commit e0dacb98ad9737b3c86b47df14cc8dd7da46f2f5 Author: Arlo Breault <arlolra@gmail.com> Date: Mon Apr 29 12:04:51 2013 -0700 Add --facilitator-pubkey option to registration helpers. It lets you give the name of a file holding a non-default facilitator public key. See https://trac.torproject.org/projects/tor/ticket/8800. --- flashproxy-reg-email | 18 +++++++++++++++--- flashproxy-reg-url | 45 ++++++++++++++++++++++++++++----------------- 2 files changed, 43 insertions(+), 20 deletions(-) diff --git a/flashproxy-reg-email b/flashproxy-reg-email index e446590..6336bb1 100755 --- a/flashproxy-reg-email +++ b/flashproxy-reg-email @@ -66,7 +66,7 @@ PUBKEY_SHA1 = "1926a5cb3fd7e48328188946e73ade84f55787dc".decode("hex") # the facilitator operators should have the corresponding private key. Given a # private key in reg-email, get the public key like this: # openssl rsa -pubout < reg-email > reg-email.pub -FACILITATOR_PUBKEY_PEM = """\ +DEFAULT_FACILITATOR_PUBKEY_PEM = """\ -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA44Mt8c599/4N2fgu6ppN oatPW1GOgZxxObljFtEy0OWM1eHB35OOn+Kn9MxNHTRxVWwCEi0HYxWNVs2qrXxV @@ -78,6 +78,13 @@ gwIDAQAB -----END PUBLIC KEY----- """ +def get_facilitator_pubkey(filename): + if filename is not None: + return RSA.load_pub_key(filename) + else: + return RSA.load_pub_key_bio( + BIO.MemoryBuffer(DEFAULT_FACILITATOR_PUBKEY_PEM)) + class options(object): remote_addr = None email_addr = None @@ -102,6 +109,7 @@ This program requires the M2Crypto library for Python. -6 name lookups use only IPv6. -d, --debug enable debugging output (Python smtplib messages). -e, --email=ADDRESS send mail to ADDRESS (default "%(email_addr)s"). + -k, --facilitator-pubkey=FILE corresponds to the reg-daemon private key -h, --help show this help. -s, --smtp=HOST[:PORT] use the given SMTP server (default "%(smtp_addr)s").\ @@ -178,8 +186,10 @@ def get_state_dir(): options.remote_addr = (DEFAULT_REMOTE_ADDRESS, DEFAULT_REMOTE_PORT) options.email_addr = DEFAULT_EMAIL_ADDRESS options.smtp_addr = (DEFAULT_SMTP_HOST, DEFAULT_SMTP_PORT) +options.facilitator_publickey_filename = None -opts, args = getopt.gnu_getopt(sys.argv[1:], "46de:hs:", ["debug", "email=", "help", "smtp="]) +opts, args = getopt.gnu_getopt(sys.argv[1:], "46de:k:hs:", + ["debug", "email=", "facilitator-pubkey=", "help", "smtp="]) for o, a in opts: if o == "-4": options.address_family = socket.AF_INET @@ -189,6 +199,8 @@ for o, a in opts: options.debug = True elif o == "-e" or o == "--email": options.email_addr = a + elif o == "-k" or o == "--facilitator-pubkey": + options.facilitator_publickey_filename = a elif o == "-h" or o == "--help": usage() sys.exit() @@ -269,7 +281,7 @@ try: options.remote_addr = parse_addr_spec(spec, *options.remote_addr) body_plain = (u"client=%s" % format_addr(options.remote_addr)).encode("utf-8") - rsa = RSA.load_pub_key_bio(BIO.MemoryBuffer(FACILITATOR_PUBKEY_PEM)) + rsa = get_facilitator_pubkey(options.facilitator_publickey_filename) body_crypt = rsa.public_encrypt(body_plain, RSA.pkcs1_oaep_padding) body = body_crypt.encode("base64") diff --git a/flashproxy-reg-url b/flashproxy-reg-url index 75f6905..4a4a555 100755 --- a/flashproxy-reg-url +++ b/flashproxy-reg-url @@ -11,6 +11,24 @@ from M2Crypto import RSA, BIO DEFAULT_REMOTE_PORT = 9000 DEFAULT_FACILITATOR_URL = "https://fp-facilitator.org/" +DEFAULT_FACILITATOR_PUBKEY_PEM = """\ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA44Mt8c599/4N2fgu6ppN +oatPW1GOgZxxObljFtEy0OWM1eHB35OOn+Kn9MxNHTRxVWwCEi0HYxWNVs2qrXxV +84LmWBz6A65d2qBlgltgLXusiXLrpwxVmJeO+GfmbF8ur0U9JSYxA20cGW/kujNg +XYDGQxO1Gvxq2lHK2LQmBpkfKEE1DMFASmIvlHDQgDj3XBb5lYeOsHZmg16UrGAq +1UH238hgJITPGLXBtwLtJkYbrATJvrEcmvI7QSm57SgYGpaB5ZdCbJL5bag5Pgt6 +M5SDDYYY4xxEPzokjFJfCQv+kcyAnzERNMQ9kR41ePTXG62bpngK5iWGeJ5XdkxG +gwIDAQAB +-----END PUBLIC KEY----- +""" + +def get_facilitator_pubkey(filename): + if filename is not None: + return RSA.load_pub_key(filename) + else: + return RSA.load_pub_key_bio( + BIO.MemoryBuffer(DEFAULT_FACILITATOR_PUBKEY_PEM)) class options(object): facilitator_url = None @@ -22,27 +40,16 @@ Print a URL, which, when retrieved, will cause the client address REMOTE[:PORT] to be registered with the flash proxy facilitator. The default PORT is %(port)d. - -f, --facilitator=URL register with the given facilitator - (by default "%(fac_url)s"). - -h, --help show this help.\ + -f, --facilitator=URL register with the given facilitator + (by default "%(fac_url)s"). + -k, --facilitator-pubkey=FILE corresponds to the reg-daemon private key + -h, --help show this help.\ """ % { "progname": sys.argv[0], "fac_url": DEFAULT_FACILITATOR_URL, "port": DEFAULT_REMOTE_PORT, } -FACILITATOR_PUBKEY_PEM = """\ ------BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA44Mt8c599/4N2fgu6ppN -oatPW1GOgZxxObljFtEy0OWM1eHB35OOn+Kn9MxNHTRxVWwCEi0HYxWNVs2qrXxV -84LmWBz6A65d2qBlgltgLXusiXLrpwxVmJeO+GfmbF8ur0U9JSYxA20cGW/kujNg -XYDGQxO1Gvxq2lHK2LQmBpkfKEE1DMFASmIvlHDQgDj3XBb5lYeOsHZmg16UrGAq -1UH238hgJITPGLXBtwLtJkYbrATJvrEcmvI7QSm57SgYGpaB5ZdCbJL5bag5Pgt6 -M5SDDYYY4xxEPzokjFJfCQv+kcyAnzERNMQ9kR41ePTXG62bpngK5iWGeJ5XdkxG -gwIDAQAB ------END PUBLIC KEY----- -""" - def parse_addr_spec(spec, defhost = None, defport = None): host = None port = None @@ -94,11 +101,15 @@ def format_addr(addr): return result options.facilitator_url = DEFAULT_FACILITATOR_URL +options.facilitator_publickey_filename = None -opt, args = getopt.gnu_getopt(sys.argv[1:], "f:h", ["facilitator=", "help"]) +opt, args = getopt.gnu_getopt(sys.argv[1:], "f:k:h", + ["facilitator=", "facilitator-pubkey=", "help"]) for o, a in opt: if o == "-f" or o == "--facilitator": options.facilitator_url = a + elif o == "-k" or o == "--facilitator-pubkey": + options.facilitator_publickey_filename = a elif o == "-h" or o == "--help": usage() sys.exit() @@ -113,7 +124,7 @@ if remote_addr[0] is None: sys.exit(1) reg_plain = (u"client=%s" % format_addr(remote_addr)).encode("utf-8") -rsa = RSA.load_pub_key_bio(BIO.MemoryBuffer(FACILITATOR_PUBKEY_PEM)) +rsa = get_facilitator_pubkey(options.facilitator_publickey_filename) reg_crypt = rsa.public_encrypt(reg_plain, RSA.pkcs1_oaep_padding) reg = base64.urlsafe_b64encode(reg_crypt)