Commit 8ff8d9e4 authored by Łukasz Nowak's avatar Łukasz Nowak

Use static certificates.

parent 70bdf77c
......@@ -250,26 +250,84 @@ message not perfect error is shown like <urlopen...Connection Refused>)
Fail to upload file. ...111...
download: Downloaded http://localhost/hello.txt
Lets create the signature files:
>>> signature_data = tmpdir('signature_data')
>>> keydir = tmpdir('keydir')
>>> import os
>>> public_certificate_path = os.path.join(keydir, 'public.pem')
>>> private_key_path = os.path.join(keydir, 'private.pem')
>>> ignored = system(os.path.join(sample_buildout, 'bin', 'generate-signature-key') + ' --signature-certificate-file=' + public_certificate_path + ' --signature-private-key-file=' + private_key_path)
>>> ls(keydir)
- private.pem
- public.pem
Now it is time to have certificate as string like:
-----BEGIN CERTIFICATE-----
certificate.
-----END CERTIFICATE-----
With left side whitespaces, in order to use it in buildout profile.
>>> public_certificate = ''.join([' ' + q for q in open(public_certificate_path).readlines()])
Two paris of key certificate will be needed:
>>> main_key = """
... -----BEGIN RSA PRIVATE KEY-----
... MIICXQIBAAKBgQDHjK3vOwrStTuoxGcfPjQkNnpwyzNGuUqqKryt7/fBGiy3qRZa
... sjmW63jlx8MM7vCXhAWs1y4jtxcskN/UoAHtufMMaImpgGSePrKqtczDiPIUw49i
... Do7DOA5uSIDA0VocVWKMG1HT3oFff/1bvrJdxbUCt/q7Pb7pwnBujtcyNQIDAQAB
... AoGAFW6/s8U0qWL70Gmf5dQph4YuanT4weze3x4N++SdSKlGCkfn9b/Uvaf26T8m
... bPow7yUn8uN9uipNG+VHlS/GZRCWGIdw667fq2x5By3MO/DKVDC2ZNfDraMIFHQ0
... SG0QuonDtfkZLzw6FjOQ+VpfNioJ0rDe68io0pQmu/yL2qECQQDnZJj5wPRcExgf
... 2WNtK66GYRos3UlIkyW3rtGDOitjm13k49zFTlNmwBuATvygNtmYcvApup9N8Q0I
... 1ONlc2kNAkEA3MUuh9y0toIaEEjoL4UNHfqFlrX30UZNWuyGGj4o2usqJVkNgHNJ
... koK7aP+x9GIchECzR9FzkH7u6Q639TTTyQJBAII4WOblMh/HFyKFYrEDjjpN1z88
... YYuYU/elSH9DczuhKhwwKARZ6hG/NzrkOMOpWpeyx3mUbyab66v2supbItkCQEBR
... PeYc+ZT2QEugQeyeMZ0bQFIQ/3q7pYuovsTkeRiWTHgHArT6YWPKrHjBjYGqF667
... /r8cmTNul4HUZOmOE2kCQQDDbE9xkGsTcgFgtb646kgmrmXneNgGE5TGfF6Lfw8w
... r2qrA8qR1lkEBVvzMiDl5NHR+6Jo0irdqdKbUgocbYpi
... -----END RSA PRIVATE KEY-----
... """
>>> main_key_file = 'main.key'
>>> open(main_key_file, 'w').write(main_key)
>>> main_certificate = """
... -----BEGIN CERTIFICATE-----
... MIICkjCCAfsCADANBgkqhkiG9w0BAQsFADCBkTELMAkGA1UEBhMCRlIxDTALBgNV
... BAgTBE5vcmQxDzANBgNVBAoTBlNsYXBPUzEYMBYGA1UECxMPSG9uZXkgSGFydmVz
... dGVyMSAwHgYDVQQDExdTbGFwT1MgVGVzdCBDZXJ0aWZpY2F0ZTEmMCQGCSqGSIb3
... DQEJARYXU2xhcE9TIFRlc3QgQ2VydGlmaWNhdGUwHhcNMTEwODI0MDc1MzM2WhcN
... MTIwODI0MDc1MzM2WjCBkTELMAkGA1UEBhMCRlIxDTALBgNVBAgTBE5vcmQxDzAN
... BgNVBAoTBlNsYXBPUzEYMBYGA1UECxMPSG9uZXkgSGFydmVzdGVyMSAwHgYDVQQD
... ExdTbGFwT1MgVGVzdCBDZXJ0aWZpY2F0ZTEmMCQGCSqGSIb3DQEJARYXU2xhcE9T
... IFRlc3QgQ2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMeM
... re87CtK1O6jEZx8+NCQ2enDLM0a5SqoqvK3v98EaLLepFlqyOZbreOXHwwzu8JeE
... BazXLiO3FyyQ39SgAe258wxoiamAZJ4+sqq1zMOI8hTDj2IOjsM4Dm5IgMDRWhxV
... YowbUdPegV9//Vu+sl3FtQK3+rs9vunCcG6O1zI1AgMBAAEwDQYJKoZIhvcNAQEL
... BQADgYEAoB8o6AdKLtMFGr9OLmdJMHQ1Aig/UMzTb4+Dqx59xpmf25tWeSNYuFv0
... Q6YD8Ijm2RlsPhv3crEalIY0xnEHBqdLFOnRlnivYX7hPol5xs/MKzMI3wA1Tj2f
... tjbUSd1TIX6NrmHU7zuh48XwneJoDwZyBHKKCQWE9YLjjdxj0No=
... -----END CERTIFICATE-----
... """
>>> main_certificate = '\n'.join([' ' + q for q in main_certificate.splitlines()])
>>> additional_key = """
... -----BEGIN RSA PRIVATE KEY-----
... MIICXQIBAAKBgQDDrOO87nSiDcXOf+xGc4Iqcdjfwd0RTOxEkO9z8mPZVg2bTPwt
... /GwtPgmIC4po3bJdsCpJH21ZJwfmUpaQWIApj3odDAbRXQHWhNiw9ZPMHTCmf8Zl
... yAJBxy9KI9M/fJ5RA67CJ6UYFbpF7+ZrXdkvG+0hdRX5ub0WyTPxc6kEIwIDAQAB
... AoGBAIgUj1jQGKqum1bt3dps8CQmgqWyA9TJQzK3/N8MveXik5niYypz9qNMFoLX
... S818CFRhdDbgNUKgAz1pSC5gbdfCDHYQTBrIt+LGpNSpdmQwReu3XoWOPZp4VWnO
... uCpAkDVt+88wbxtMbZ5/ExNFs2xTO66Aad1dG12tPWoyAf4pAkEA4tCLPFNxHGPx
... tluZXyWwJfVZEwLLzJ9gPkYtWrq843JuKlai2ziroubVLGSxeovBXvsjxBX95khn
... U6G9Nz5EzwJBANzal8zebFdFfiN1DAyGQ4QYsmz+NsRXDbHqFVepymUId1jAFAp8
... RqNt3Y78XlWOj8z5zMd4kWAR62p6LxJcyG0CQAjCaw4qXszs4zHaucKd7v6YShdc
... 3UgKw6nEBg5h9deG3NBPxjxXJPHGnmb3gI8uBIrJgikZfFO/ahYlwev3QKsCQGJ0
... kHekMGg3cqQb6eMrd63L1L8CFSgyJsjJsfoCl1ezDoFiH40NGfCBaeP0XZmGlFSs
... h73k4eoSEwDEt3dYJYECQQCBssN92KuYCOfPkJ+OV1tKdJdAsNwI13kA//A7s7qv
... wHQpWKk/PLmpICMBeIiE0xT+CmCfJVOlQrqDdujganZZ
... -----END RSA PRIVATE KEY-----
... """
>>> additional_key_file = 'additional.key'
>>> open(additional_key_file, 'w').write(additional_key)
>>> additional_certificate = """
... -----BEGIN CERTIFICATE-----
... MIICgDCCAekCADANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVUwxETAPBgNV
... BAgTCEJlZSBZYXJkMRgwFgYDVQQKEw9CZWUtS2VlcGVyIEx0ZC4xGDAWBgNVBAsT
... D0hvbmV5IEhhcnZlc3RlcjEVMBMGA1UEAxMMTWF5YSB0aGUgQmVlMRswGQYJKoZI
... hvcNAQkBFgxNYXlhIHRoZSBCZWUwHhcNMTEwODI0MDc1MTU2WhcNMTIwODI0MDc1
... MTU2WjCBiDELMAkGA1UEBhMCVUwxETAPBgNVBAgTCEJlZSBZYXJkMRgwFgYDVQQK
... Ew9CZWUtS2VlcGVyIEx0ZC4xGDAWBgNVBAsTD0hvbmV5IEhhcnZlc3RlcjEVMBMG
... A1UEAxMMTWF5YSB0aGUgQmVlMRswGQYJKoZIhvcNAQkBFgxNYXlhIHRoZSBCZWUw
... gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMOs47zudKINxc5/7EZzgipx2N/B
... 3RFM7ESQ73PyY9lWDZtM/C38bC0+CYgLimjdsl2wKkkfbVknB+ZSlpBYgCmPeh0M
... BtFdAdaE2LD1k8wdMKZ/xmXIAkHHL0oj0z98nlEDrsInpRgVukXv5mtd2S8b7SF1
... Ffm5vRbJM/FzqQQjAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAaT4yamJJowDKMSD2
... eshUW8pjctg6O3Ncm5XDIKd77sRf7RwPjFh+BR59lfFf9xvOu8WymhtUU7FoPDW3
... MYZmKV7A3nFehN9A+REz+WU3I7fE6vQRh9jKeuxnQLRv0TdP9CEdPcYcs/EQpIDb
... 8du+N7wcN1ZO8veWSafBzcqgCwg=
... -----END CERTIFICATE-----
... """
>>> additional_certificate = '\n'.join([' ' + q for q in additional_certificate.splitlines()])
First put not signed file in networkcache:
......@@ -322,9 +380,8 @@ Now enable signature, so it should not download any content which is not trusted
... download-dir-url = %(nc_url)sshadir
... upload-cache-url = %(nc_url)sshacache
... upload-dir-url = %(nc_url)sshadir
... signature-private-key-file = %(private_key_path)s
... signature-certificate-list =
... %(public_certificate)s
... signature-private-key-file = %(main_key_file)s
... signature-certificate-list = %(main_certificate)s
... ''' % globals())
>>> print system(buildout)
Networkcache enabled.
......@@ -350,26 +407,6 @@ Once it has a trusted content available into the server it should be abled to do
Downloading hello.txt from network cache.
download: Downloaded http://localhost:22168/hello.txt
Now lets create new signature files:
>>> new_keydir = tmpdir('newkeydir')
>>> new_public_certificate_path = os.path.join(new_keydir, 'public2.pem')
>>> new_private_key_path = os.path.join(new_keydir, 'private2.pem')
>>> ignored = system(os.path.join(sample_buildout, 'bin', 'generate-signature-key') + ' --signature-certificate-file=' + new_public_certificate_path + ' --signature-private-key-file=' + new_private_key_path)
>>> ls(new_keydir)
- private2.pem
- public2.pem
Now it is time to have certificate as string like:
-----BEGIN CERTIFICATE-----
certificate.
-----END CERTIFICATE-----
With left side whitespaces, in order to use it in buildout profile.
>>> new_public_certificate = ''.join([' ' + q for q in open(new_public_certificate_path).readlines()])
There is a new certificate file, so it should not download the old content:
>>> write(sample_buildout, 'buildout.cfg',
......@@ -387,8 +424,8 @@ There is a new certificate file, so it should not download the old content:
... [networkcache]
... download-cache-url = %(nc_url)sshacache
... download-dir-url = %(nc_url)sshadir
... signature-private-key-file = %(new_private_key_path)s
... signature-certificate-list = %(new_public_certificate)s
... signature-private-key-file = %(additional_key_file)s
... signature-certificate-list = %(additional_certificate)s
... ''' % globals())
>>> print system(buildout)
Networkcache enabled.
......@@ -419,9 +456,8 @@ If it can not find a trustable entry into server, it should upload the files usi
... [networkcache]
... download-cache-url = %(nc_url)sshacache
... download-dir-url = %(nc_url)sshadir
... signature-private-key-file = %(new_private_key_path)s
... signature-certificate-list =
... %(new_public_certificate)s
... signature-private-key-file = %(additional_key_file)s
... signature-certificate-list = %(additional_certificate)s
... upload-cache-url = %(nc_url)sshacache
... upload-dir-url = %(nc_url)sshadir
... ''' % globals())
......@@ -455,9 +491,8 @@ Buildout can download the content using the old certificatei, because it still a
... [networkcache]
... download-cache-url = %(nc_url)sshacache
... download-dir-url = %(nc_url)sshadir
... signature-private-key-file = %(private_key_path)s
... signature-certificate-list =
... %(public_certificate)s
... signature-private-key-file = %(main_key_file)s
... signature-certificate-list = %(main_certificate)s
... upload-cache-url = %(nc_url)sshacache
... upload-dir-url = %(nc_url)sshadir
... ''' % globals())
......@@ -488,9 +523,8 @@ Buildout can download the content using the new certificate, because it still av
... [networkcache]
... download-cache-url = %(nc_url)sshacache
... download-dir-url = %(nc_url)sshadir
... signature-private-key-file = %(private_key_path)s
... signature-certificate-list =
... %(public_certificate)s
... signature-private-key-file = %(main_key_file)s
... signature-certificate-list = %(main_certificate)s
... upload-cache-url = %(nc_url)sshacache
... upload-dir-url = %(nc_url)sshadir
... ''' % globals())
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment