir)
|
||||
|
||||
|
|
|
@ -520,7 +520,6 @@ class NucypherKeyring:
|
|||
wallet: bool = True,
|
||||
rest: bool = False,
|
||||
host: str = None,
|
||||
checksum_address: str = None,
|
||||
curve: EllipticCurve = None,
|
||||
keyring_root: str = None,
|
||||
) -> 'NucypherKeyring':
|
||||
|
@ -627,9 +626,9 @@ class NucypherKeyring:
|
|||
)
|
||||
|
||||
if rest is True:
|
||||
if not all((host, curve, checksum_address)):
|
||||
if not all((host, curve, new_address)): # TODO: Do we want to allow showing up with an old wallet and generating a new cert? Probably.
|
||||
raise ValueError("host, checksum_address and curve are required to make a new keyring TLS certificate. Got {}, {}".format(host, curve))
|
||||
private_key, cert = _generate_tls_keys(host=host, checksum_address=checksum_address, curve=curve)
|
||||
private_key, cert = _generate_tls_keys(host=host, checksum_address=new_address, curve=curve)
|
||||
|
||||
def __serialize_pem(pk):
|
||||
return pk.private_bytes(
|
||||
|
|
|
@ -520,13 +520,7 @@ class NodeConfiguration(ABC):
|
|||
# Keyring
|
||||
if not self.dev_mode:
|
||||
os.mkdir(self.keyring_dir, mode=0o700) # keyring TODO: Keyring backend entry point
|
||||
|
||||
# TODO: How will we canonically determine the initial keyring contents? Using this private attr is clearly not the way.
|
||||
if TLSHostingPower in self._CHARACTER_CLASS._default_crypto_powerups:
|
||||
# TODO: Thread checksum_address through this needle somehow.
|
||||
self.write_keyring(password=password, host=self.rest_host, tls_curve=self.tls_curve)
|
||||
else:
|
||||
self.write_keyring(password=password)
|
||||
self.write_keyring(password=password)
|
||||
|
||||
# Registry
|
||||
if import_registry and not self.federated_only:
|
||||
|
|
|
@ -900,6 +900,7 @@ class Teacher:
|
|||
self.validate_metadata(accept_federated_only) # This is both the stamp and interface check.
|
||||
|
||||
if not certificate_filepath:
|
||||
|
||||
if not self.certificate_filepath:
|
||||
raise TypeError("We haven't saved a certificate for this node yet.")
|
||||
else:
|
||||
|
|
Loading…
Reference in New Issue