Updated Finnegan's Wake demo to use TLS.

2018-03-06 17:52:23 -08:00 · 2018-03-06 17:52:23 -08:00 · d289ac31e8
parent 53a0a33f6a
commit d289ac31e8
4 changed files with 31 additions and 14 deletions
--- a/entry_points/run_ursula_with_rest_and_dht_but_no_mining.py
+++ b/entry_points/run_ursula_with_rest_and_dht_but_no_mining.py
@ -3,18 +3,33 @@
 # It might be (but might not be) useful for determining whether you have
 # the proper depedencies and configuration to run an actual mining node.

-# WIP w/ hendrix@83519da900a258d8e27a3b1fedee949414d2de26
+# WIP w/ hendrix@tags/3.3.0rc1

 import os
+
+from cryptography.hazmat.primitives.asymmetric import ec
+
+from hendrix.deploy.ssl import HendrixDeployTLS
+from hendrix.facilities.services import ExistingKeyTLSContextFactory
 from nkms.characters import Ursula
+from OpenSSL.crypto import X509
+
+from nkms.crypto.api import generate_self_signed_certificate
+
 DB_NAME = "non-mining-proxy-node"

 _URSULA = Ursula(dht_port=3501, dht_interface="localhost", db_name=DB_NAME)
 _URSULA.listen()

-from hendrix.deploy.base import HendrixDeploy
+CURVE = ec.SECP256R1
+cert, private_key = generate_self_signed_certificate(_URSULA.stamp.fingerprint().decode(), CURVE)

-deployer = HendrixDeploy("start", {"wsgi":_URSULA.rest_app, "http_port": 3500})
+deployer = HendrixDeployTLS("start",
+                            {"wsgi":_URSULA.rest_app, "https_port": 3550},
+                            key=private_key,
+                            cert=X509.from_cryptography(cert),
+                            context_factory=ExistingKeyTLSContextFactory,
+                            context_factory_kwargs={"curve_name": "prime256v1"})

 try:
    deployer.run()
--- a/examples/alicebob-grant-and-line-by-line-PRE.py
+++ b/examples/alicebob-grant-and-line-by-line-PRE.py
@ -16,25 +16,25 @@ from umbral import pre

 ALICE = Alice()
 BOB = Bob()
-URSULA = Ursula.from_rest_url(address="http://localhost", port="3500")
+URSULA = Ursula.from_rest_url(address="https://localhost", port="3550")


 class SandboxNetworkyStuff(NetworkyStuff):
    def find_ursula(self, contract=None):
        ursula = Ursula.as_discovered_on_network(dht_port=None, dht_interface=None,
-                                                 rest_address="localhost", rest_port=3500,
+                                                 rest_address="https://localhost", rest_port=3550,
                                                 powers_and_keys={
                                                    SigningPower: URSULA.stamp.as_umbral_pubkey(),
                                                    EncryptingPower: URSULA.public_key(EncryptingPower)
                                                 }
                                                 )
-        response = requests.post("http://localhost:3500/consider_contract", bytes(contract))
+        response = requests.post("https://localhost:3550/consider_contract", bytes(contract), verify=False)
        response.was_accepted = True
        return ursula, response

    def enact_policy(self, ursula, hrac, payload):
-        response = requests.post('http://{}:{}/kFrag/{}'.format(ursula.rest_address, ursula.rest_port, hrac.hex()),
-                                 payload)
+        response = requests.post('{}:{}/kFrag/{}'.format(ursula.rest_address, ursula.rest_port, hrac.hex()),
+                                 payload, verify=False)
        # TODO: Something useful here and it's probably ready to go down into NetworkyStuff.
        return response.status_code == 200

@ -46,7 +46,7 @@ n = 1
 uri = b"secret/files/and/stuff"

 # Alice gets on the network and discovers Ursula, presumably from the blockchain.
-ALICE.learn_about_nodes(address="http://localhost", port="3500")
+ALICE.learn_about_nodes(address="https://localhost", port="3550")

 # Alice grants to Bob.

@ -56,7 +56,7 @@ policy.publish_treasure_map(networky_stuff, use_dht=False)
 hrac, treasure_map = policy.hrac(), policy.treasure_map

 # Bob learns about Ursula, gets the TreasureMap, and follows it.
-BOB.learn_about_nodes(address="http://localhost", port="3500")
+BOB.learn_about_nodes(address="https://localhost", port="3550")
 networky_stuff = NetworkyStuff()
 BOB.get_treasure_map(policy, networky_stuff)
 BOB.follow_treasure_map(hrac)
--- a/nkms/characters.py
+++ b/nkms/characters.py
@ -524,7 +524,7 @@ class Ursula(Character, ProxyRESTServer):

    @classmethod
    def from_rest_url(cls, address, port):
-        response = requests.get("{}:{}/public_keys".format(address, port))  # TODO: TLS-only.
+        response = requests.get("{}:{}/public_keys".format(address, port), verify=False)  # TODO: TLS-only.
        if not response.status_code == 200:
            raise RuntimeError("Got a bad response: {}".format(response))

--- a/nkms/network/node.py
+++ b/nkms/network/node.py
@ -47,15 +47,17 @@ class NetworkyStuff(object):
        return NotImplemented

    def get_treasure_map_from_node(self, node, map_id):
-        response = requests.get("{}/treasure_map/{}".format(node.rest_url(), map_id.hex()))
+        response = requests.get("{}/treasure_map/{}".format(node.rest_url(), map_id.hex()), verify=False)
        return response

    def push_treasure_map_to_node(self, node, map_id, map_payload):
        response = requests.post("{}/treasure_map/{}".format(node.rest_url(), map_id.hex()),
-                      data=map_payload)
+                      data=map_payload, verify=False)
        return response

    def send_work_order_payload_to_ursula(self, work_order):
        payload = work_order.payload()
+
        hrac_as_hex = work_order.kfrag_hrac.hex()
-        return requests.post('{}/kFrag/{}/reencrypt'.format(work_order.ursula.rest_url(), hrac_as_hex), payload)
+        return requests.post('{}/kFrag/{}/reencrypt'.format(work_order.ursula.rest_url(), hrac_as_hex),
+                             payload, verify=False)