burmatovan/openuds
1
0
Fork 0
forked from shaba/openuds
Code Issues Pull Requests Projects Releases Wiki Activity

fixed issue with actor certificates creation

Browse Source
This commit is contained in:
Adolfo Gómez García 2020-05-09 08:48:43 +02:00
parent 8c3ca38b3d
commit 1e03a5cf6e
3 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
actor/src/udsactor/http/server.py
View File

@ -160,7 +160,7 @@ class HTTPServerThread(threading.Thread):
context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
context.options = ssl.CERT_NONE context.options = ssl.CERT_NONE
context.load_cert_chain(self._certFile, password=password) context.load_cert_chain(certfile=self._certFile, password=password)
self._server.socket = context.wrap_socket(self._server.socket, server_side=True) self._server.socket = context.wrap_socket(self._server.socket, server_side=True)
self._server.serve_forever() self._server.serve_forever()

15
server/src/uds/REST/methods/actor_v3.py
View File

@ -110,7 +110,7 @@ class ActorV3Action(Handler):
result = self.action() result = self.action()
logger.debug('Action result: %s', result) logger.debug('Action result: %s', result)
return result return result
except BlockAccess: except (BlockAccess, KeyError):
# For blocking attacks # For blocking attacks
incFailedIp(self._request.ip) # pylint: disable=protected-access incFailedIp(self._request.ip) # pylint: disable=protected-access
except Exception as e: except Exception as e:
@ -266,11 +266,11 @@ class Initiialize(ActorV3Action):
except (ActorToken.DoesNotExist, Service.DoesNotExist): except (ActorToken.DoesNotExist, Service.DoesNotExist):
raise BlockAccess() raise BlockAccess()
class ChangeIp(ActorV3Action): class BaseReadyChange(ActorV3Action):
""" """
Records the IP change of actor Records the IP change of actor
""" """
name = 'changeip' name = 'notused'
def action(self) -> typing.MutableMapping[str, typing.Any]: def action(self) -> typing.MutableMapping[str, typing.Any]:
""" """
@ -317,7 +317,14 @@ class ChangeIp(ActorV3Action):
return ActorV3Action.actorResult({'private_key': privateKey, 'server_certificate': cert, 'password': password}) return ActorV3Action.actorResult({'private_key': privateKey, 'server_certificate': cert, 'password': password})
class Ready(ChangeIp): class ChangeIp(BaseReadyChange):
"""
Processses IP Change. Needs to be "last" on a lead to be auto added to list of available methods
"""
name = 'changeip'
class Ready(BaseReadyChange):
""" """
Notifies the user service is ready Notifies the user service is ready
""" """

3
server/src/uds/core/util/certs.py
View File

@ -20,7 +20,6 @@ def selfSignedCert(ip: str) -> typing.Tuple[str, str, str]:
# Create a random password for private key # Create a random password for private key
password = secrets.token_urlsafe(32) password = secrets.token_urlsafe(32)
issuer = x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, 'UDS Server')])
name = x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, ip)]) name = x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, ip)])
san = x509.SubjectAlternativeName([x509.IPAddress(ipaddress.ip_address(ip))]) san = x509.SubjectAlternativeName([x509.IPAddress(ipaddress.ip_address(ip))])
@ -29,7 +28,7 @@ def selfSignedCert(ip: str) -> typing.Tuple[str, str, str]:
cert = ( cert = (
x509.CertificateBuilder() x509.CertificateBuilder()
.subject_name(name) .subject_name(name)
.issuer_name(issuer) .issuer_name(name) # self signed
.public_key(key.public_key()) .public_key(key.public_key())
.serial_number(random.SystemRandom().randint(0, 1<<64)) .serial_number(random.SystemRandom().randint(0, 1<<64))
.not_valid_before(now) .not_valid_before(now)