-
Notifications
You must be signed in to change notification settings - Fork 48
/
stone_house_server.py
86 lines (66 loc) · 2.63 KB
/
stone_house_server.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
#!/usr/bin/env python
'''
Stonehouse uses the "CURVE" security mechanism.
This gives us strong encryption on data, and (as far as we know) unbreakable
authentication. Stonehouse is the minimum you would use over public networks,
and assures clients that they are speaking to an authentic server, while
allowing any client to connect.
Author: Chris Laws
Modified by Willem de Jong - only start the Python server, the client is the
Chumak Erlang implementation.
To run from an erlang shell:
cd("python-test"),
{ok, ServerKeys} = chumak_cert:read("server.key"),
SPK = proplists:get_value(public_key, ServerKeys),
{ok, ClientKeys} = chumak_cert:read("client.key"),
CSK = proplists:get_value(secret_key, ClientKeys),
CPK = proplists:get_value(public_key, ClientKeys),
application:start(chumak),
{ok, Socket} = chumak:socket(pull),
ok = chumak:set_socket_option(Socket, curve_secretkey, CSK),
ok = chumak:set_socket_option(Socket, curve_publickey, CPK),
ok = chumak:set_socket_option(Socket, curve_serverkey, SPK),
{ok, _} = chumak:connect(Socket, tcp, "127.0.0.1", 9000),
{ok, Message} = chumak:recv(Socket),
io:format("received: ~p~n", [Message]),
halt().
'''
import logging
import os
import sys
import time
import zmq
import zmq.auth
from zmq.auth.thread import ThreadAuthenticator
def run():
''' Run Stonehouse example '''
# These directories are generated by the generate_certificates script
keys_dir = os.path.dirname(__file__)
ctx = zmq.Context.instance()
# Start an authenticator for this context.
auth = ThreadAuthenticator(ctx)
auth.start()
auth.allow('127.0.0.1')
# Tell the authenticator how to handle CURVE requests
auth.configure_curve(domain='*', location=zmq.auth.CURVE_ALLOW_ANY)
server_key_file = os.path.join(keys_dir, "server.key")
server_public, server_secret = zmq.auth.load_certificate(server_key_file)
server = ctx.socket(zmq.PUSH)
server.curve_secretkey = server_secret
server.curve_publickey = server_public
server.curve_server = True # must come before bind
server.bind('tcp://*:9000')
server.send(b"Hello")
# Make sure that there is time to finish the handshake
time.sleep(2)
# stop auth thread
auth.stop()
if __name__ == '__main__':
if zmq.zmq_version_info() < (4,0):
raise RuntimeError("Security is not supported in libzmq version < 4.0. libzmq version {0}".format(zmq.zmq_version()))
if '-v' in sys.argv:
level = logging.DEBUG
else:
level = logging.INFO
logging.basicConfig(level=level, format="[%(levelname)s] %(message)s")
run()