Mozilla ca (#1155)

* include moz

* add mozzila submodule

* install script

* use file path

* update commit

* typo

.gitmodules

@@ -2,3 +2,6 @@
 	path = chia-blockchain-gui
 	url = https://github.com/Chia-Network/chia-blockchain-gui.git
 	branch = main
+[submodule "mozilla-ca"]
+	path = mozilla-ca
+	url = https://github.com/Chia-Network/mozilla-ca.git

build_scripts/daemon.spec

@@ -89,7 +89,7 @@ full_node = Analysis([f"{root}/src/server/start_full_node.py"],
 wallet = Analysis([f"{root}/src/server/start_wallet.py"],
              pathex=[f"{root}/venv/lib/python3.7/site-packages/aiter/", f"{root}"],
              binaries = [],
-             datas=[(f"../src/ssl/dst_root_ca.pem", f"./src/ssl/"), (f"../src/ssl/chia_ca.key", f"./src/ssl/"), (f"../src/ssl/chia_ca.crt", f"./src/ssl/"), (f"../src/util/english.txt", f"./src/util/"), version_data ] + hex_puzzles,
+             datas=[(f"../mozilla-ca/cacert.pem", f"./mozilla-ca/"), (f"../src/ssl/dst_root_ca.pem", f"./src/ssl/"), (f"../src/ssl/chia_ca.key", f"./src/ssl/"), (f"../src/ssl/chia_ca.crt", f"./src/ssl/"), (f"../src/util/english.txt", f"./src/util/"), version_data ] + hex_puzzles,
              hiddenimports=subcommand_modules,
              hookspath=[],
              runtime_hooks=[],

build_scripts/daemon_windows.spec

@@ -87,7 +87,7 @@ full_node = Analysis([f"../src/server/start_full_node.py"],
 wallet = Analysis([f"../src/server/start_wallet.py"],
              pathex=[f"../venv/lib/python3.7/site-packages/aiter/", f"../"],
              binaries = [],
-             datas=[(f"../src/ssl/dst_root_ca.pem", f"./src/ssl/"), (f"../src/ssl/chia_ca.key", f"./src/ssl/"), (f"../src/ssl/chia_ca.crt", f"./src/ssl/"), (f"../src/util/english.txt", f"./src/util/"), version_data ] + hex_puzzles,
+             datas=[(f"../mozilla-ca/cacert.pem", f"./mozilla-ca/"), (f"../src/ssl/dst_root_ca.pem", f"./src/ssl/"), (f"../src/ssl/chia_ca.key", f"./src/ssl/"), (f"../src/ssl/chia_ca.crt", f"./src/ssl/"), (f"../src/util/english.txt", f"./src/util/"), version_data ] + hex_puzzles,
              hiddenimports=subcommand_modules,
              hookspath=[],
              runtime_hooks=[],

install.sh

@@ -18,6 +18,8 @@ if [ "$(uname -m)" = "armv7l" ]; then
 	echo "Exiting."
 	exit 1
 fi
+# get submodules
+git submodule update --init --recursive
 
 UBUNTU_PRE_2004=false
 if $UBUNTU; then

mozilla-ca

@@ -0,0 +1 @@
+Subproject commit 666cf78bbe8e700c67a6c8a21fe8052686931f32

setup.py

@@ -77,6 +77,7 @@ kwargs = dict(
         "src.wallet.util",
         "src.wallet.trading",
         "src.ssl",
+        "mozilla-ca",
     ],
     entry_points={
         "console_scripts": [
@@ -94,6 +95,7 @@ kwargs = dict(
     package_data={
         "src.util": ["initial-*.yaml", "english.txt"],
         "src.ssl": ["chia_ca.crt", "chia_ca.key", "dst_root_ca.pem"],
+        "mozilla-ca": ["cacert.pem"],
     },
     use_scm_version={"fallback_version": "unknown-no-.git-directory"},
     long_description=open("README.md").read(),

src/daemon/server.py

@@ -16,7 +16,7 @@ from websockets import serve, ConnectionClosedOK, WebSocketException, WebSocketS
 from src.cmds.init import chia_init
 from src.daemon.windows_signal import kill
 from src.server.server import ssl_context_for_server, ssl_context_for_root
-from src.ssl.create_ssl import get_dst_ca_crt
+from src.ssl.create_ssl import get_mozzila_ca_crt
 from src.util.setproctitle import setproctitle
 from src.util.validate_alert import validate_alert
 from src.util.ws_message import format_response, create_payload
@@ -49,8 +49,8 @@ service_plotter = "chia plots create"
 async def fetch(url: str):
     session = ClientSession()
     try:
-        dst_root = get_dst_ca_crt()
-        ssl_context = ssl_context_for_root(dst_root.decode())
+        mozzila_root = get_mozzila_ca_crt()
+        ssl_context = ssl_context_for_root(mozzila_root)
         response = await session.get(url, ssl=ssl_context)
         await session.close()
         return await response.text()

src/server/server.py

@@ -6,7 +6,6 @@ from ipaddress import ip_address, IPv6Address
 from pathlib import Path
 from secrets import token_bytes
 from typing import Any, List, Dict, Callable, Optional, Set, Tuple
-
 from aiohttp.web_app import Application
 from aiohttp.web_runner import TCPSite
 from aiohttp import web, ClientTimeout, client_exceptions, ClientSession, WSCloseCode
@@ -38,9 +37,9 @@ def ssl_context_for_server(
 
 
 def ssl_context_for_root(
-    ca_cert: str,
+    ca_cert_file: str,
 ) -> Optional[ssl.SSLContext]:
-    ssl_context = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH, cadata=ca_cert)
+    ssl_context = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH, cafile=ca_cert_file)
     return ssl_context
 
 

src/ssl/create_ssl.py

@@ -17,8 +17,8 @@ def get_chia_ca_crt_key() -> Tuple[Any, Any]:
     return crt, key
 
 
-def get_dst_ca_crt() -> bytes:
-    crt = pkg_resources.resource_string(__name__, "dst_root_ca.pem")
+def get_mozzila_ca_crt() -> str:
+    crt = pkg_resources.resource_filename("mozilla-ca", "cacert.pem")
     return crt
 
 

src/wallet/util/backup_utils.py

@@ -7,7 +7,7 @@ from blspy import PublicKeyMPL, SignatureMPL, AugSchemeMPL, PrivateKey
 from cryptography.fernet import Fernet
 
 from src.server.server import ssl_context_for_root
-from src.ssl.create_ssl import get_dst_ca_crt
+from src.ssl.create_ssl import get_mozzila_ca_crt
 from src.util.byte_types import hexstr_to_bytes
 from src.util.hash import std_hash
 from src.wallet.derive_keys import master_sk_to_backup_sk
@@ -72,8 +72,8 @@ def get_backup_info(file_path, private_key):
 
 
 async def post(session: aiohttp.ClientSession, url: str, data: Any):
-    dst_root = get_dst_ca_crt()
-    ssl_context = ssl_context_for_root(dst_root.decode())
+    mozzila_root = get_mozzila_ca_crt()
+    ssl_context = ssl_context_for_root(mozzila_root)
     response = await session.post(url, json=data, ssl=ssl_context)
     return await response.json()