Skip to content

Commit

Permalink
cleanup
Browse files Browse the repository at this point in the history
  • Loading branch information
Sezer Gueler committed May 25, 2017
1 parent 1ad871a commit 1807297
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 54 deletions.
36 changes: 12 additions & 24 deletions lib/crypto/trc.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,22 +112,17 @@ def __init__(self, trc_dict):
setattr(self, name, val)
for subject in trc_dict[CORE_ASES_STRING]:
key = trc_dict[CORE_ASES_STRING][subject][ONLINE_KEY_STRING]
self.core_ases[subject][ONLINE_KEY_STRING] = \
base64.b64decode(key.encode('utf-8'))
self.core_ases[subject][ONLINE_KEY_STRING] = base64.b64decode(key.encode('utf-8'))
key = trc_dict[CORE_ASES_STRING][subject][OFFLINE_KEY_STRING]
self.core_ases[subject][OFFLINE_KEY_STRING] = \
base64.b64decode(key.encode('utf-8'))
self.core_ases[subject][OFFLINE_KEY_STRING] = base64.b64decode(key.encode('utf-8'))
for subject in trc_dict[SIGNATURES_STRING]:
sig = trc_dict[SIGNATURES_STRING][subject]
self.signatures[subject] = \
base64.b64decode(sig.encode('utf-8'))
self.signatures[subject] = base64.b64decode(sig.encode('utf-8'))
for subject in trc_dict[ROOT_CAS_STRING]:
key = trc_dict[ROOT_CAS_STRING][subject][CERTIFICATE_STRING]
self.root_cas[subject][CERTIFICATE_STRING] = \
base64.b64decode(key.encode('utf-8'))
self.root_cas[subject][CERTIFICATE_STRING] = base64.b64decode(key.encode('utf-8'))
key = trc_dict[ROOT_CAS_STRING][subject][ONLINE_KEY_STRING]
self.root_cas[subject][ONLINE_KEY_STRING] = \
base64.b64decode(key.encode('utf-8'))
self.root_cas[subject][ONLINE_KEY_STRING] = base64.b64decode(key.encode('utf-8'))
if trc_dict[RAINS_STRING]:
key = trc_dict[RAINS_STRING][ROOT_RAINS_KEY_STRING]
self.rains[ROOT_RAINS_KEY_STRING] = base64.b64decode(key.encode('utf-8'))
Expand Down Expand Up @@ -219,12 +214,10 @@ def verify(self, old_trc):
if self.verify_signature(signatures[signer], public_key):
valid_signature_signers.add(signer)
else:
logging.warning("TRC contains a signature which could not \
be verified.")
logging.warning("TRC contains a signature which could not be verified.")
# We have fewer valid signatrues for this TRC than quorum_own_trc
if len(valid_signature_signers) < old_trc.quorum_own_trc:
logging.error("TRC does not have the number of required valid \
signatures")
logging.error("TRC does not have the number of required valid signatures")
return False
logging.debug("TRC verified.")
return True
Expand Down Expand Up @@ -258,8 +251,7 @@ def _encode_dict(self, dict_):
encoded_dict = {}
for key_ in dict_:
if type(dict_[key_]) is str:
encoded_dict[key_] = base64.b64encode(
dict_[key_].encode('utf-8')).decode('utf-8')
encoded_dict[key_] = base64.b64encode(dict_[key_].encode('utf-8')).decode('utf-8')
return encoded_dict

def to_json(self, with_signatures=True):
Expand All @@ -268,11 +260,9 @@ def to_json(self, with_signatures=True):
"""
trc_dict = copy.deepcopy(self.dict(with_signatures))
key = trc_dict[RAINS_STRING][ONLINE_KEY_STRING]
trc_dict[RAINS_STRING][ONLINE_KEY_STRING] = \
base64.b64encode(key).decode('utf-8')
trc_dict[RAINS_STRING][ONLINE_KEY_STRING] = base64.b64encode(key).decode('utf-8')
key = trc_dict[RAINS_STRING][ROOT_RAINS_KEY_STRING]
trc_dict[RAINS_STRING][ROOT_RAINS_KEY_STRING] = \
base64.b64encode(key).decode('utf-8')
trc_dict[RAINS_STRING][ROOT_RAINS_KEY_STRING] = base64.b64encode(key).decode('utf-8')
core_ases = {}
for subject in trc_dict[CORE_ASES_STRING]:
d = trc_dict[CORE_ASES_STRING][subject]
Expand Down Expand Up @@ -436,8 +426,7 @@ def verify_new_trc(old_trc, new_trc):
return False
# Check if there are enough valid signatures for new TRC
if not new_trc.verify(old_trc):
logging.error("New TRC verification failed, missing or"
"invalid signatures")
logging.error("New TRC verification failed, missing or invalid signatures")
return False
logging.debug("New TRC verified")
return True
Expand All @@ -458,8 +447,7 @@ def verify_trc_chain(local_trc, verified_rem_trcs, remote_trc):
rem_nbs = remote_trc.get_neighbors()
if local_trc.isd in rem_nbs:
# Try to verify with local TRC
if verify_trc_xsigs(local_trc, remote_trc) \
and verify_trc_xsigs(remote_trc, local_trc):
if verify_trc_xsigs(local_trc, remote_trc) and verify_trc_xsigs(remote_trc, local_trc):
return True
# Only take TRCs that are neighbors of remote TRC
ver_trcs = [trc for trc in verified_rem_trcs if trc.isd in rem_nbs]
Expand Down
45 changes: 15 additions & 30 deletions topology/generator.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -175,8 +175,7 @@ def generate_all(self):
"""
Generate all needed files.
"""
ca_private_key_files, ca_cert_files, ca_certs, ca_online_key_pairs = \
self._generate_cas()
ca_private_key_files, ca_cert_files, ca_certs, ca_online_key_pairs = self._generate_cas()
cert_files, trc_files = self._generate_certs_trcs(ca_certs, ca_online_key_pairs)
topo_dicts, zookeepers, networks = self._generate_topology()
self._generate_supervisor(topo_dicts, zookeepers)
Expand Down Expand Up @@ -232,16 +231,14 @@ def _write_conf_policies(self, topo_dicts):
Write AS configurations and path policies.
"""
as_confs = {}
for topo_id, as_topo, base in _srv_iter(
topo_dicts, self.out_dir, common=True):
for topo_id, as_topo, base in _srv_iter(topo_dicts, self.out_dir, common=True):
as_confs.setdefault(topo_id, yaml.dump(
self._gen_as_conf(as_topo), default_flow_style=False))
conf_file = os.path.join(base, AS_CONF_FILE)
write_file(conf_file, as_confs[topo_id])
# Confirm that config parses cleanly.
Config.from_file(conf_file)
copy_file(self.path_policy_file,
os.path.join(base, PATH_POLICY_FILE))
copy_file(self.path_policy_file, os.path.join(base, PATH_POLICY_FILE))
# Confirm that parser actually works on path policy file
PathPolicy.from_file(self.path_policy_file)

Expand Down Expand Up @@ -317,10 +314,8 @@ def _gen_rains_root_keys(self):

def _self_sign_keys(self):
topo_id = TopoID.from_values(0, 0)
self.sig_pub_keys[topo_id], self.sig_priv_keys[topo_id] = \
generate_sign_keypair()
self.enc_pub_keys[topo_id], self.enc_priv_keys[topo_id] = \
generate_enc_keypair()
self.sig_pub_keys[topo_id], self.sig_priv_keys[topo_id] = generate_sign_keypair()
self.enc_pub_keys[topo_id], self.enc_priv_keys[topo_id] = generate_enc_keypair()

def _iterate(self, f):
for isd_as, as_conf in self.topo_config["ASes"].items():
Expand All @@ -347,10 +342,8 @@ def _gen_as_keys(self, topo_id, as_conf):
self.priv_offline_root_keys[topo_id] = off_root_priv
online_key_path = get_online_key_file_path("")
offline_key_path = get_offline_key_file_path("")
self.cert_files[topo_id][online_key_path] = \
base64.b64encode(on_root_priv).decode()
self.cert_files[topo_id][offline_key_path] = \
base64.b64encode(off_root_priv).decode()
self.cert_files[topo_id][online_key_path] = base64.b64encode(on_root_priv).decode()
self.cert_files[topo_id][offline_key_path] = base64.b64encode(off_root_priv).decode()

def _gen_as_certs(self, topo_id, as_conf):
# Self-signed if cert_issuer is missing.
Expand All @@ -376,10 +369,8 @@ def _build_chains(self):
break
chain.append(cert)
issuer = TopoID(cert.issuer)
cert_path = get_cert_chain_file_path(
"", topo_id, INITIAL_CERT_VERSION)
self.cert_files[topo_id][cert_path] = \
CertificateChain(chain).to_json()
cert_path = get_cert_chain_file_path("", topo_id, INITIAL_CERT_VERSION)
self.cert_files[topo_id][cert_path] = CertificateChain(chain).to_json()

def is_core(self, as_conf):
return as_conf.get("core")
Expand All @@ -400,8 +391,7 @@ def _gen_trc_entry(self, topo_id, as_conf):
# Add public online key, certificate for CAs to TRC
ca_certs = defaultdict(dict)
for ca_name, ca_cert in self.ca_certs[topo_id[0]].items():
ca_certs[ca_name][CERTIFICATE_STRING] = \
crypto.dump_certificate(crypto.FILETYPE_ASN1, ca_cert)
ca_certs[ca_name][CERTIFICATE_STRING] = crypto.dump_certificate(crypto.FILETYPE_ASN1, ca_cert)
ca_certs[ca_name][ONLINE_KEY_ALG_STRING] = DEFAULT_KEYGEN_ALG
ca_certs[ca_name][ONLINE_KEY_STRING] = self.ca_online_key_pairs[ca_name][0]
trc.root_cas = ca_certs
Expand Down Expand Up @@ -468,8 +458,7 @@ def _core_as_xsign_trc(self, neighbor_isds):
for neighbor in neighbors:
isd_as = random.choice(isd_ases[neighbor])
trc = self.trcs[isd]
trc.sign(str(isd_as),
self.priv_online_root_keys[ISD_AS(isd_as)])
trc.sign(str(isd_as), self.priv_online_root_keys[ISD_AS(isd_as)])

def _rains_xsign_trc(self, neighbor_isds):
for isd, neighbors in neighbor_isds.items():
Expand Down Expand Up @@ -554,23 +543,19 @@ def _gen_ca(self, ca_name, ca_config):

def _gen_private_key_files(self, ca_name, ca_config):
isd = ca_config["ISD"]
ca_private_key_path = \
get_ca_private_key_file_path("ISD%s" % isd, ca_name)
ca_private_key_path = get_ca_private_key_file_path("ISD%s" % isd, ca_name)
self.ca_private_key_files[isd][ca_private_key_path] = \
crypto.dump_privatekey(crypto.FILETYPE_PEM,
self.ca_key_pairs[ca_name])
crypto.dump_privatekey(crypto.FILETYPE_PEM, self.ca_key_pairs[ca_name])

def _gen_cert_files(self, ca_name, ca_config):
isd = ca_config["ISD"]
ca_cert_path = get_ca_cert_file_path("ISD%s" % isd, ca_name)
self.ca_cert_files[isd][ca_cert_path] = \
crypto.dump_certificate(crypto.FILETYPE_PEM,
self.ca_certs[ca_config["ISD"]][ca_name])
crypto.dump_certificate(crypto.FILETYPE_PEM, self.ca_certs[ca_config["ISD"]][ca_name])


class TopoGenerator(object):
def __init__(self, topo_config, out_dir, subnet_gen, zk_config,
default_mtu):
def __init__(self, topo_config, out_dir, subnet_gen, zk_config, default_mtu):
self.topo_config = topo_config
self.out_dir = out_dir
self.subnet_gen = subnet_gen
Expand Down

0 comments on commit 1807297

Please sign in to comment.