diff options
author | Magnus Ahltorp <map@kth.se> | 2017-01-20 00:32:45 +0100 |
---|---|---|
committer | Magnus Ahltorp <map@kth.se> | 2017-01-20 00:32:45 +0100 |
commit | d94247cb9f7746f75b176cbed0a32e9e902e7e7d (patch) | |
tree | 2aefb213f8c66c4bf464f58c62b81994f751dcab /tools/compileconfig.py | |
parent | 1fecbcbcc5b7ae8453e68f3df6f25a140aa6df72 (diff) |
API keys are now provided in the config file.
Also added CA cert verification for internal TLS connections.
Diffstat (limited to 'tools/compileconfig.py')
-rwxr-xr-x | tools/compileconfig.py | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/tools/compileconfig.py b/tools/compileconfig.py index 1fa352e..bbc2277 100755 --- a/tools/compileconfig.py +++ b/tools/compileconfig.py @@ -7,10 +7,14 @@ import argparse import sys import yaml import re +import base64 class Symbol(str): pass +class Binary(str): + pass + clean_string = re.compile(r'^[-.:_/A-Za-z0-9 ]*$') clean_symbol = re.compile(r'^[_A-Za-z0-9]*$') @@ -34,6 +38,8 @@ def gen_erlang(term, level=1): separator = ",\n" + indent if isinstance(term, Symbol): return quote_erlang_symbol(term) + elif isinstance(term, Binary): + return "<<" + ",".join([str(ord(c)) for c in term]) + ">>" elif isinstance(term, basestring): return quote_erlang_string(term) elif isinstance(term, int): @@ -194,9 +200,13 @@ def parse_ratelimit((type, description)): print >>sys.stderr, "%s: Only one ratelimit expression supported right now" % (type,) return (Symbol(type), descriptions) +def api_keys(config): + return [(node["nodename"], Binary(base64.b64decode(node["publickey"]))) for node in config["apikeys"]] + def gen_config(nodename, config, localconfig): print "generating config for", nodename paths = localconfig["paths"] + apikeys = api_keys(config) bind_addresses = { "frontend": localconfig.get("frontendaddresses", {}).get(nodename), "storage": localconfig.get("storageaddresses", {}).get(nodename), @@ -231,6 +241,7 @@ def gen_config(nodename, config, localconfig): (Symbol("https_certfile"), paths["https_certfile"]), (Symbol("https_keyfile"), paths["https_keyfile"]), (Symbol("https_cacertfile"), paths["https_cacertfile"]), + (Symbol("https_cacert_fingerprint"), Binary(base64.b16decode(config["cafingerprint"]))), ] catlfishconfig.append((Symbol("mmd"), config["mmd"])) @@ -333,7 +344,7 @@ def gen_config(nodename, config, localconfig): print >>sys.stderr, "Neither logprivatekey nor hsm configured for signing node", nodename sys.exit(1) plopconfig += [ - (Symbol("log_public_key"), paths["logpublickey"]), + (Symbol("log_public_key"), Binary(base64.b64decode(config["logpublickey"]))), (Symbol("own_key"), (nodename, "%s/%s-private.pem" % (paths["privatekeys"], nodename))), ] if "frontendnodes" in nodetype: @@ -341,6 +352,7 @@ def gen_config(nodename, config, localconfig): plopconfig += [ (Symbol("allowed_clients"), list(allowed_clients)), (Symbol("allowed_servers"), list(allowed_servers)), + (Symbol("apikeys"), apikeys), ] erlangconfig = [ |