From 06cb66c8c952e2b770ee41683331209506c7c347 Mon Sep 17 00:00:00 2001 From: Joe Sacher <321623+sacherjj@users.noreply.github.com> Date: Wed, 19 Aug 2020 11:45:32 -0400 Subject: [PATCH 1/4] Rewrote certificate generation to include full attributes and extensions used with key-generator docker image. --- casperlabs_client/casperlabs_client.py | 4 ++-- casperlabs_client/crypto.py | 32 +++++++++++++++++--------- 2 files changed, 23 insertions(+), 13 deletions(-) diff --git a/casperlabs_client/casperlabs_client.py b/casperlabs_client/casperlabs_client.py index a309b33..aa9be5e 100755 --- a/casperlabs_client/casperlabs_client.py +++ b/casperlabs_client/casperlabs_client.py @@ -939,10 +939,10 @@ def validator_keygen(directory: Union[Path, str]) -> None: key_pair.save_hex_base64_files(directory, consts.VALIDATOR_FILENAME_PREFIX) private_key, public_key = crypto.generate_secp256r1_key_pair() - node_cert, key_pem = crypto.generate_node_certificates(private_key, public_key) + cert_pem, key_pem = crypto.generate_node_certificates(private_key, public_key) io.write_binary_file(node_private_path, key_pem) - io.write_binary_file(node_cert_path, node_cert) + io.write_binary_file(node_cert_path, cert_pem) io.write_file(node_id_path, crypto.node_public_address(public_key)) @api diff --git a/casperlabs_client/crypto.py b/casperlabs_client/crypto.py index 99a6d3d..2303ee6 100644 --- a/casperlabs_client/crypto.py +++ b/casperlabs_client/crypto.py @@ -11,7 +11,6 @@ from cryptography.hazmat.primitives.asymmetric import ec from cryptography import x509 from cryptography.hazmat.primitives import hashes -from cryptography.x509.oid import NameOID from Crypto.Hash import keccak from pyblake2 import blake2b @@ -46,24 +45,35 @@ def int_to_32_bytes(x): def generate_node_certificates(private_key, public_key): today = datetime.datetime.today() one_day = datetime.timedelta(1, 0, 0) - address = node_public_address( - public_key - ) # .map(Base16.to_protobuf).getOrElse("local") - owner = f"CN={address}" - + address = node_public_address(public_key) builder = x509.CertificateBuilder() builder = builder.not_valid_before(today) # TODO: Where's documentation of the decision to make keys valid for 1 year only? builder = builder.not_valid_after(today + 365 * one_day) - builder = builder.subject_name( - x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, owner)]) - ) - builder = builder.issuer_name( - x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, owner)]) + issuer = x509.Name( + [ + x509.NameAttribute(x509.NameOID.COUNTRY_NAME, "US"), + x509.NameAttribute(x509.NameOID.STATE_OR_PROVINCE_NAME, "CA"), + x509.NameAttribute(x509.NameOID.LOCALITY_NAME, "San-Diego"), + x509.NameAttribute(x509.NameOID.ORGANIZATION_NAME, "CasperLabs, LLC"), + x509.NameAttribute(x509.NameOID.ORGANIZATIONAL_UNIT_NAME, "IT Department"), + x509.NameAttribute(x509.NameOID.COMMON_NAME, address), + ] ) + builder = builder.issuer_name(issuer) + builder = builder.subject_name(issuer) builder = builder.public_key(public_key) builder = builder.serial_number(x509.random_serial_number()) + ski = x509.SubjectKeyIdentifier.from_public_key(public_key) + builder = builder.add_extension(ski, critical=False) + builder = builder.add_extension( + x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(ski), + critical=False, + ) + builder = builder.add_extension( + x509.BasicConstraints(ca=True, path_length=None), critical=True + ) certificate = builder.sign( private_key=private_key, algorithm=hashes.SHA256(), backend=default_backend() ) From 9c8fd995bd077a2ebabd7696594a372cc810cc42 Mon Sep 17 00:00:00 2001 From: Joe Sacher <321623+sacherjj@users.noreply.github.com> Date: Wed, 19 Aug 2020 11:59:35 -0400 Subject: [PATCH 2/4] Bumping version for packaging. --- casperlabs_client/VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/casperlabs_client/VERSION b/casperlabs_client/VERSION index 847e9ae..727d97b 100644 --- a/casperlabs_client/VERSION +++ b/casperlabs_client/VERSION @@ -1 +1 @@ -0.20.1 +0.20.2 From 5ac94d38df531183c5c8ae4cee22bfa9ddbdb49b Mon Sep 17 00:00:00 2001 From: Joe Sacher <321623+sacherjj@users.noreply.github.com> Date: Wed, 19 Aug 2020 12:08:48 -0400 Subject: [PATCH 3/4] Updating typo in help file with `-` vs `_` for CLI name. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6223985..9c592a9 100644 --- a/README.md +++ b/README.md @@ -98,7 +98,7 @@ C:\Users\alice>python -m pip install casperlabs-client The package `casperlabs-client` includes command line interface (CLI) script called `casperlabs_client`. -Type `casperlabs-client --help` to see short synopsis with a list of +Type `casperlabs_client --help` to see short synopsis with a list of available commands ``` From 8a85123c4e79d6c5935edc93470fd14889cfd31f Mon Sep 17 00:00:00 2001 From: Joe Sacher <321623+sacherjj@users.noreply.github.com> Date: Wed, 19 Aug 2020 12:13:34 -0400 Subject: [PATCH 4/4] Updating image link to new repo. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9c592a9..abbec6b 100644 --- a/README.md +++ b/README.md @@ -168,7 +168,7 @@ casperlabs_client --host deploy.casperlabs.io vdag --depth 10 --out dag.png will produce an image file similar to the one below: -![DAG visualization example](https://raw.githubusercontent.com/CasperLabs/CasperLabs/dev/integration-testing/client/CasperLabsClient/example_vdag_output.png) +![DAG visualization example](https://raw.githubusercontent.com/CasperLabs/client-py/dev/example_vdag_output.png) Small boxes represent blocks, labeled with short prefixes of their block hashes. Blocks are aligned in "lanes" representing validators that created them.