When generating from config, Ursula's TLS cert uses her new wallet address (that has just been generated during the same call).

pull/632/head
jMyles 2019-01-11 08:50:15 -05:00
parent 12d5ab0489
commit 242dbb9b50
4 changed files with 10 additions and 17 deletions

View File

@ -98,21 +98,20 @@ class UrsulaConfiguration(NodeConfiguration):
return ursula_config
def write_keyring(self,
host: str,
password: str,
checksum_address: str,
encrypting: bool = True,
wallet: bool = False,
rest: bool = True,
tls_curve: EllipticCurve = None,
wallet: bool = True,
) -> NucypherKeyring:
host = self.rest_host
tls_curve = self.tls_curve
self.keyring = NucypherKeyring.generate(password=password,
encrypting=encrypting,
wallet=wallet,
rest=rest,
rest=True,
host=host,
checksum_address=checksum_address,
# checksum_address=checksum_address, # TODO: Do we actually want to allow passing this? Or force the use of the new address that comes from the wallet being created?
curve=tls_curve,
keyring_root=self.keyring_dir)

View File

@ -520,7 +520,6 @@ class NucypherKeyring:
wallet: bool = True,
rest: bool = False,
host: str = None,
checksum_address: str = None,
curve: EllipticCurve = None,
keyring_root: str = None,
) -> 'NucypherKeyring':
@ -627,9 +626,9 @@ class NucypherKeyring:
)
if rest is True:
if not all((host, curve, checksum_address)):
if not all((host, curve, new_address)): # TODO: Do we want to allow showing up with an old wallet and generating a new cert? Probably.
raise ValueError("host, checksum_address and curve are required to make a new keyring TLS certificate. Got {}, {}".format(host, curve))
private_key, cert = _generate_tls_keys(host=host, checksum_address=checksum_address, curve=curve)
private_key, cert = _generate_tls_keys(host=host, checksum_address=new_address, curve=curve)
def __serialize_pem(pk):
return pk.private_bytes(

View File

@ -520,13 +520,7 @@ class NodeConfiguration(ABC):
# Keyring
if not self.dev_mode:
os.mkdir(self.keyring_dir, mode=0o700) # keyring TODO: Keyring backend entry point
# TODO: How will we canonically determine the initial keyring contents? Using this private attr is clearly not the way.
if TLSHostingPower in self._CHARACTER_CLASS._default_crypto_powerups:
# TODO: Thread checksum_address through this needle somehow.
self.write_keyring(password=password, host=self.rest_host, tls_curve=self.tls_curve)
else:
self.write_keyring(password=password)
self.write_keyring(password=password)
# Registry
if import_registry and not self.federated_only:

View File

@ -900,6 +900,7 @@ class Teacher:
self.validate_metadata(accept_federated_only) # This is both the stamp and interface check.
if not certificate_filepath:
if not self.certificate_filepath:
raise TypeError("We haven't saved a certificate for this node yet.")
else: