diff --git a/sros2/sros2/api/__init__.py b/sros2/sros2/api/__init__.py index d59c761f..1a0343ed 100644 --- a/sros2/sros2/api/__init__.py +++ b/sros2/sros2/api/__init__.py @@ -13,12 +13,6 @@ # limitations under the License. from collections import namedtuple -import os -import sys - -from sros2.policy import load_policy - -from . import _key, _keystore, _permission, _policy HIDDEN_NODE_PREFIX = '_' @@ -68,38 +62,3 @@ def get_client_info(node, node_name): def distribute_key(source_keystore_path, taget_keystore_path): raise NotImplementedError() - - -def get_keystore_path_from_env(): - root_keystore_env_var = 'ROS_SECURITY_ROOT_DIRECTORY' - root_keystore_path = os.getenv(root_keystore_env_var) - if root_keystore_path is None: - print('%s is empty' % root_keystore_env_var, file=sys.stderr) - return root_keystore_path - - -def generate_artifacts(keystore_path=None, identity_names=[], policy_files=[]): - if keystore_path is None: - keystore_path = get_keystore_path_from_env() - if keystore_path is None: - return False - if not _keystore.is_valid_keystore(keystore_path): - print('%s is not a valid keystore, creating new keystore' % keystore_path) - _keystore.create_keystore(keystore_path) - - # create keys for all provided identities - for identity in identity_names: - if not _key.create_key(keystore_path, identity): - return False - for policy_file in policy_files: - policy_tree = load_policy(policy_file) - contexts_element = policy_tree.find('contexts') - for context in contexts_element: - identity_name = context.get('path') - if identity_name not in identity_names: - if not _key.create_key(keystore_path, identity_name): - return False - policy_element = _policy.get_policy_from_tree(identity_name, policy_tree) - _permission.create_permissions_from_policy_element( - keystore_path, identity_name, policy_element) - return True diff --git a/sros2/sros2/api/_artifact_generation.py b/sros2/sros2/api/_artifact_generation.py new file mode 100644 index 00000000..85223e7c --- /dev/null +++ b/sros2/sros2/api/_artifact_generation.py @@ -0,0 +1,44 @@ +# Copyright 2016-2019 Open Source Robotics Foundation, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from sros2.policy import load_policy + +from . import _key, _keystore, _permission, _policy, _utilities + + +def generate_artifacts(keystore_path=None, identity_names=[], policy_files=[]): + if keystore_path is None: + keystore_path = _utilities.get_keystore_path_from_env() + if keystore_path is None: + return False + if not _keystore.is_valid_keystore(keystore_path): + print('%s is not a valid keystore, creating new keystore' % keystore_path) + _keystore.create_keystore(keystore_path) + + # create keys for all provided identities + for identity in identity_names: + if not _key.create_key(keystore_path, identity): + return False + for policy_file in policy_files: + policy_tree = load_policy(policy_file) + contexts_element = policy_tree.find('contexts') + for context in contexts_element: + identity_name = context.get('path') + if identity_name not in identity_names: + if not _key.create_key(keystore_path, identity_name): + return False + policy_element = _policy.get_policy_from_tree(identity_name, policy_tree) + _permission.create_permissions_from_policy_element( + keystore_path, identity_name, policy_element) + return True diff --git a/sros2/sros2/api/_utilities.py b/sros2/sros2/api/_utilities.py index adee18b1..88996d71 100644 --- a/sros2/sros2/api/_utilities.py +++ b/sros2/sros2/api/_utilities.py @@ -15,6 +15,7 @@ import datetime import os +import sys from cryptography import x509 from cryptography.hazmat.backends import default_backend as cryptography_backend @@ -24,6 +25,7 @@ from cryptography.hazmat.primitives.asymmetric import ec _DOMAIN_ID_ENV = 'ROS_DOMAIN_ID' +_KEYSTORE_DIR_ENV = 'ROS_SECURITY_ROOT_DIRECTORY' def create_symlink(*, src, dst): @@ -40,6 +42,13 @@ def domain_id() -> str: return os.getenv(_DOMAIN_ID_ENV, '0') +def get_keystore_path_from_env(): + root_keystore_path = os.getenv(_KEYSTORE_DIR_ENV) + if root_keystore_path is None: + print('%s is empty' % _KEYSTORE_DIR_ENV, file=sys.stderr) + return root_keystore_path + + def create_smime_signed_file(cert_path, key_path, unsigned_file_path, signed_file_path): # Load the CA cert and key from disk with open(cert_path, 'rb') as cert_file: diff --git a/sros2/sros2/verb/generate_artifacts.py b/sros2/sros2/verb/generate_artifacts.py index c5d6de60..912eadcf 100644 --- a/sros2/sros2/verb/generate_artifacts.py +++ b/sros2/sros2/verb/generate_artifacts.py @@ -23,7 +23,7 @@ def DirectoriesCompleter(): def FilesCompleter(*, allowednames, directories): return None -from sros2.api import generate_artifacts +from sros2.api import _artifact_generation from sros2.verb import VerbExtension @@ -44,7 +44,7 @@ def add_arguments(self, parser, cli_name): def main(self, *, args): try: - success = generate_artifacts( + success = _artifact_generation.generate_artifacts( args.keystore_root_path, args.security_contexts, args.policy_files) except FileNotFoundError as e: raise RuntimeError(str(e))