mycert + caurl

v6d0auth/app.py

@@ -1,4 +1,4 @@
-import asyncio.futures
+import asyncio
 
 from aiohttp import web, http_websocket
 from nacl.exceptions import BadSignatureError

v6d0auth/certs.py

@@ -1,11 +1,11 @@
 from typing import Optional
 
-from nacl.public import PrivateKey, PublicKey
+from nacl.public import PrivateKey, PublicKey, SealedBox
 from nacl.signing import SigningKey, VerifyKey, SignedMessage
 
 from v6d0auth.config import myroot, cakey
 
-__all__ = ('vkey', 'pkey',)
+__all__ = ('vkey', 'pkey', 'averify')
 
 _keyfile = myroot / '.key'
 if _keyfile.exists():
@@ -27,9 +27,13 @@ def verify(data: bytes, signature: Optional[bytes] = None) -> bytes:
     return vkey.verify(data, signature)
 
 
+def receive(data: bytes) -> bytes:
+    return SealedBox(_ekey).decrypt(data)
+
+
 if cakey:
     akey: VerifyKey = VerifyKey(cakey)
 
 
-    def averify(data: bytes, signature: Optional[bytes] = None) -> bytes:
-        return akey.verify(data, signature)
+def averify(data: bytes, signature: Optional[bytes] = None) -> bytes:
+    return akey.verify(data, signature)

v6d0auth/client.py

@@ -1,18 +1,34 @@
 import aiohttp
-
-__all__ = ('request_signature',)
+from nacl.exceptions import BadSignatureError
 
 from v6d0auth import certs
+from v6d0auth.certs import averify
+from v6d0auth.config import myroot, caurl
+
+__all__ = ('request_signature', 'mycert')
 
 
-async def request_signature(base_url: str) -> bytes:
+async def request_signature() -> bytes:
     async with aiohttp.ClientSession() as session:
-        async with session.post(f'{base_url}/push', data=certs.vkey.encode()) as response:
+        async with session.post(f'{caurl}/push', data=certs.vkey.encode()) as response:
             if response.status not in [200, 429]:
-                raise RuntimeError
-        async with session.ws_connect(f'{base_url}/pullws') as ws:
+                raise RuntimeError(response.status)
+        async with session.ws_connect(f'{caurl}/pullws') as ws:
             await ws.send_bytes(certs.vkey.encode())
             try:
                 return await ws.receive_bytes()
             except TypeError:
                 raise TimeoutError
+
+
+_certfile = myroot / 'cert'
+
+
+async def mycert() -> bytes:
+    try:
+        cert = _certfile.read_bytes()
+        averify(cert)
+    except (FileNotFoundError, BadSignatureError):
+        cert = await request_signature()
+        _certfile.write_bytes(cert)
+    return cert

v6d0auth/config.py

@@ -1,12 +1,14 @@
 import os
 from pathlib import Path
 
-__all__ = ('myroot', 'host', 'port', 'cakey')
+__all__ = ('root', 'myroot', 'host', 'port', 'cakey', 'caurl',)
 
-_root = Path(os.getenv('v6root', './data'))
-assert _root.exists()
-myroot = _root / 'v6d0auth'
+root = Path(os.getenv('v6root', './data'))
+assert root.exists()
+myroot = root / 'v6d0auth'
 myroot.mkdir(exist_ok=True)
 host = os.getenv('v6host', '127.0.0.1')
 port = int(os.getenv('v6port', '5003'))
 cakey = bytes.fromhex(os.getenv('v6ca', ''))
+# noinspection HttpUrlsUsage
+caurl = os.getenv('v6caurl', f'http://{host}:{port}')

v6d0auth/sign-request.py

@@ -4,7 +4,7 @@ import asyncio
 import aiohttp
 
 from v6d0auth import certs
-from v6d0auth.config import port
+from v6d0auth.config import port, host
 
 parser = argparse.ArgumentParser()
 parser.add_argument('handle', type=str)
@@ -14,7 +14,8 @@ async def main():
     handle = bytes.fromhex(args.handle)
     request = certs.sign(handle)
     async with aiohttp.ClientSession() as session:
-        async with session.post(f'http://127.0.0.1:{port}/approve', data=request) as response:
+        # noinspection HttpUrlsUsage
+        async with session.post(f'http://{host}:{port}/approve', data=request) as response:
             print(response.status)
             if response.status == 200:
                 print((await response.read()).hex())

v6d0auth/test-request.py

@@ -1,12 +1,10 @@
 import asyncio
 
 from v6d0auth.client import request_signature
-from v6d0auth.config import port, host
 
 
 async def main():
-    # noinspection HttpUrlsUsage
-    print((await request_signature(f'http://{host}:{port}')).hex())
+    print((await request_signature()).hex())
 
 
 if __name__ == '__main__':