Python zmq.auth() Examples
The following are 30
code examples of zmq.auth().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
zmq
, or try the search function
.
Example #1
Source File: authenticator.py From indy-plenum with Apache License 2.0 | 6 votes |
def start(self): """Start the authentication thread""" # create a socket to communicate with auth thread. self.pipe = self.context.socket(zmq.PAIR) self.pipe.linger = 1 self.pipe.bind(self.pipe_endpoint) authenticator = MultiZapAuthenticator(self.context, encoding=self.encoding, log=self.log) self.thread = AuthenticationThread(self.context, self.pipe_endpoint, encoding=self.encoding, log=self.log, authenticator=authenticator) self.thread.start() # Event.wait:Changed in version 2.7: Previously, the method always returned None. if sys.version_info < (2, 7): self.thread.started.wait(timeout=10) else: if not self.thread.started.wait(timeout=10): raise RuntimeError("Authenticator thread failed to start")
Example #2
Source File: test_auth.py From vnpy_crypto with MIT License | 6 votes |
def test_null(self): """threaded auth - NULL""" # A default NULL connection should always succeed, and not # go through our authentication infrastructure at all. self.auth.stop() self.auth = None # use a new context, so ZAP isn't inherited self.context = self.Context() server = self.socket(zmq.PUSH) client = self.socket(zmq.PULL) self.assertTrue(self.can_connect(server, client)) # By setting a domain we switch on authentication for NULL sockets, # though no policies are configured yet. The client connection # should still be allowed. server = self.socket(zmq.PUSH) server.zap_domain = b'global' client = self.socket(zmq.PULL) self.assertTrue(self.can_connect(server, client))
Example #3
Source File: test_auth.py From pySINDy with MIT License | 6 votes |
def test_null(self): """threaded auth - NULL""" # A default NULL connection should always succeed, and not # go through our authentication infrastructure at all. self.auth.stop() self.auth = None # use a new context, so ZAP isn't inherited self.context = self.Context() server = self.socket(zmq.PUSH) client = self.socket(zmq.PULL) self.assertTrue(self.can_connect(server, client)) # By setting a domain we switch on authentication for NULL sockets, # though no policies are configured yet. The client connection # should still be allowed. server = self.socket(zmq.PUSH) server.zap_domain = b'global' client = self.socket(zmq.PULL) self.assertTrue(self.can_connect(server, client))
Example #4
Source File: test_auth.py From pySINDy with MIT License | 5 votes |
def test_whitelist(self): """threaded auth - Whitelist""" # Whitelist 127.0.0.1, connection should pass" self.auth.allow('127.0.0.1') server = self.socket(zmq.PUSH) # By setting a domain we switch on authentication for NULL sockets, # though no policies are configured yet. server.zap_domain = b'global' client = self.socket(zmq.PULL) self.assertTrue(self.can_connect(server, client))
Example #5
Source File: zstack.py From indy-plenum with Apache License 2.0 | 5 votes |
def setupAuth(self, restricted=True, force=False): if self.auth and not force: raise RuntimeError('Listener already setup') location = self.publicKeysDir if restricted else zmq.auth.CURVE_ALLOW_ANY # self.auth = AsyncioAuthenticator(self.ctx) self.auth = MultiZapAuthenticator(self.ctx) self.auth.start() self.auth.allow('0.0.0.0') self.auth.configure_curve(domain='*', location=location)
Example #6
Source File: zstack.py From indy-plenum with Apache License 2.0 | 5 votes |
def teardownAuth(self): if self.auth: self.auth.stop()
Example #7
Source File: zstack.py From indy-plenum with Apache License 2.0 | 5 votes |
def selfSigKeys(self): serverSecretFile = os.path.join(self.sigKeyDir, "{}.key_secret".format(self.name)) return zmq.auth.load_certificate(serverSecretFile)
Example #8
Source File: zstack.py From indy-plenum with Apache License 2.0 | 5 votes |
def isRestricted(self): return not self.auth.allow_any if self.auth is not None \ else self.restricted
Example #9
Source File: zstack.py From indy-plenum with Apache License 2.0 | 5 votes |
def loadPubKeyFromDisk(directory, name): filePath = os.path.join(directory, "{}.key".format(name)) try: public, _ = zmq.auth.load_certificate(filePath) return public except (ValueError, IOError) as ex: raise KeyError from ex
Example #10
Source File: zstack.py From indy-plenum with Apache License 2.0 | 5 votes |
def loadSecKeyFromDisk(directory, name): filePath = os.path.join(directory, "{}.key_secret".format(name)) try: _, secret = zmq.auth.load_certificate(filePath) return secret except (ValueError, IOError) as ex: raise KeyError from ex
Example #11
Source File: zstack.py From indy-plenum with Apache License 2.0 | 5 votes |
def getAllVerKeys(self): keys = [] for key_file in os.listdir(self.verifKeyDir): if key_file.endswith(".key"): serverVerifFile = os.path.join(self.verifKeyDir, key_file) serverPublic, _ = zmq.auth.load_certificate(serverVerifFile) keys.append(serverPublic) return keys
Example #12
Source File: test_auth.py From pySINDy with MIT License | 5 votes |
def setUp(self): if zmq.zmq_version_info() < (4,0): raise SkipTest("security is new in libzmq 4.0") try: zmq.curve_keypair() except zmq.ZMQError: raise SkipTest("security requires libzmq to have curve support") super(BaseAuthTestCase, self).setUp() # enable debug logging while we run tests logging.getLogger('zmq.auth').setLevel(logging.DEBUG) self.auth = self.make_auth() self.auth.start() self.base_dir, self.public_keys_dir, self.secret_keys_dir = self.create_certs()
Example #13
Source File: test_auth.py From pySINDy with MIT License | 5 votes |
def tearDown(self): if self.auth: self.auth.stop() self.auth = None self.remove_certs(self.base_dir) super(BaseAuthTestCase, self).tearDown()
Example #14
Source File: test_auth.py From pySINDy with MIT License | 5 votes |
def create_certs(self): """Create CURVE certificates for a test""" # Create temporary CURVE keypairs for this test run. We create all keys in a # temp directory and then move them into the appropriate private or public # directory. base_dir = tempfile.mkdtemp() keys_dir = os.path.join(base_dir, 'certificates') public_keys_dir = os.path.join(base_dir, 'public_keys') secret_keys_dir = os.path.join(base_dir, 'private_keys') os.mkdir(keys_dir) os.mkdir(public_keys_dir) os.mkdir(secret_keys_dir) server_public_file, server_secret_file = zmq.auth.create_certificates(keys_dir, "server") client_public_file, client_secret_file = zmq.auth.create_certificates(keys_dir, "client") for key_file in os.listdir(keys_dir): if key_file.endswith(".key"): shutil.move(os.path.join(keys_dir, key_file), os.path.join(public_keys_dir, '.')) for key_file in os.listdir(keys_dir): if key_file.endswith(".key_secret"): shutil.move(os.path.join(keys_dir, key_file), os.path.join(secret_keys_dir, '.')) return (base_dir, public_keys_dir, secret_keys_dir)
Example #15
Source File: test_auth.py From pySINDy with MIT License | 5 votes |
def load_certs(self, secret_keys_dir): """Return server and client certificate keys""" server_secret_file = os.path.join(secret_keys_dir, "server.key_secret") client_secret_file = os.path.join(secret_keys_dir, "client.key_secret") server_public, server_secret = zmq.auth.load_certificate(server_secret_file) client_public, client_secret = zmq.auth.load_certificate(client_secret_file) return server_public, server_secret, client_public, client_secret
Example #16
Source File: test_auth.py From pySINDy with MIT License | 5 votes |
def test_curve_configured_server(self): """ioloop auth - CURVE, configured server""" self.auth.allow('127.0.0.1') certs = self.load_certs(self.secret_keys_dir) server_public, server_secret, client_public, client_secret = certs self.auth.configure_curve(domain='*', location=self.public_keys_dir) self.server.curve_publickey = server_public self.server.curve_secretkey = server_secret self.server.curve_server = True self.client.curve_publickey = client_public self.client.curve_secretkey = client_secret self.client.curve_serverkey = server_public
Example #17
Source File: test_auth.py From pySINDy with MIT License | 5 votes |
def test_plain(self): """threaded auth - PLAIN""" # Try PLAIN authentication - without configuring server, connection should fail server = self.socket(zmq.PUSH) server.plain_server = True client = self.socket(zmq.PULL) client.plain_username = b'admin' client.plain_password = b'Password' self.assertFalse(self.can_connect(server, client)) # Try PLAIN authentication - with server configured, connection should pass server = self.socket(zmq.PUSH) server.plain_server = True client = self.socket(zmq.PULL) client.plain_username = b'admin' client.plain_password = b'Password' self.auth.configure_plain(domain='*', passwords={'admin': 'Password'}) self.assertTrue(self.can_connect(server, client)) # Try PLAIN authentication - with bogus credentials, connection should fail server = self.socket(zmq.PUSH) server.plain_server = True client = self.socket(zmq.PULL) client.plain_username = b'admin' client.plain_password = b'Bogus' self.assertFalse(self.can_connect(server, client)) # Remove authenticator and check that a normal connection works self.auth.stop() self.auth = None server = self.socket(zmq.PUSH) client = self.socket(zmq.PULL) self.assertTrue(self.can_connect(server, client)) client.close() server.close()
Example #18
Source File: test_auth.py From pySINDy with MIT License | 5 votes |
def make_auth(self): from zmq.auth.ioloop import IOLoopAuthenticator return IOLoopAuthenticator(self.context, io_loop=self.io_loop)
Example #19
Source File: test_auth.py From pySINDy with MIT License | 5 votes |
def test_none(self): """ioloop auth - NONE""" # A default NULL connection should always succeed, and not # go through our authentication infrastructure at all. # no auth should be running self.auth.stop() self.auth = None
Example #20
Source File: test_auth.py From pySINDy with MIT License | 5 votes |
def test_null(self): """ioloop auth - NULL""" # By setting a domain we switch on authentication for NULL sockets, # though no policies are configured yet. The client connection # should still be allowed. self.server.zap_domain = b'global'
Example #21
Source File: test_auth.py From pySINDy with MIT License | 5 votes |
def test_blacklist(self): """ioloop auth - Blacklist""" # Blacklist 127.0.0.1, connection should fail self.auth.deny('127.0.0.1') self.server.zap_domain = b'global'
Example #22
Source File: test_auth.py From pySINDy with MIT License | 5 votes |
def test_whitelist(self): """ioloop auth - Whitelist""" # Whitelist 127.0.0.1, which overrides the blacklist, connection should pass" self.auth.allow('127.0.0.1') self.server.setsockopt(zmq.ZAP_DOMAIN, b'global')
Example #23
Source File: test_auth.py From pySINDy with MIT License | 5 votes |
def test_plain_unconfigured_server(self): """ioloop auth - PLAIN, unconfigured server""" self.client.plain_username = b'admin' self.client.plain_password = b'Password' # Try PLAIN authentication - without configuring server, connection should fail self.server.plain_server = True
Example #24
Source File: test_auth.py From pySINDy with MIT License | 5 votes |
def test_plain_bogus_credentials(self): """ioloop auth - PLAIN, bogus credentials""" self.client.plain_username = b'admin' self.client.plain_password = b'Bogus' self.server.plain_server = True self.auth.configure_plain(domain='*', passwords={'admin': 'Password'})
Example #25
Source File: test_auth.py From pySINDy with MIT License | 5 votes |
def test_curve_unconfigured_server(self): """ioloop auth - CURVE, unconfigured server""" certs = self.load_certs(self.secret_keys_dir) server_public, server_secret, client_public, client_secret = certs self.auth.allow('127.0.0.1') self.server.curve_publickey = server_public self.server.curve_secretkey = server_secret self.server.curve_server = True self.client.curve_publickey = client_public self.client.curve_secretkey = client_secret self.client.curve_serverkey = server_public
Example #26
Source File: test_auth.py From pySINDy with MIT License | 5 votes |
def test_curve_allow_any(self): """ioloop auth - CURVE, CURVE_ALLOW_ANY""" certs = self.load_certs(self.secret_keys_dir) server_public, server_secret, client_public, client_secret = certs self.auth.allow('127.0.0.1') self.auth.configure_curve(domain='*', location=zmq.auth.CURVE_ALLOW_ANY) self.server.curve_publickey = server_public self.server.curve_secretkey = server_secret self.server.curve_server = True self.client.curve_publickey = client_public self.client.curve_secretkey = client_secret self.client.curve_serverkey = server_public
Example #27
Source File: helper.py From vidgear with Apache License 2.0 | 5 votes |
def validate_auth_keys(path, extension): """ ### validate_auth_keys Validates, and also maintains generated ZMQ CURVE Key-pairs. Parameters: path (string): path of generated CURVE key-pairs extension (string): type of key-pair to be validated **Returns:** A boolean value, confirming whether tests passed, or not?. """ # check for valid path if not (os.path.exists(path)): return False # check if directory empty if not (os.listdir(path)): return False keys_buffer = [] # stores auth-keys # loop over auth-keys for key_file in os.listdir(path): key = os.path.splitext(key_file) # check if valid key is generated if key and (key[0] in ["server", "client"]) and (key[1] == extension): keys_buffer.append(key_file) # store it # remove invalid keys if found if len(keys_buffer) == 1: os.remove(os.path.join(path, keys_buffer[0])) # return results return True if (len(keys_buffer) == 2) else False
Example #28
Source File: test_auth.py From vnpy_crypto with MIT License | 5 votes |
def test_blacklist(self): """ioloop auth - Blacklist""" # Blacklist 127.0.0.1, connection should fail self.auth.deny('127.0.0.1') self.server.zap_domain = b'global'
Example #29
Source File: test_auth.py From vnpy_crypto with MIT License | 5 votes |
def setUp(self): if zmq.zmq_version_info() < (4,0): raise SkipTest("security is new in libzmq 4.0") try: zmq.curve_keypair() except zmq.ZMQError: raise SkipTest("security requires libzmq to have curve support") super(BaseAuthTestCase, self).setUp() # enable debug logging while we run tests logging.getLogger('zmq.auth').setLevel(logging.DEBUG) self.auth = self.make_auth() self.auth.start() self.base_dir, self.public_keys_dir, self.secret_keys_dir = self.create_certs()
Example #30
Source File: test_auth.py From vnpy_crypto with MIT License | 5 votes |
def tearDown(self): if self.auth: self.auth.stop() self.auth = None self.remove_certs(self.base_dir) super(BaseAuthTestCase, self).tearDown()