fixed issue with actor certificates creation

2020-05-09 08:48:43 +02:00 · 2020-05-09 08:48:43 +02:00 · 1e03a5cf6e
commit 1e03a5cf6e
parent 8c3ca38b3d
3 changed files with 13 additions and 7 deletions
--- a/actor/src/udsactor/http/server.py
+++ b/actor/src/udsactor/http/server.py
@ -160,7 +160,7 @@ class HTTPServerThread(threading.Thread):

        context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
        context.options = ssl.CERT_NONE
-        context.load_cert_chain(self._certFile, password=password)
+        context.load_cert_chain(certfile=self._certFile, password=password)
        self._server.socket = context.wrap_socket(self._server.socket, server_side=True)

        self._server.serve_forever()
--- a/server/src/uds/REST/methods/actor_v3.py
+++ b/server/src/uds/REST/methods/actor_v3.py
@ -110,7 +110,7 @@ class ActorV3Action(Handler):
            result = self.action()
            logger.debug('Action result: %s', result)
            return result
-        except BlockAccess:
+        except (BlockAccess, KeyError):
            # For blocking attacks
            incFailedIp(self._request.ip)  # pylint: disable=protected-access
        except Exception as e:
@ -266,11 +266,11 @@ class Initiialize(ActorV3Action):
        except (ActorToken.DoesNotExist, Service.DoesNotExist):
            raise BlockAccess()

-class ChangeIp(ActorV3Action):
+class BaseReadyChange(ActorV3Action):
    """
    Records the IP change of actor
    """
-    name = 'changeip'
+    name = 'notused'

    def action(self) -> typing.MutableMapping[str, typing.Any]:
        """
@ -317,7 +317,14 @@ class ChangeIp(ActorV3Action):

        return ActorV3Action.actorResult({'private_key': privateKey, 'server_certificate': cert, 'password': password})

-class Ready(ChangeIp):
+class ChangeIp(BaseReadyChange):
+    """
+    Processses IP Change. Needs to be "last" on a lead to be auto added to list of available methods
+    """
+
+    name = 'changeip'
+
+class Ready(BaseReadyChange):
    """
    Notifies the user service is ready
    """
--- a/server/src/uds/core/util/certs.py
+++ b/server/src/uds/core/util/certs.py
@ -20,7 +20,6 @@ def selfSignedCert(ip: str) -> typing.Tuple[str, str, str]:
    # Create a random password for private key
    password = secrets.token_urlsafe(32)

-    issuer = x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, 'UDS Server')])
    name = x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, ip)])
    san = x509.SubjectAlternativeName([x509.IPAddress(ipaddress.ip_address(ip))])

@ -29,7 +28,7 @@ def selfSignedCert(ip: str) -> typing.Tuple[str, str, str]:
    cert = (
        x509.CertificateBuilder()
            .subject_name(name)
-            .issuer_name(issuer)
+            .issuer_name(name)  # self signed
            .public_key(key.public_key())
            .serial_number(random.SystemRandom().randint(0, 1<<64))
            .not_valid_before(now)