Python zmq.auth() Examples
The following are 30
code examples of zmq.auth().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
zmq
, or try the search function
.
.
Example #1
| Source File: authenticator.py From indy-plenum with Apache License 2.0 | 6 votes |
|
def start(self):
"""Start the authentication thread"""
# create a socket to communicate with auth thread.
self.pipe = self.context.socket(zmq.PAIR)
self.pipe.linger = 1
self.pipe.bind(self.pipe_endpoint)
authenticator = MultiZapAuthenticator(self.context, encoding=self.encoding,
log=self.log)
self.thread = AuthenticationThread(self.context, self.pipe_endpoint,
encoding=self.encoding, log=self.log,
authenticator=authenticator)
self.thread.start()
# Event.wait:Changed in version 2.7: Previously, the method always returned None.
if sys.version_info < (2, 7):
self.thread.started.wait(timeout=10)
else:
if not self.thread.started.wait(timeout=10):
raise RuntimeError("Authenticator thread failed to start")
Example #2
| Source File: test_auth.py From vnpy_crypto with MIT License | 6 votes |
|
def test_null(self):
"""threaded auth - NULL"""
# A default NULL connection should always succeed, and not
# go through our authentication infrastructure at all.
self.auth.stop()
self.auth = None
# use a new context, so ZAP isn't inherited
self.context = self.Context()
server = self.socket(zmq.PUSH)
client = self.socket(zmq.PULL)
self.assertTrue(self.can_connect(server, client))
# By setting a domain we switch on authentication for NULL sockets,
# though no policies are configured yet. The client connection
# should still be allowed.
server = self.socket(zmq.PUSH)
server.zap_domain = b'global'
client = self.socket(zmq.PULL)
self.assertTrue(self.can_connect(server, client))
Example #3
| Source File: test_auth.py From pySINDy with MIT License | 6 votes |
|
def test_null(self):
"""threaded auth - NULL"""
# A default NULL connection should always succeed, and not
# go through our authentication infrastructure at all.
self.auth.stop()
self.auth = None
# use a new context, so ZAP isn't inherited
self.context = self.Context()
server = self.socket(zmq.PUSH)
client = self.socket(zmq.PULL)
self.assertTrue(self.can_connect(server, client))
# By setting a domain we switch on authentication for NULL sockets,
# though no policies are configured yet. The client connection
# should still be allowed.
server = self.socket(zmq.PUSH)
server.zap_domain = b'global'
client = self.socket(zmq.PULL)
self.assertTrue(self.can_connect(server, client))
Example #4
| Source File: test_auth.py From pySINDy with MIT License | 5 votes |
|
def test_whitelist(self):
"""threaded auth - Whitelist"""
# Whitelist 127.0.0.1, connection should pass"
self.auth.allow('127.0.0.1')
server = self.socket(zmq.PUSH)
# By setting a domain we switch on authentication for NULL sockets,
# though no policies are configured yet.
server.zap_domain = b'global'
client = self.socket(zmq.PULL)
self.assertTrue(self.can_connect(server, client))
Example #5
| Source File: zstack.py From indy-plenum with Apache License 2.0 | 5 votes |
|
def setupAuth(self, restricted=True, force=False):
if self.auth and not force:
raise RuntimeError('Listener already setup')
location = self.publicKeysDir if restricted else zmq.auth.CURVE_ALLOW_ANY
# self.auth = AsyncioAuthenticator(self.ctx)
self.auth = MultiZapAuthenticator(self.ctx)
self.auth.start()
self.auth.allow('0.0.0.0')
self.auth.configure_curve(domain='*', location=location)
Example #6
| Source File: zstack.py From indy-plenum with Apache License 2.0 | 5 votes |
|
def teardownAuth(self):
if self.auth:
self.auth.stop()
Example #7
| Source File: zstack.py From indy-plenum with Apache License 2.0 | 5 votes |
|
def selfSigKeys(self):
serverSecretFile = os.path.join(self.sigKeyDir,
"{}.key_secret".format(self.name))
return zmq.auth.load_certificate(serverSecretFile)
Example #8
| Source File: zstack.py From indy-plenum with Apache License 2.0 | 5 votes |
|
def isRestricted(self):
return not self.auth.allow_any if self.auth is not None \
else self.restricted
Example #9
| Source File: zstack.py From indy-plenum with Apache License 2.0 | 5 votes |
|
def loadPubKeyFromDisk(directory, name):
filePath = os.path.join(directory,
"{}.key".format(name))
try:
public, _ = zmq.auth.load_certificate(filePath)
return public
except (ValueError, IOError) as ex:
raise KeyError from ex
Example #10
| Source File: zstack.py From indy-plenum with Apache License 2.0 | 5 votes |
|
def loadSecKeyFromDisk(directory, name):
filePath = os.path.join(directory,
"{}.key_secret".format(name))
try:
_, secret = zmq.auth.load_certificate(filePath)
return secret
except (ValueError, IOError) as ex:
raise KeyError from ex
Example #11
| Source File: zstack.py From indy-plenum with Apache License 2.0 | 5 votes |
|
def getAllVerKeys(self):
keys = []
for key_file in os.listdir(self.verifKeyDir):
if key_file.endswith(".key"):
serverVerifFile = os.path.join(self.verifKeyDir,
key_file)
serverPublic, _ = zmq.auth.load_certificate(serverVerifFile)
keys.append(serverPublic)
return keys
Example #12
| Source File: test_auth.py From pySINDy with MIT License | 5 votes |
|
def setUp(self):
if zmq.zmq_version_info() < (4,0):
raise SkipTest("security is new in libzmq 4.0")
try:
zmq.curve_keypair()
except zmq.ZMQError:
raise SkipTest("security requires libzmq to have curve support")
super(BaseAuthTestCase, self).setUp()
# enable debug logging while we run tests
logging.getLogger('zmq.auth').setLevel(logging.DEBUG)
self.auth = self.make_auth()
self.auth.start()
self.base_dir, self.public_keys_dir, self.secret_keys_dir = self.create_certs()
Example #13
| Source File: test_auth.py From pySINDy with MIT License | 5 votes |
|
def tearDown(self):
if self.auth:
self.auth.stop()
self.auth = None
self.remove_certs(self.base_dir)
super(BaseAuthTestCase, self).tearDown()
Example #14
| Source File: test_auth.py From pySINDy with MIT License | 5 votes |
|
def create_certs(self):
"""Create CURVE certificates for a test"""
# Create temporary CURVE keypairs for this test run. We create all keys in a
# temp directory and then move them into the appropriate private or public
# directory.
base_dir = tempfile.mkdtemp()
keys_dir = os.path.join(base_dir, 'certificates')
public_keys_dir = os.path.join(base_dir, 'public_keys')
secret_keys_dir = os.path.join(base_dir, 'private_keys')
os.mkdir(keys_dir)
os.mkdir(public_keys_dir)
os.mkdir(secret_keys_dir)
server_public_file, server_secret_file = zmq.auth.create_certificates(keys_dir, "server")
client_public_file, client_secret_file = zmq.auth.create_certificates(keys_dir, "client")
for key_file in os.listdir(keys_dir):
if key_file.endswith(".key"):
shutil.move(os.path.join(keys_dir, key_file),
os.path.join(public_keys_dir, '.'))
for key_file in os.listdir(keys_dir):
if key_file.endswith(".key_secret"):
shutil.move(os.path.join(keys_dir, key_file),
os.path.join(secret_keys_dir, '.'))
return (base_dir, public_keys_dir, secret_keys_dir)
Example #15
| Source File: test_auth.py From pySINDy with MIT License | 5 votes |
|
def load_certs(self, secret_keys_dir):
"""Return server and client certificate keys"""
server_secret_file = os.path.join(secret_keys_dir, "server.key_secret")
client_secret_file = os.path.join(secret_keys_dir, "client.key_secret")
server_public, server_secret = zmq.auth.load_certificate(server_secret_file)
client_public, client_secret = zmq.auth.load_certificate(client_secret_file)
return server_public, server_secret, client_public, client_secret
Example #16
| Source File: test_auth.py From pySINDy with MIT License | 5 votes |
|
def test_curve_configured_server(self):
"""ioloop auth - CURVE, configured server"""
self.auth.allow('127.0.0.1')
certs = self.load_certs(self.secret_keys_dir)
server_public, server_secret, client_public, client_secret = certs
self.auth.configure_curve(domain='*', location=self.public_keys_dir)
self.server.curve_publickey = server_public
self.server.curve_secretkey = server_secret
self.server.curve_server = True
self.client.curve_publickey = client_public
self.client.curve_secretkey = client_secret
self.client.curve_serverkey = server_public
Example #17
| Source File: test_auth.py From pySINDy with MIT License | 5 votes |
|
def test_plain(self):
"""threaded auth - PLAIN"""
# Try PLAIN authentication - without configuring server, connection should fail
server = self.socket(zmq.PUSH)
server.plain_server = True
client = self.socket(zmq.PULL)
client.plain_username = b'admin'
client.plain_password = b'Password'
self.assertFalse(self.can_connect(server, client))
# Try PLAIN authentication - with server configured, connection should pass
server = self.socket(zmq.PUSH)
server.plain_server = True
client = self.socket(zmq.PULL)
client.plain_username = b'admin'
client.plain_password = b'Password'
self.auth.configure_plain(domain='*', passwords={'admin': 'Password'})
self.assertTrue(self.can_connect(server, client))
# Try PLAIN authentication - with bogus credentials, connection should fail
server = self.socket(zmq.PUSH)
server.plain_server = True
client = self.socket(zmq.PULL)
client.plain_username = b'admin'
client.plain_password = b'Bogus'
self.assertFalse(self.can_connect(server, client))
# Remove authenticator and check that a normal connection works
self.auth.stop()
self.auth = None
server = self.socket(zmq.PUSH)
client = self.socket(zmq.PULL)
self.assertTrue(self.can_connect(server, client))
client.close()
server.close()
Example #18
| Source File: test_auth.py From pySINDy with MIT License | 5 votes |
|
def make_auth(self):
from zmq.auth.ioloop import IOLoopAuthenticator
return IOLoopAuthenticator(self.context, io_loop=self.io_loop)
Example #19
| Source File: test_auth.py From pySINDy with MIT License | 5 votes |
|
def test_none(self):
"""ioloop auth - NONE"""
# A default NULL connection should always succeed, and not
# go through our authentication infrastructure at all.
# no auth should be running
self.auth.stop()
self.auth = None
Example #20
| Source File: test_auth.py From pySINDy with MIT License | 5 votes |
|
def test_null(self):
"""ioloop auth - NULL"""
# By setting a domain we switch on authentication for NULL sockets,
# though no policies are configured yet. The client connection
# should still be allowed.
self.server.zap_domain = b'global'
Example #21
| Source File: test_auth.py From pySINDy with MIT License | 5 votes |
|
def test_blacklist(self):
"""ioloop auth - Blacklist"""
# Blacklist 127.0.0.1, connection should fail
self.auth.deny('127.0.0.1')
self.server.zap_domain = b'global'
Example #22
| Source File: test_auth.py From pySINDy with MIT License | 5 votes |
|
def test_whitelist(self):
"""ioloop auth - Whitelist"""
# Whitelist 127.0.0.1, which overrides the blacklist, connection should pass"
self.auth.allow('127.0.0.1')
self.server.setsockopt(zmq.ZAP_DOMAIN, b'global')
Example #23
| Source File: test_auth.py From pySINDy with MIT License | 5 votes |
|
def test_plain_unconfigured_server(self):
"""ioloop auth - PLAIN, unconfigured server"""
self.client.plain_username = b'admin'
self.client.plain_password = b'Password'
# Try PLAIN authentication - without configuring server, connection should fail
self.server.plain_server = True
Example #24
| Source File: test_auth.py From pySINDy with MIT License | 5 votes |
|
def test_plain_bogus_credentials(self):
"""ioloop auth - PLAIN, bogus credentials"""
self.client.plain_username = b'admin'
self.client.plain_password = b'Bogus'
self.server.plain_server = True
self.auth.configure_plain(domain='*', passwords={'admin': 'Password'})
Example #25
| Source File: test_auth.py From pySINDy with MIT License | 5 votes |
|
def test_curve_unconfigured_server(self):
"""ioloop auth - CURVE, unconfigured server"""
certs = self.load_certs(self.secret_keys_dir)
server_public, server_secret, client_public, client_secret = certs
self.auth.allow('127.0.0.1')
self.server.curve_publickey = server_public
self.server.curve_secretkey = server_secret
self.server.curve_server = True
self.client.curve_publickey = client_public
self.client.curve_secretkey = client_secret
self.client.curve_serverkey = server_public
Example #26
| Source File: test_auth.py From pySINDy with MIT License | 5 votes |
|
def test_curve_allow_any(self):
"""ioloop auth - CURVE, CURVE_ALLOW_ANY"""
certs = self.load_certs(self.secret_keys_dir)
server_public, server_secret, client_public, client_secret = certs
self.auth.allow('127.0.0.1')
self.auth.configure_curve(domain='*', location=zmq.auth.CURVE_ALLOW_ANY)
self.server.curve_publickey = server_public
self.server.curve_secretkey = server_secret
self.server.curve_server = True
self.client.curve_publickey = client_public
self.client.curve_secretkey = client_secret
self.client.curve_serverkey = server_public
Example #27
| Source File: helper.py From vidgear with Apache License 2.0 | 5 votes |
|
def validate_auth_keys(path, extension):
"""
### validate_auth_keys
Validates, and also maintains generated ZMQ CURVE Key-pairs.
Parameters:
path (string): path of generated CURVE key-pairs
extension (string): type of key-pair to be validated
**Returns:** A boolean value, confirming whether tests passed, or not?.
"""
# check for valid path
if not (os.path.exists(path)):
return False
# check if directory empty
if not (os.listdir(path)):
return False
keys_buffer = [] # stores auth-keys
# loop over auth-keys
for key_file in os.listdir(path):
key = os.path.splitext(key_file)
# check if valid key is generated
if key and (key[0] in ["server", "client"]) and (key[1] == extension):
keys_buffer.append(key_file) # store it
# remove invalid keys if found
if len(keys_buffer) == 1:
os.remove(os.path.join(path, keys_buffer[0]))
# return results
return True if (len(keys_buffer) == 2) else False
Example #28
| Source File: test_auth.py From vnpy_crypto with MIT License | 5 votes |
|
def test_blacklist(self):
"""ioloop auth - Blacklist"""
# Blacklist 127.0.0.1, connection should fail
self.auth.deny('127.0.0.1')
self.server.zap_domain = b'global'
Example #29
| Source File: test_auth.py From vnpy_crypto with MIT License | 5 votes |
|
def setUp(self):
if zmq.zmq_version_info() < (4,0):
raise SkipTest("security is new in libzmq 4.0")
try:
zmq.curve_keypair()
except zmq.ZMQError:
raise SkipTest("security requires libzmq to have curve support")
super(BaseAuthTestCase, self).setUp()
# enable debug logging while we run tests
logging.getLogger('zmq.auth').setLevel(logging.DEBUG)
self.auth = self.make_auth()
self.auth.start()
self.base_dir, self.public_keys_dir, self.secret_keys_dir = self.create_certs()
Example #30
| Source File: test_auth.py From vnpy_crypto with MIT License | 5 votes |
|
def tearDown(self):
if self.auth:
self.auth.stop()
self.auth = None
self.remove_certs(self.base_dir)
super(BaseAuthTestCase, self).tearDown()
