... |
... |
@@ -26,7 +26,6 @@ import logging |
26
|
26
|
|
27
|
27
|
import click
|
28
|
28
|
import grpc
|
29
|
|
-from xdg import XDG_CACHE_HOME, XDG_CONFIG_HOME, XDG_DATA_HOME
|
30
|
29
|
|
31
|
30
|
from buildgrid.utils import read_file
|
32
|
31
|
|
... |
... |
@@ -42,41 +41,21 @@ class Context: |
42
|
41
|
|
43
|
42
|
self.user_home = os.getcwd()
|
44
|
43
|
|
45
|
|
- self.cache_home = os.path.join(XDG_CACHE_HOME, 'buildgrid')
|
46
|
|
- self.config_home = os.path.join(XDG_CONFIG_HOME, 'buildgrid')
|
47
|
|
- self.data_home = os.path.join(XDG_DATA_HOME, 'buildgrid')
|
48
|
|
-
|
49
|
|
- def load_client_credentials(self, client_key=None, client_cert=None,
|
50
|
|
- server_cert=None, use_default_client_keys=False):
|
|
44
|
+ def load_client_credentials(self, client_key=None, client_cert=None, server_cert=None):
|
51
|
45
|
"""Looks-up and loads TLS client gRPC credentials.
|
52
|
46
|
|
53
|
47
|
Args:
|
54
|
48
|
client_key(str): root certificate file path.
|
55
|
49
|
client_cert(str): private key file path.
|
56
|
50
|
server_cert(str): certificate chain file path.
|
57
|
|
- use_default_client_keys(bool, optional): whether or not to try
|
58
|
|
- loading client keys from default location. Defaults to False.
|
59
|
51
|
|
60
|
52
|
Returns:
|
61
|
53
|
:obj:`ChannelCredentials`: The credentials for use for a
|
62
|
54
|
TLS-encrypted gRPC client channel.
|
63
|
55
|
"""
|
64
|
|
- if not client_key or not os.path.exists(client_key):
|
65
|
|
- if use_default_client_keys:
|
66
|
|
- client_key = os.path.join(self.config_home, 'client.key')
|
67
|
|
- else:
|
68
|
|
- client_key = None
|
69
|
|
-
|
70
|
|
- if not client_cert or not os.path.exists(client_cert):
|
71
|
|
- if use_default_client_keys:
|
72
|
|
- client_cert = os.path.join(self.config_home, 'client.crt')
|
73
|
|
- else:
|
74
|
|
- client_cert = None
|
75
|
56
|
|
76
|
57
|
if not server_cert or not os.path.exists(server_cert):
|
77
|
|
- server_cert = os.path.join(self.config_home, 'server.crt')
|
78
|
|
- if not os.path.exists(server_cert):
|
79
|
|
- return None
|
|
58
|
+ return None
|
80
|
59
|
|
81
|
60
|
server_cert_pem = read_file(server_cert)
|
82
|
61
|
if client_key and os.path.exists(client_key):
|
... |
... |
@@ -100,8 +79,7 @@ class Context: |
100
|
79
|
|
101
|
80
|
return credentials
|
102
|
81
|
|
103
|
|
- def load_server_credentials(self, server_key=None, server_cert=None,
|
104
|
|
- client_certs=None, use_default_client_certs=False):
|
|
82
|
+ def load_server_credentials(self, server_key=None, server_cert=None, client_certs=None):
|
105
|
83
|
"""Looks-up and loads TLS server gRPC credentials.
|
106
|
84
|
|
107
|
85
|
Every private and public keys are expected to be PEM-encoded.
|
... |
... |
@@ -110,29 +88,16 @@ class Context: |
110
|
88
|
server_key(str): private server key file path.
|
111
|
89
|
server_cert(str): public server certificate file path.
|
112
|
90
|
client_certs(str): public client certificates file path.
|
113
|
|
- use_default_client_certs(bool, optional): whether or not to try
|
114
|
|
- loading public client certificates from default location.
|
115
|
|
- Defaults to False.
|
116
|
91
|
|
117
|
92
|
Returns:
|
118
|
93
|
:obj:`ServerCredentials`: The credentials for use for a
|
119
|
94
|
TLS-encrypted gRPC server channel.
|
120
|
95
|
"""
|
121
|
96
|
if not server_key or not os.path.exists(server_key):
|
122
|
|
- server_key = os.path.join(self.config_home, 'server.key')
|
123
|
|
- if not os.path.exists(server_key):
|
124
|
|
- return None
|
|
97
|
+ return None
|
125
|
98
|
|
126
|
99
|
if not server_cert or not os.path.exists(server_cert):
|
127
|
|
- server_cert = os.path.join(self.config_home, 'server.crt')
|
128
|
|
- if not os.path.exists(server_cert):
|
129
|
|
- return None
|
130
|
|
-
|
131
|
|
- if not client_certs or not os.path.exists(client_certs):
|
132
|
|
- if use_default_client_certs:
|
133
|
|
- client_certs = os.path.join(self.config_home, 'client.crt')
|
134
|
|
- else:
|
135
|
|
- client_certs = None
|
|
100
|
+ return None
|
136
|
101
|
|
137
|
102
|
server_key_pem = read_file(server_key)
|
138
|
103
|
server_cert_pem = read_file(server_cert)
|