mirror of
https://github.com/tahoe-lafs/tahoe-lafs.git
synced 2025-01-27 14:50:03 +00:00
417 lines
13 KiB
Python
417 lines
13 KiB
Python
|
|
import sys
|
|
import json
|
|
from datetime import (
|
|
datetime,
|
|
timedelta,
|
|
)
|
|
|
|
from allmydata.crypto import (
|
|
ed25519,
|
|
)
|
|
from allmydata.util import (
|
|
fileutil,
|
|
base32,
|
|
)
|
|
|
|
import attr
|
|
|
|
|
|
@attr.s
|
|
class _GridManagerStorageServer(object):
|
|
"""
|
|
A Grid Manager's notion of a storage server
|
|
"""
|
|
|
|
name = attr.ib()
|
|
public_key = attr.ib(validator=attr.validators.instance_of(ed25519.Ed25519PublicKey))
|
|
certificates = attr.ib(
|
|
default=attr.Factory(list),
|
|
validator=attr.validators.instance_of(list),
|
|
)
|
|
|
|
def add_certificate(self, certificate):
|
|
self.certificates.append(certificate)
|
|
|
|
def public_key_string(self):
|
|
return ed25519.string_from_verifying_key(self.public_key)
|
|
|
|
def marshal(self):
|
|
return {
|
|
u"public_key": self.public_key_string(),
|
|
}
|
|
|
|
|
|
@attr.s
|
|
class _GridManagerCertificate(object):
|
|
"""
|
|
Represents a single certificate for a single storage-server
|
|
"""
|
|
|
|
filename = attr.ib()
|
|
index = attr.ib(validator=attr.validators.instance_of(int))
|
|
expires = attr.ib(validator=attr.validators.instance_of(datetime))
|
|
public_key = attr.ib(validator=attr.validators.instance_of(ed25519.Ed25519PublicKey))
|
|
|
|
|
|
def create_grid_manager():
|
|
"""
|
|
Create a new Grid Manager with a fresh keypair
|
|
"""
|
|
private_key, public_key = ed25519.create_signing_keypair()
|
|
return _GridManager(
|
|
ed25519.string_from_signing_key(private_key),
|
|
{},
|
|
)
|
|
|
|
|
|
def _load_certificates_for(config_path, name, gm_key=None):
|
|
"""
|
|
Load any existing certificates for the given storage-server.
|
|
|
|
:param FilePath config_path: the configuration location (or None for
|
|
stdin)
|
|
|
|
:param str name: the name of an existing storage-server
|
|
|
|
:param ed25519.VerifyingKey gm_key: an optional Grid Manager
|
|
public key. If provided, certificates will be verified against it.
|
|
|
|
:returns: list containing any known certificates (may be empty)
|
|
|
|
:raises: ed25519.BadSignature if any certificate signature fails to verify
|
|
"""
|
|
if config_path is None:
|
|
return []
|
|
cert_index = 0
|
|
cert_path = config_path.child('{}.cert.{}'.format(name, cert_index))
|
|
certificates = []
|
|
while cert_path.exists():
|
|
container = json.load(cert_path.open('r'))
|
|
if gm_key is not None:
|
|
validate_grid_manager_certificate(gm_key, container)
|
|
cert_data = json.loads(container['certificate'])
|
|
if cert_data['version'] != 1:
|
|
raise ValueError(
|
|
"Unknown certificate version '{}' in '{}'".format(
|
|
cert_data['version'],
|
|
cert_path.path,
|
|
)
|
|
)
|
|
certificates.append(
|
|
_GridManagerCertificate(
|
|
filename=cert_path.path,
|
|
index=cert_index,
|
|
expires=datetime.utcfromtimestamp(cert_data['expires']),
|
|
public_key=ed25519.verifying_key_from_string(cert_data['public_key'].encode('ascii')),
|
|
)
|
|
)
|
|
cert_index += 1
|
|
cert_path = config_path.child('{}.cert.{}'.format(name, cert_index))
|
|
return certificates
|
|
|
|
|
|
def load_grid_manager(config_path):
|
|
"""
|
|
Load a Grid Manager from existing configuration.
|
|
|
|
:param FilePath config_path: the configuration location (or None for
|
|
stdin)
|
|
|
|
:returns: a GridManager instance
|
|
|
|
:raises: ValueError if the confguration is invalid or IOError if
|
|
expected files can't be opened.
|
|
"""
|
|
if config_path is None:
|
|
config_file = sys.stdin
|
|
else:
|
|
# this might raise IOError or similar but caller must handle it
|
|
config_file = config_path.child("config.json").open("r")
|
|
|
|
with config_file:
|
|
config = json.load(config_file)
|
|
|
|
gm_version = config.get(u'grid_manager_config_version', None)
|
|
if gm_version != 0:
|
|
raise ValueError(
|
|
"Missing or unknown version '{}' of Grid Manager config".format(
|
|
gm_version
|
|
)
|
|
)
|
|
if 'private_key' not in config:
|
|
raise ValueError(
|
|
"'private_key' required in config"
|
|
)
|
|
|
|
private_key_bytes = config['private_key'].encode('ascii')
|
|
try:
|
|
private_key, public_key = ed25519.signing_keypair_from_string(private_key_bytes)
|
|
except Exception as e:
|
|
raise ValueError(
|
|
"Invalid Grid Manager private_key: {}".format(e)
|
|
)
|
|
|
|
storage_servers = dict()
|
|
for name, srv_config in config.get(u'storage_servers', {}).items():
|
|
if 'public_key' not in srv_config:
|
|
raise ValueError(
|
|
"No 'public_key' for storage server '{}'".format(name)
|
|
)
|
|
storage_servers[name] = _GridManagerStorageServer(
|
|
name,
|
|
ed25519.verifying_key_from_string(srv_config['public_key'].encode('ascii')),
|
|
_load_certificates_for(config_path, name, public_key),
|
|
)
|
|
|
|
return _GridManager(private_key_bytes, storage_servers)
|
|
|
|
|
|
class _GridManager(object):
|
|
"""
|
|
A Grid Manager's configuration.
|
|
"""
|
|
|
|
def __init__(self, private_key_bytes, storage_servers):
|
|
self._storage_servers = dict() if storage_servers is None else storage_servers
|
|
self._private_key_bytes = private_key_bytes
|
|
self._private_key, self._public_key = ed25519.signing_keypair_from_string(self._private_key_bytes)
|
|
self._version = 0
|
|
|
|
@property
|
|
def storage_servers(self):
|
|
return self._storage_servers
|
|
|
|
def public_identity(self):
|
|
return ed25519.string_from_verifying_key(self._public_key)
|
|
|
|
def sign(self, name, expiry_seconds):
|
|
try:
|
|
srv = self._storage_servers[name]
|
|
except KeyError:
|
|
raise KeyError(
|
|
"No storage server named '{}'".format(name)
|
|
)
|
|
expiration = datetime.utcnow() + timedelta(seconds=expiry_seconds)
|
|
epoch_offset = (expiration - datetime(1970, 1, 1)).total_seconds()
|
|
cert_info = {
|
|
"expires": epoch_offset,
|
|
"public_key": srv.public_key_string(),
|
|
"version": 1,
|
|
}
|
|
cert_data = json.dumps(cert_info, separators=(',',':'), sort_keys=True).encode('utf8')
|
|
sig = ed25519.sign_data(self._private_key, cert_data)
|
|
certificate = {
|
|
u"certificate": cert_data,
|
|
u"signature": base32.b2a(sig),
|
|
}
|
|
|
|
vk = ed25519.verifying_key_from_signing_key(self._private_key)
|
|
ed25519.verify_signature(vk, sig, cert_data)
|
|
|
|
srv.add_certificate(certificate)
|
|
return certificate
|
|
|
|
def add_storage_server(self, name, public_key):
|
|
"""
|
|
:param name: a user-meaningful name for the server
|
|
:param public_key: ed25519.VerifyingKey the public-key of the
|
|
storage provider (e.g. from the contents of node.pubkey
|
|
for the client)
|
|
"""
|
|
if name in self._storage_servers:
|
|
raise KeyError(
|
|
"Already have a storage server called '{}'".format(name)
|
|
)
|
|
ss = _GridManagerStorageServer(name, public_key, [])
|
|
self._storage_servers[name] = ss
|
|
return ss
|
|
|
|
def remove_storage_server(self, name):
|
|
"""
|
|
:param name: a user-meaningful name for the server
|
|
"""
|
|
try:
|
|
del self._storage_servers[name]
|
|
except KeyError:
|
|
raise KeyError(
|
|
"No storage server called '{}'".format(name)
|
|
)
|
|
|
|
def marshal(self):
|
|
data = {
|
|
u"grid_manager_config_version": self._version,
|
|
u"private_key": self._private_key_bytes.decode('ascii'),
|
|
}
|
|
if self._storage_servers:
|
|
data[u"storage_servers"] = {
|
|
name: srv.marshal()
|
|
for name, srv
|
|
in self._storage_servers.items()
|
|
}
|
|
return data
|
|
|
|
|
|
def save_grid_manager(file_path, grid_manager, create=True):
|
|
"""
|
|
Writes a Grid Manager configuration.
|
|
|
|
:param file_path: a FilePath specifying where to write the config
|
|
(if None, stdout is used)
|
|
|
|
:param grid_manager: a _GridManager instance
|
|
|
|
:param bool create: if True (the default) we are creating a new
|
|
grid-manager and will fail if the directory already exists.
|
|
"""
|
|
data = json.dumps(
|
|
grid_manager.marshal(),
|
|
indent=4,
|
|
)
|
|
|
|
if file_path is None:
|
|
print("{}\n".format(data))
|
|
else:
|
|
try:
|
|
file_path.makedirs()
|
|
file_path.chmod(0o700)
|
|
except OSError:
|
|
if create:
|
|
raise
|
|
with file_path.child("config.json").open("w") as f:
|
|
f.write("{}\n".format(data))
|
|
|
|
|
|
def parse_grid_manager_certificate(gm_data):
|
|
"""
|
|
:param gm_data: some data that might be JSON that might be a valid
|
|
Grid Manager Certificate
|
|
|
|
:returns: json data of a valid Grid Manager certificate, or an
|
|
exception if the data is not valid.
|
|
"""
|
|
|
|
required_keys = {
|
|
'certificate',
|
|
'signature',
|
|
}
|
|
|
|
js = json.loads(gm_data)
|
|
|
|
if not isinstance(js, dict):
|
|
raise ValueError(
|
|
"Grid Manager certificate must be a dict"
|
|
)
|
|
if set(js.keys()) != required_keys:
|
|
raise ValueError(
|
|
"Grid Manager certificate must contain: {}".format(
|
|
", ".join("'{}'".format(k) for k in js.keys()),
|
|
)
|
|
)
|
|
return js
|
|
|
|
|
|
def validate_grid_manager_certificate(gm_key, alleged_cert):
|
|
"""
|
|
:param gm_key: a VerifyingKey instance, a Grid Manager's public
|
|
key.
|
|
|
|
:param alleged_cert: dict with "certificate" and "signature" keys, where
|
|
"certificate" contains a JSON-serialized certificate for a Storage
|
|
Server (comes from a Grid Manager).
|
|
|
|
:return: a dict consisting of the deserialized certificate data or
|
|
None if the signature is invalid. Note we do NOT check the
|
|
expiry time in this function.
|
|
"""
|
|
try:
|
|
ed25519.verify_signature(
|
|
gm_key,
|
|
base32.a2b(alleged_cert['signature'].encode('ascii')),
|
|
alleged_cert['certificate'].encode('ascii'),
|
|
)
|
|
except ed25519.BadSignature:
|
|
return None
|
|
# signature is valid; now we can load the actual data
|
|
cert = json.loads(alleged_cert['certificate'])
|
|
return cert
|
|
|
|
|
|
def create_grid_manager_verifier(keys, certs, now_fn=None, bad_cert=None):
|
|
"""
|
|
Creates a predicate for confirming some Grid Manager-issued
|
|
certificates against Grid Manager keys. A predicate is used
|
|
(instead of just returning True/False here) so that the
|
|
expiry-time can be tested on each call.
|
|
|
|
:param list keys: 0 or more `VerifyingKey` instances
|
|
|
|
:param list certs: 1 or more Grid Manager certificates each of
|
|
which is a `dict` containing 'signature' and 'certificate' keys.
|
|
|
|
:param callable now_fn: a callable which returns the current UTC
|
|
timestamp (or datetime.utcnow if None).
|
|
|
|
:param callable bad_cert: a two-argument callable which is invoked
|
|
when a certificate verification fails. The first argument is
|
|
the verifying key and the second is the certificate. If None
|
|
(the default) errors are print()-ed. Note that we may have
|
|
several certificates and only one must be valid, so this may
|
|
be called (multiple times) even if the function ultimately
|
|
returns successfully.
|
|
|
|
:returns: a callable which will return True only-if there is at
|
|
least one valid certificate (that has not at this moment
|
|
expired) in `certs` signed by one of the keys in `keys`.
|
|
"""
|
|
|
|
now_fn = datetime.utcnow if now_fn is None else now_fn
|
|
valid_certs = []
|
|
|
|
# if we have zero grid-manager keys then everything is valid
|
|
if not keys:
|
|
return lambda: True
|
|
|
|
if bad_cert is None:
|
|
|
|
def bad_cert(key, alleged_cert):
|
|
"""
|
|
We might want to let the user know about this failed-to-verify
|
|
certificate .. but also if you have multiple grid-managers
|
|
then a bunch of these messages would appear. Better would
|
|
be to bubble this up to some sort of status API (or maybe
|
|
on the Welcome page?)
|
|
|
|
The only thing that might actually be interesting, though,
|
|
is whether this whole function returns false or not..
|
|
"""
|
|
print(
|
|
"Grid Manager certificate signature failed. Certificate: "
|
|
"\"{cert}\" for key \"{key}\".".format(
|
|
cert=alleged_cert,
|
|
key=ed25519.string_from_verifying_key(key),
|
|
)
|
|
)
|
|
|
|
# validate the signatures on any certificates we have (not yet the expiry dates)
|
|
for alleged_cert in certs:
|
|
for key in keys:
|
|
cert = validate_grid_manager_certificate(key, alleged_cert)
|
|
if cert is not None:
|
|
valid_certs.append(cert)
|
|
else:
|
|
bad_cert(key, alleged_cert)
|
|
|
|
def validate():
|
|
now = now_fn()
|
|
# if *any* certificate is still valid then we consider the server valid
|
|
for cert in valid_certs:
|
|
expires = datetime.utcfromtimestamp(cert['expires'])
|
|
# cert_pubkey = keyutil.parse_pubkey(cert['public_key'].encode('ascii'))
|
|
if expires > now:
|
|
# not-expired
|
|
return True
|
|
return False
|
|
|
|
return validate
|