[tor-commits] [flashproxy/master] Add --facilitator-pubkey option to registration helpers.

Tue Apr 30 07:07:50 UTC 2013

commit e0dacb98ad9737b3c86b47df14cc8dd7da46f2f5
Author: Arlo Breault <arlolra at gmail.com>
Date:   Mon Apr 29 12:04:51 2013 -0700

    Add --facilitator-pubkey option to registration helpers.
    
    It lets you give the name of a file holding a non-default facilitator
    public key. See https://trac.torproject.org/projects/tor/ticket/8800.
---
 flashproxy-reg-email |   18 +++++++++++++++---
 flashproxy-reg-url   |   45 ++++++++++++++++++++++++++++-----------------
 2 files changed, 43 insertions(+), 20 deletions(-)

diff --git a/flashproxy-reg-email b/flashproxy-reg-email
index e446590..6336bb1 100755
--- a/flashproxy-reg-email
+++ b/flashproxy-reg-email
@@ -66,7 +66,7 @@ PUBKEY_SHA1 = "1926a5cb3fd7e48328188946e73ade84f55787dc".decode("hex")
 # the facilitator operators should have the corresponding private key. Given a
 # private key in reg-email, get the public key like this:
 # openssl rsa -pubout < reg-email > reg-email.pub
-FACILITATOR_PUBKEY_PEM = """\
+DEFAULT_FACILITATOR_PUBKEY_PEM = """\
 -----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA44Mt8c599/4N2fgu6ppN
 oatPW1GOgZxxObljFtEy0OWM1eHB35OOn+Kn9MxNHTRxVWwCEi0HYxWNVs2qrXxV
@@ -78,6 +78,13 @@ gwIDAQAB
 -----END PUBLIC KEY-----
 """
 
+def get_facilitator_pubkey(filename):
+    if filename is not None:
+        return RSA.load_pub_key(filename)
+    else:
+        return RSA.load_pub_key_bio(
+            BIO.MemoryBuffer(DEFAULT_FACILITATOR_PUBKEY_PEM))
+
 class options(object):
     remote_addr = None
     email_addr = None
@@ -102,6 +109,7 @@ This program requires the M2Crypto library for Python.
   -6                      name lookups use only IPv6.
   -d, --debug             enable debugging output (Python smtplib messages).
   -e, --email=ADDRESS     send mail to ADDRESS (default "%(email_addr)s").
+  -k, --facilitator-pubkey=FILE     corresponds to the reg-daemon private key
   -h, --help              show this help.
   -s, --smtp=HOST[:PORT]  use the given SMTP server
                             (default "%(smtp_addr)s").\
@@ -178,8 +186,10 @@ def get_state_dir():
 options.remote_addr = (DEFAULT_REMOTE_ADDRESS, DEFAULT_REMOTE_PORT)
 options.email_addr = DEFAULT_EMAIL_ADDRESS
 options.smtp_addr = (DEFAULT_SMTP_HOST, DEFAULT_SMTP_PORT)
+options.facilitator_publickey_filename = None
 
-opts, args = getopt.gnu_getopt(sys.argv[1:], "46de:hs:", ["debug", "email=", "help", "smtp="])
+opts, args = getopt.gnu_getopt(sys.argv[1:], "46de:k:hs:",
+    ["debug", "email=", "facilitator-pubkey=", "help", "smtp="])
 for o, a in opts:
     if o == "-4":
         options.address_family = socket.AF_INET
@@ -189,6 +199,8 @@ for o, a in opts:
         options.debug = True
     elif o == "-e" or o == "--email":
         options.email_addr = a
+    elif o == "-k" or o == "--facilitator-pubkey":
+        options.facilitator_publickey_filename = a
     elif o == "-h" or o == "--help":
         usage()
         sys.exit()
@@ -269,7 +281,7 @@ try:
         options.remote_addr = parse_addr_spec(spec, *options.remote_addr)
 
     body_plain = (u"client=%s" % format_addr(options.remote_addr)).encode("utf-8")
-    rsa = RSA.load_pub_key_bio(BIO.MemoryBuffer(FACILITATOR_PUBKEY_PEM))
+    rsa = get_facilitator_pubkey(options.facilitator_publickey_filename)
     body_crypt = rsa.public_encrypt(body_plain, RSA.pkcs1_oaep_padding)
     body = body_crypt.encode("base64")
 
diff --git a/flashproxy-reg-url b/flashproxy-reg-url
index 75f6905..4a4a555 100755
--- a/flashproxy-reg-url
+++ b/flashproxy-reg-url
@@ -11,6 +11,24 @@ from M2Crypto import RSA, BIO
 
 DEFAULT_REMOTE_PORT = 9000
 DEFAULT_FACILITATOR_URL = "https://fp-facilitator.org/"
+DEFAULT_FACILITATOR_PUBKEY_PEM = """\
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA44Mt8c599/4N2fgu6ppN
+oatPW1GOgZxxObljFtEy0OWM1eHB35OOn+Kn9MxNHTRxVWwCEi0HYxWNVs2qrXxV
+84LmWBz6A65d2qBlgltgLXusiXLrpwxVmJeO+GfmbF8ur0U9JSYxA20cGW/kujNg
+XYDGQxO1Gvxq2lHK2LQmBpkfKEE1DMFASmIvlHDQgDj3XBb5lYeOsHZmg16UrGAq
+1UH238hgJITPGLXBtwLtJkYbrATJvrEcmvI7QSm57SgYGpaB5ZdCbJL5bag5Pgt6
+M5SDDYYY4xxEPzokjFJfCQv+kcyAnzERNMQ9kR41ePTXG62bpngK5iWGeJ5XdkxG
+gwIDAQAB
+-----END PUBLIC KEY-----
+"""
+
+def get_facilitator_pubkey(filename):
+    if filename is not None:
+        return RSA.load_pub_key(filename)
+    else:
+        return RSA.load_pub_key_bio(
+            BIO.MemoryBuffer(DEFAULT_FACILITATOR_PUBKEY_PEM))
 
 class options(object):
     facilitator_url = None
@@ -22,27 +40,16 @@ Print a URL, which, when retrieved, will cause the client address
 REMOTE[:PORT] to be registered with the flash proxy facilitator. The
 default PORT is %(port)d.
 
-  -f, --facilitator=URL  register with the given facilitator
-                           (by default "%(fac_url)s").
-  -h, --help             show this help.\
+  -f, --facilitator=URL         register with the given facilitator
+                                  (by default "%(fac_url)s").
+  -k, --facilitator-pubkey=FILE corresponds to the reg-daemon private key
+  -h, --help                    show this help.\
 """ % {
     "progname": sys.argv[0],
     "fac_url": DEFAULT_FACILITATOR_URL,
     "port": DEFAULT_REMOTE_PORT,
 }
 
-FACILITATOR_PUBKEY_PEM = """\
------BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA44Mt8c599/4N2fgu6ppN
-oatPW1GOgZxxObljFtEy0OWM1eHB35OOn+Kn9MxNHTRxVWwCEi0HYxWNVs2qrXxV
-84LmWBz6A65d2qBlgltgLXusiXLrpwxVmJeO+GfmbF8ur0U9JSYxA20cGW/kujNg
-XYDGQxO1Gvxq2lHK2LQmBpkfKEE1DMFASmIvlHDQgDj3XBb5lYeOsHZmg16UrGAq
-1UH238hgJITPGLXBtwLtJkYbrATJvrEcmvI7QSm57SgYGpaB5ZdCbJL5bag5Pgt6
-M5SDDYYY4xxEPzokjFJfCQv+kcyAnzERNMQ9kR41ePTXG62bpngK5iWGeJ5XdkxG
-gwIDAQAB
------END PUBLIC KEY-----
-"""
-
 def parse_addr_spec(spec, defhost = None, defport = None):
     host = None
     port = None
@@ -94,11 +101,15 @@ def format_addr(addr):
     return result
 
 options.facilitator_url = DEFAULT_FACILITATOR_URL
+options.facilitator_publickey_filename = None
 
-opt, args = getopt.gnu_getopt(sys.argv[1:], "f:h", ["facilitator=", "help"])
+opt, args = getopt.gnu_getopt(sys.argv[1:], "f:k:h",
+    ["facilitator=", "facilitator-pubkey=", "help"])
 for o, a in opt:
     if o == "-f" or o == "--facilitator":
         options.facilitator_url = a
+    elif o == "-k" or o == "--facilitator-pubkey":
+        options.facilitator_publickey_filename = a
     elif o == "-h" or o == "--help":
         usage()
         sys.exit()
@@ -113,7 +124,7 @@ if remote_addr[0] is None:
     sys.exit(1)
 
 reg_plain = (u"client=%s" % format_addr(remote_addr)).encode("utf-8")
-rsa = RSA.load_pub_key_bio(BIO.MemoryBuffer(FACILITATOR_PUBKEY_PEM))
+rsa = get_facilitator_pubkey(options.facilitator_publickey_filename)
 reg_crypt = rsa.public_encrypt(reg_plain, RSA.pkcs1_oaep_padding)
 reg = base64.urlsafe_b64encode(reg_crypt)
 



