mirror of https://github.com/nucypher/nucypher.git
Fixing up other cert-saving places, making middleware use existing certs and simple reference to rest interface.
jMyles
parent
dbe59d79e5
commit
7f45bd020a
|
|
@ -13,7 +13,7 @@ from umbral.keys import UmbralPrivateKey, UmbralPublicKey
|
|||
from umbral.signing import Signature, Signer
|
||||
|
||||
from nucypher.crypto import api as API
|
||||
from nucypher.crypto.api import generate_self_signed_certificate, load_tls_certificate
|
||||
from nucypher.crypto.api import generate_self_signed_certificate, load_tls_certificate, _save_tls_certificate
|
||||
from nucypher.crypto.kits import MessageKit
|
||||
from nucypher.crypto.signing import SignatureStamp, StrangerStamp
|
||||
|
||||
|
|
@ -157,7 +157,7 @@ class HostingKeypair(Keypair):
|
|||
"But for that, you need to pass both host and common_name.."
|
||||
raise TypeError(message)
|
||||
|
||||
certificate, private_key, certificate_filepath = generate_self_signed_certificate(common_name=common_name,
|
||||
certificate, private_key = generate_self_signed_certificate(common_name=common_name,
|
||||
private_key=private_key,
|
||||
curve=self.curve,
|
||||
host=host,
|
||||
|
|
|
|||
|
|
@ -2,25 +2,22 @@ import requests
|
|||
|
||||
from bytestring_splitter import BytestringSplitter, VariableLengthBytestring
|
||||
|
||||
from nucypher.crypto.api import load_tls_certificate
|
||||
from umbral.fragments import CapsuleFrag
|
||||
|
||||
|
||||
class RestMiddleware:
|
||||
|
||||
def consider_arrangement(self, arrangement, certificate_path):
|
||||
def consider_arrangement(self, arrangement):
|
||||
node = arrangement.ursula
|
||||
port = node.rest_interface.port
|
||||
address = node.rest_interface.host
|
||||
response = requests.post("https://{}:{}/consider_arrangement".format(address, port), bytes(arrangement), verify=certificate_path)
|
||||
response = requests.post("https://{}/consider_arrangement".format(node.rest_interface), bytes(arrangement),
|
||||
verify=arrangement.ursula.certificate_filepath)
|
||||
if not response.status_code == 200:
|
||||
raise RuntimeError("Bad response: {}".format(response.content))
|
||||
return response
|
||||
|
||||
def enact_policy(self, ursula, id, payload, certificate_path):
|
||||
port = ursula.rest_interface.port
|
||||
address = ursula.rest_interface.host
|
||||
response = requests.post('https://{}:{}/kFrag/{}'.format(address, port, id.hex()), payload, verify=certificate_path)
|
||||
def enact_policy(self, ursula, id, payload):
|
||||
response = requests.post('https://{}/kFrag/{}'.format(ursula.rest_interface, id.hex()), payload,
|
||||
verify=ursula.certificate_filepath)
|
||||
if not response.status_code == 200:
|
||||
raise RuntimeError("Bad response: {}".format(response.content))
|
||||
return True, ursula.stamp.as_umbral_pubkey()
|
||||
|
|
@ -34,25 +31,21 @@ class RestMiddleware:
|
|||
def get_competitive_rate(self):
|
||||
return NotImplemented
|
||||
|
||||
def get_treasure_map_from_node(self, node, map_id, certificate_path):
|
||||
port = node.rest_interface.port
|
||||
address = node.rest_interface.host
|
||||
endpoint = "https://{}:{}/treasure_map/{}".format(address, port, map_id)
|
||||
response = requests.get(endpoint, verify=certificate_path)
|
||||
def get_treasure_map_from_node(self, node, map_id):
|
||||
endpoint = "https://{}/treasure_map/{}".format(node.rest_interface, map_id)
|
||||
response = requests.get(endpoint, verify=node.certificate_filepath)
|
||||
return response
|
||||
|
||||
def put_treasure_map_on_node(self, node, map_id, map_payload, certificate_path):
|
||||
port = node.rest_interface.port
|
||||
address = node.rest_interface.host
|
||||
endpoint = "https://{}:{}/treasure_map/{}".format(address, port, map_id)
|
||||
response = requests.post(endpoint, data=map_payload, verify=certificate_path)
|
||||
def put_treasure_map_on_node(self, node, map_id, map_payload):
|
||||
endpoint = "https://{}/treasure_map/{}".format(node.rest_interface, map_id)
|
||||
response = requests.post(endpoint, data=map_payload, verify=node.certificate_filepath)
|
||||
return response
|
||||
|
||||
def send_work_order_payload_to_ursula(self, work_order):
|
||||
payload = work_order.payload()
|
||||
id_as_hex = work_order.arrangement_id.hex()
|
||||
endpoint = 'https://{}/kFrag/{}/reencrypt'.format(work_order.ursula.rest_url(), id_as_hex)
|
||||
return requests.post(endpoint, payload, verify=work_order.ursula.certificate_path)
|
||||
endpoint = 'https://{}/kFrag/{}/reencrypt'.format(work_order.ursula.rest_interface, id_as_hex)
|
||||
return requests.post(endpoint, payload, verify=work_order.ursula.certificate_filepath)
|
||||
|
||||
def node_information(self, host, port, certificate_path=None):
|
||||
endpoint = "https://{}:{}/public_information".format(host, port)
|
||||
|
|
@ -75,6 +68,6 @@ class RestMiddleware:
|
|||
verify=certificate_path,
|
||||
data=payload)
|
||||
else:
|
||||
response = requests.get("https://{}node_metadata".format(url),
|
||||
response = requests.get("https://{}/node_metadata".format(url),
|
||||
verify=certificate_path)
|
||||
return response
|
||||
|
|
|
|||
|
|
@ -1,8 +1,11 @@
|
|||
import OpenSSL
|
||||
from constant_sorrow import constants
|
||||
from eth_keys.datatypes import Signature as EthSignature
|
||||
|
||||
from nucypher.crypto.api import _save_tls_certificate
|
||||
from nucypher.crypto.powers import BlockchainPower, SigningPower, EncryptingPower, NoSigningPower
|
||||
from nucypher.network.protocols import SuspiciousActivity
|
||||
from nucypher.network.server import TLSHostingPower
|
||||
from nucypher.utilities.sandbox.constants import TEST_URSULA_INSECURE_DEVELOPMENT_PASSWORD
|
||||
|
||||
|
||||
|
|
@ -18,7 +21,7 @@ class VerifiableNode:
|
|||
certificate_filepath: str = None,
|
||||
) -> None:
|
||||
|
||||
self.certificate_filepath = certificate_filepath
|
||||
self.certificate_filepath = certificate_filepath # TODO: This gets messy when it is None (although it being None is actually reasonable in some cases, at least for testing). Let's make this a method instead that inspects the TLSHostingPower (similar to get_deployer()).
|
||||
self._interface_signature_object = interface_signature
|
||||
|
||||
class InvalidNode(SuspiciousActivity):
|
||||
|
|
|
|||
|
|
@ -288,10 +288,18 @@ class TLSHostingPower(KeyPairBasedPower):
|
|||
rest_server,
|
||||
certificate_filepath=None,
|
||||
certificate=None,
|
||||
certificate_dir=None,
|
||||
common_name=None, # TODO: Is this actually optional?
|
||||
*args, **kwargs) -> None:
|
||||
|
||||
if certificate and certificate_filepath:
|
||||
# TODO: Design decision here: if they do pass both, and they're identical, do we let that slide?
|
||||
raise ValueError("Pass either a certificate or a certificate_filepath - what do you even expect from passing both?")
|
||||
|
||||
if certificate:
|
||||
kwargs['keypair'] = HostingKeypair(certificate=certificate)
|
||||
kwargs['keypair'] = HostingKeypair(certificate=certificate,
|
||||
certificate_dir=certificate_dir,
|
||||
common_name=common_name)
|
||||
elif certificate_filepath:
|
||||
kwargs['keypair'] = HostingKeypair(certificate_filepath=certificate_filepath)
|
||||
self.rest_server = rest_server
|
||||
|
|
|
|||
|
|
@ -47,8 +47,6 @@ class MockRestMiddleware(RestMiddleware):
|
|||
mock_client = self._get_mock_client_by_ursula(work_order.ursula)
|
||||
payload = work_order.payload()
|
||||
id_as_hex = work_order.arrangement_id.hex()
|
||||
|
||||
assert os.path.exists(work_order.ursula.certificate_filepath), 'TLS Certificate does not exist on the filesystem'
|
||||
return mock_client.post('http://localhost/kFrag/{}/reencrypt'.format(id_as_hex), payload)
|
||||
|
||||
def get_treasure_map_from_node(self, node, map_id):
|
||||
|
|
|
|||
Loading…
Reference in New Issue