Dmedia

Merge lp:~jderose/dmedia/all-in into lp:dmedia

all-in
Merge into trunk

Proposed by Jason Gerard DeRose on 2012-10-16

Status:	Merged
Merged at revision:	469
Proposed branch:	lp:~jderose/dmedia/all-in
Merge into:	lp:dmedia
Diff against target:	5039 lines (+2468/-1581) 23 files modified dmedia-cli (+2/-2) dmedia-gtk (+4/-3) dmedia-service (+111/-20) dmedia/core.py (+13/-26) dmedia/gtk/peering.py (+66/-9) dmedia/gtk/ui/client.html (+10/-12) dmedia/httpd.py (+1/-1) dmedia/parallel.py (+42/-0) dmedia/peering.py (+298/-439) dmedia/server.py (+301/-205) dmedia/service/__init__.py (+24/-5) dmedia/service/avahi.py (+74/-81) dmedia/service/peers.py (+324/-24) dmedia/service/tests/test_avahi.py (+54/-20) dmedia/startup.py (+45/-45) dmedia/tests/couch.py (+3/-1) dmedia/tests/test_core.py (+20/-59) dmedia/tests/test_peering.py (+419/-324) dmedia/tests/test_server.py (+559/-190) dmedia/tests/test_startup.py (+92/-111) run-browse.py (+2/-1) run-publish.py (+3/-3) setup.py (+1/-0)
To merge this branch:	bzr merge lp:~jderose/dmedia/all-in
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Jason Gerard DeRose			Approve on 2012-10-16
Review via email: mp+129853@code.launchpad.net

Description of the change

This diff isn't as big as it looks because there was a lot of cosmetic changes in dmedia/peering.py, reordering things and so on so that it's easier to review this security sensitive code. So messy diff, but much nicer code.

Major changes include:

* dmedia-service wont start CouchDB when there isn't a user SSL identity

* dmedia-gtk uses the new init_if_needed() function that will walk the user through the first-run dialog if needed. The same will be added to novacut-gtk after this lands.

* After the first run init, dmedia-service will listen for _dmedia-offer._tcp as long as it has the private user key (without the private key, it can't issue new machine certificates anyway, so it would be pointless)

* Moved the peering related WSGI apps from dmedia/peering.py to dmedia/server.py to consolidate all the WSGI apps in one module

* Ported the file serving app to the new Dmedia HTTPD centric design, cleaned things up, added a lot of missing tests

* Ported the Avahi class to the brave new SSL world... it now does a test GET on the peer so it doesn't needlessly send the CouchDB replicator out to try and replicate to peers it can't authenticate to anyway

* POST /csr now includes a MAC proving the creator of the CSR knows the secret, and the response includes a similar MAC to prove the cert issuer knows the secret

* The response to POST /csr now includes the user private key. It's protected by the SSL channel, but I'd like to do something better here in case somehow this was reachable without going through SSL. I'd like to encrypt it to the machine CA, but I haven't figured out how to do that with openssl yet

* The PKI.verify_foo() methods are now, by my account, exhaustive in their checks. They check the subject and issuer for the correct intrinsic common names, and they do an SSL verification to check that CAs are correctly self-signed, and that certs are signed by the correct CA.

lp:~jderose/dmedia/all-in updated on 2012-10-16

526. By Jason Gerard DeRose on 2012-10-16: Fixed sending Hub 'spin_orb' signal on ClientUI.on_Response()

Revision history for this message

Jason Gerard DeRose (jderose) wrote on 2012-10-16:

Bad form and all, I'm going to self-approve this. This feature is going into 12.10, and so I want to get as much testing as possible before the release. Time to ram this through the daily build.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

The diff has been truncated for viewing.

Subscribers

People subscribed via source and target branches

to all changes:

Jason Gerard DeRose

dmedia Dev

 === modified file 'dmedia-cli'
 --- dmedia-cli	2012-08-16 10:38:13 +0000
 +++ dmedia-cli	2012-10-16 12:35:25 +0000
@@ -121,8 +121,8 @@
      'Get the _local/dmedia document (shows file-stores)'
--class LocalPeers(_Method):
--    'Get the _local/peers document'
++class Peers(_Method):
++    'Show local peers'
  class CreateFileStore(_Method):
 === modified file 'dmedia-gtk'
 --- dmedia-gtk	2012-08-16 12:48:30 +0000
 +++ dmedia-gtk	2012-10-16 12:35:25 +0000
@@ -35,6 +35,7 @@
  from dmedia import views
  from dmedia import schema
  from dmedia.gtk.util import Timer
++from dmedia.service import init_if_needed
  from dmedia.service.udisks import Ejector, Formatter
  from dmedia.importer import ImportManager, has_magic_lantern
  from gi.repository import GObject, Gtk, Gio
@@ -45,7 +46,8 @@
      UnityImportUX = None
--log = logging.getLogger()
++log = dmedia.configure_logging()
++init_if_needed()
  class Importer:
@@ -261,8 +263,7 @@
          project.save(doc)
          self.hub.send('project_created', doc['_id'], doc['title'])
--
--dmedia.configure_logging()
++
  app = App()
  try:
      app.run()
 === modified file 'dmedia-service'
 --- dmedia-service	2012-10-06 07:56:57 +0000
 +++ dmedia-service	2012-10-16 12:35:25 +0000
@@ -37,13 +37,14 @@
  from dbus.mainloop.glib import DBusGMainLoop
  from gi.repository import GObject
  from microfiber import NotFound, dumps
--from filestore import _start_thread
  import dmedia
++from dmedia.parallel import start_thread
  from dmedia.startup import DmediaCouch
  from dmedia.core import Core, start_httpd
  from dmedia.service.udisks import UDisks
--from dmedia.service.avahi import FileServer
++from dmedia.service.avahi import Avahi
++from dmedia.service.peers import Browser, Publisher
  BUS = dmedia.BUS
@@ -66,6 +67,11 @@
      couch = None
      httpd = None
      avahi = None
++    peer = None
++    ui = None
++    thread = None
++    publisher = None
++    env_s = '{}'
      def __init__(self, bus, couch):
          self.bus = bus
@@ -80,6 +86,13 @@
          self.udisks.connect('card_added', self.on_card_added)
          self.udisks.connect('card_removed', self.on_card_removed)
++    def run(self):
++        if self.couch.isfirstrun():
++            log.info('First run, not starting CouchDB.')
++        else:
++            self.start_core()
++        mainloop.run()
++
      def start_core(self):
          start = time.time()
          env = self.couch.auto_bootstrap()
@@ -91,36 +104,33 @@
          if self.core.local.get('default_store') is None:
              self.core.set_default_store('shared')
          self.env_s = dumps(self.core.env, pretty=True)
--        self.ssl_config = self.couch.get_ssl_config()
++        log.info('Finished core startup in %.3f', time.time() - start)
++        GObject.timeout_add(1000, self.on_idle1)
      def start_httpd(self):
--        if self.ssl_config is None:
--            return
--        (self.httpd, env) = start_httpd(self.core.env, self.ssl_config)
--        self.avahi = FileServer(self.core.env, env['port'])
++        ssl_config = self.couch.get_ssl_config()
++        (self.httpd, env) = start_httpd(self.core.env, ssl_config)
++        port = env['port']
++        self.avahi = Avahi(self.core.env, port, ssl_config)
          self.avahi.run()
--
--    def run(self):
--        self.start_core()
--        log.info('Finished core startup in %.3f', time.time() - start_time)
--        GObject.timeout_add(2000, self.on_idle1)
--        mainloop.run()
++        if self.couch.pki.user.key_file is not None:
++            self.peer = Browser(self.couch)
      def on_idle1(self):
          log.info('[idle1]')
          self.udisks.monitor()
--        GObject.timeout_add(4000, self.on_idle2)
++        GObject.timeout_add(1000, self.on_idle2)
          return False  # Don't repeat idle call
      def on_idle2(self):
          log.info('[idle2]')
          self.start_httpd()
--        GObject.timeout_add(6000, self.on_idle3)
++        GObject.timeout_add(1000, self.on_idle3)
          return False  # Don't repeat idle call
      def on_idle3(self):
          log.info('[idle3]')
--        _start_thread(self.core.init_project_views)
++        start_thread(self.core.init_project_views)
          self.core.start_background_tasks()
          return False  # Don't repeat idle call
@@ -130,6 +140,10 @@
      def shutdown(self):
          log.info('Service.shutdown()')
++        if self.peer is not None:
++            log.info('* freeing peer')
++            self.peer.free()
++            self.peer = None
          if self.avahi is not None:
              log.info('* freeing avahi')
              self.avahi.free()
@@ -170,6 +184,22 @@
      def CardRemoved(self, obj, mount):
          pass
++    @dbus.service.signal(IFACE, signature='s')
++    def Message(self, message):
++        log.info('@Dmedia.Message(%r)', message)
++
++    @dbus.service.signal(IFACE, signature='')
++    def Accept(self):
++        log.info('@Dmedia.Accept()')
++
++    @dbus.service.signal(IFACE, signature='b')
++    def Response(self, success):
++        log.info('@Dmedia.Response(%r)', success)
++
++    @dbus.service.signal(IFACE, signature='')
++    def InitDone(self):
++        log.info('@Dmedia.InitDone()')
++
      @dbus.service.method(IFACE, in_signature='', out_signature='s')
      def Version(self):
          """
@@ -177,6 +207,66 @@
          """
          return dmedia.__version__
++    @dbus.service.method(IFACE, in_signature='', out_signature='b')
++    def NeedsInit(self):
++        """
++        Return True if we need to do the firstrun init.
++        """
++        return self.couch.user is None
++
++    @dbus.service.method(IFACE, in_signature='', out_signature='b')
++    def CreateUser(self):
++        log.info('Dmedia.CreateUser()')
++        if self.couch.user is not None:
++            return False
++        if self.thread is not None:
++            return False
++        self.Message('Creating user certificate...')
++        self.thread = start_thread(self.create_user)
++        return True
++
++    def create_user(self):
++        log.info('create_user()')
++        self.couch.create_user()
++        GObject.idle_add(self.Message, 'Starting CouchDB...')
++        self.start_core()
++        GObject.idle_add(self.on_init_done)
++
++    def on_init_done(self):
++        log.info('on_init_done()')
++        self.thread.join()
++        self.thread = None
++        self.Message('Done!')
++        GObject.timeout_add(500, self.InitDone)
++
++    @dbus.service.method(IFACE, in_signature='', out_signature='b')
++    def PeerWithExisting(self):
++        log.info('Dmedia.PeerWithExisting()')
++        if self.couch.user is not None:
++            return False
++        if self.publisher is not None:
++            return False
++        self.publisher = Publisher(self, self.couch)
++        GObject.idle_add(self.publisher.run)
++        return True
++
++    @dbus.service.method(IFACE, in_signature='s', out_signature='b')
++    def SetSecret(self, secret):
++        log.info('Dmedia.SetSecret()')
++        return self.publisher.set_secret(secret)
++
++    def set_user(self, user_id):
++        log.info('set_user(%r)', user_id)
++        assert self.couch.user is None
++        assert self.thread is None
++        self.Message('Starting CouchDB...')
++        self.thread = start_thread(self._set_user, user_id)
++
++    def _set_user(self, user_id):
++        self.couch.set_user(user_id)
++        self.start_core()
++        GObject.idle_add(self.on_init_done)
++
      @dbus.service.method(IFACE, in_signature='', out_signature='i')
      def Kill(self):
          """
@@ -209,12 +299,13 @@
          return dumps(self.core.db.get('_local/dmedia'))
      @dbus.service.method(IFACE, in_signature='', out_signature='s')
--    def LocalPeers(self):
++    def Peers(self):
          """
          Return the _local/peers doc.
          """
          try:
--            return dumps(self.core.db.get('_local/peers'))
++            doc = self.core.db.get('_local/peers')
++            return dumps(doc['peers'], pretty=True)
          except NotFound:
              return '{}'
@@ -273,8 +364,8 @@
  # Now go for it:
  dmedia.configure_logging()
  try:
--    if couch.isfirstrun():
--        couch.firstrun_init(create_user=True)
++    if couch.machine is None:
++        couch.create_machine()
      service = Service(options.bus, couch)
      try:
          service.run()
 === modified file 'dmedia/core.py'
 --- dmedia/core.py	2012-10-13 12:48:38 +0000
 +++ dmedia/core.py	2012-10-16 12:35:25 +0000
@@ -41,9 +41,10 @@
  from copy import deepcopy
  from microfiber import Server, Database, NotFound, Conflict, BulkConflict
--from filestore import FileStore, check_root_hash, check_id, _start_thread
++from filestore import FileStore, check_root_hash, check_id
  import dmedia
++from dmedia.parallel import start_thread, start_process
  from dmedia.server import run_server
  from dmedia import util, schema
  from dmedia.metastore import MetaStore
@@ -56,13 +57,6 @@
  PRIVATE = path.abspath(os.environ['HOME'])
--def start_process(target, *args):
--    process = multiprocessing.Process(target=target, args=args)
--    process.daemon = True
--    process.start()
--    return process
--
--
  def start_httpd(couch_env, ssl_config):
      queue = multiprocessing.Queue()
      process = start_process(run_server, queue, couch_env, '0.0.0.0', ssl_config)
@@ -138,22 +132,17 @@
              self.db.save(self.local)
              self.__local = deepcopy(self.local)
--    def load_identity(self, machine, user=None):
++    def load_identity(self, machine, user):
          try:
--            self.db.save(machine)
--        except Conflict:
++            self.db.save_many([machine, user])
++        except BulkConflict:
              pass
++        log.info('machine_id = %s', machine['_id'])
++        log.info('user_id = %s', user['_id'])
++        self.env['machine_id'] = machine['_id']
++        self.env['user_id'] = user['_id']
          self.local['machine_id'] = machine['_id']
--        self.env['machine_id'] = machine['_id']
--        log.info('machine_id = %s', machine['_id'])
--        if user is not None:
--            try:
--                self.db.save(user)
--            except Conflict:
--                pass
--            self.local['user_id'] = user['_id']
--            self.env['user_id'] = user['_id']
--            log.info('user_id = %s', user['_id'])
++        self.local['user_id'] = user['_id']
          self.save_local()
      def init_default_store(self):
@@ -175,10 +164,8 @@
          self._add_filestore(fs, doc)
      def _sync_stores(self):
--        stores = self.stores.local_stores()
--        if self.local.get('stores') != stores:
--            self.local['stores'] = stores
--            self.db.save(self.local)
++        self.local['stores'] = self.stores.local_stores()
++        self.save_local()
      def _add_filestore(self, fs, doc):
          self.stores.add(fs)
@@ -211,7 +198,7 @@
      def start_background_tasks(self):
          assert self.thread is None
--        self.thread = _start_thread(self._background_worker)
++        self.thread = start_thread(self._background_worker)
      def init_project_views(self):
          try:
 === modified file 'dmedia/gtk/peering.py'
 --- dmedia/gtk/peering.py	2012-10-09 01:48:26 +0000
 +++ dmedia/gtk/peering.py	2012-10-16 12:35:25 +0000
@@ -1,9 +1,11 @@
  from os import path
  import json
++import logging
  from gi.repository import GObject, Gtk, WebKit
++log = logging.getLogger()
  ui = path.join(path.dirname(path.abspath(__file__)), 'ui')
  assert path.isdir(ui)
@@ -61,20 +63,13 @@
          self.hub = hub_factory(self.signals)(self.view)
          self.connect_hub_signals(self.hub)
--    def show(self):
--        self.window.show_all()
++    def connect_hub_signals(self, hub):
++        pass
      def run(self):
--        self.window.connect('destroy', self.quit)
          self.window.show_all()
          Gtk.main()
--    def quit(self, *args):
--        Gtk.main_quit()
--
--    def connect_hub_signals(self, hub):
--        pass
--
      def build_window(self):
          self.window = Gtk.Window()
          self.window.set_position(Gtk.WindowPosition.CENTER)
@@ -98,3 +93,65 @@
          self.inspector.show_all()
          return self.inspector
++
++class ClientUI(BaseUI):
++    page = 'client.html'
++    title = 'Welcome to Novacut!'
++
++    signals = {
++        'create_user': [],
++        'peer_with_existing': [],
++        'have_secret': ['secret'],
++
++        'response': ['success'],
++        'message': ['message'],
++
++        'show_screen2a': [],
++        'show_screen2b': [],
++        'show_screen3b': [],
++        'spin_orb': [],
++    }
++
++    def __init__(self, Dmedia):
++        super().__init__()
++        self.Dmedia = Dmedia
++        self.quit = False
++        Dmedia.connect_to_signal('Message', self.on_Message)
++        Dmedia.connect_to_signal('Accept', self.on_Accept)
++        Dmedia.connect_to_signal('Response', self.on_Response)
++        Dmedia.connect_to_signal('InitDone', self.on_InitDone)
++        self.window.connect('destroy', Gtk.main_quit)
++        self.window.connect('delete-event', self.on_delete_event)
++
++    def on_delete_event(self, *args):
++        self.quit = True
++
++    def connect_hub_signals(self, hub):
++        hub.connect('create_user', self.on_create_user)
++        hub.connect('peer_with_existing', self.on_peer_with_existing)
++        hub.connect('have_secret', self.on_have_secret)
++
++    def on_Message(self, message):
++        self.hub.send('message', message)
++
++    def on_Accept(self):
++        self.hub.send('show_screen3b')
++
++    def on_Response(self, success):
++        self.hub.send('response', success)
++        if success:
++            GObject.timeout_add(200, self.hub.send, 'spin_orb')
++
++    def on_InitDone(self):
++        self.window.destroy()
++
++    def on_create_user(self, hub):
++        self.Dmedia.CreateUser()
++        hub.send('show_screen2a')
++
++    def on_peer_with_existing(self, hub):
++        self.Dmedia.PeerWithExisting()
++        hub.send('show_screen2b')
++
++    def on_have_secret(self, hub, secret):
++        self.Dmedia.SetSecret(secret)
 === modified file 'dmedia/gtk/ui/client.html'
 --- dmedia/gtk/ui/client.html	2012-10-09 05:37:35 +0000
 +++ dmedia/gtk/ui/client.html	2012-10-16 12:35:25 +0000
@@ -89,7 +89,7 @@
+     }
  );
--Hub.connect('set_message',
++Hub.connect('message',
      function(message) {
          $('message').textContent = message;
+     }
@@ -97,16 +97,16 @@
  Hub.connect('response',
      function(success) {
--        if (!success) {
++        if (success) {
++            $hide('finish');
++            $show('logo2');
++        }
++        else {
              UI.input.value = '';
              UI.input.disabled = false;
              UI.input.focus();
              $('finish').classList.add('hidden');
+         }
--        else {
--            $hide('finish');
--            $show('logo2');
--        }
+     }
  );
@@ -117,7 +117,7 @@
  <img src="novacut.svg" id="logo">
  <div id="screen1" class="hide">
--    <div id="first" onclick="Hub.send('first_time')">
++    <div id="first" onclick="Hub.send('create_user')">
      <p class="top">
      This is my first time using Novacut
      </p>
@@ -126,7 +126,7 @@
      </p>
      </div>
--    <div id="sync" onclick="Hub.send('already_using')">
++    <div id="sync" onclick="Hub.send('peer_with_existing')">
      <p class="top">
      I'm already using Novacut
      </p>
@@ -137,9 +137,6 @@
  </div>
  <div id="screen2a" class="hide">
--    <p class="gen">
--    Pretty words here
--    </p>
  </div>
  <div id="screen2b" class="hide">
@@ -157,10 +154,11 @@
      <input id="input" type="text" maxlength="8" size="8" autofocus="1"></input>
      </form>
      </div>
--    <p id="message"></p>
      <img src="sync.svg" id="finish" class="hidden" onclick="UI.have_secret()">
      <img src="novacut.svg" id="logo2" class="hide">
  </div>
++<p id="message"></p>
++
  </body>
  </html>
 === modified file 'dmedia/httpd.py'
 --- dmedia/httpd.py	2012-10-08 18:41:48 +0000
 +++ dmedia/httpd.py	2012-10-16 12:35:25 +0000
@@ -125,7 +125,7 @@
  def build_server_ssl_context(config):
      ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
      ctx.options |= ssl.OP_NO_COMPRESSION  # Protect against CRIME-like attacks
--    ctx.set_ciphers('RC4')
++    # ctx.set_ciphers('RC4')  # Example of how to change ciphers
      ctx.load_cert_chain(config['cert_file'], config['key_file'])
      if 'ca_file' in config or 'ca_path' in config:
          ctx.verify_mode = ssl.CERT_REQUIRED
 === added file 'dmedia/parallel.py'
 --- dmedia/parallel.py	1970-01-01 00:00:00 +0000
 +++ dmedia/parallel.py	2012-10-16 12:35:25 +0000
@@ -0,0 +1,42 @@
++# dmedia: distributed media library
++# Copyright (C) 2012 Novacut Inc
++#
++# This file is part of `dmedia`.
++#
++# `dmedia` is free software: you can redistribute it and/or modify it under
++# the terms of the GNU Affero General Public License as published by the Free
++# Software Foundation, either version 3 of the License, or (at your option) any
++# later version.
++#
++# `dmedia` is distributed in the hope that it will be useful, but WITHOUT ANY
++# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
++# A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
++# details.
++#
++# You should have received a copy of the GNU Affero General Public License along
++# with `dmedia`.  If not, see <http://www.gnu.org/licenses/>.
++#
++# Authors:
++#   Jason Gerard DeRose <jderose@novacut.com>
++
++"""
++Small helpers for starting threads and processes.
++"""
++
++import threading
++import multiprocessing
++
++
++def start_thread(target, *args, **kw):
++    thread = threading.Thread(target=target, args=args, kwargs=kw)
++    thread.daemon = True
++    thread.start()
++    return thread
++
++
++def start_process(target, *args, **kw):
++    process = multiprocessing.Process(target=target, args=args, kwargs=kw)
++    process.daemon = True
++    process.start()
++    return process
++
 === modified file 'dmedia/peering.py'
 --- dmedia/peering.py	2012-10-09 03:49:01 +0000
 +++ dmedia/peering.py	2012-10-16 12:35:25 +0000
@@ -20,94 +20,10 @@
  #   Jason Gerard DeRose <jderose@novacut.com>
  """
--Securely peer one device with another device on the same local network.
--
--We want it to be easy for a user to associate multiple devices with the same
--user CA. This is the local-network "user account" that works without any cloud
--infrastructure, without a Novacut account or any other 3rd-party account.
--
--To do the peering, the user needs both devices side-by-side.  One device is
--already associated with the user, and the other is the one to be associated.
--
--The existing device generates a random secret and displays it on the screen.
--The user then enter the secret on the second device, and each device does a
--challenge-response to make the other prove it has the same secret.
--
--In a nutshell:
--
--    1. A generates random ``nonce1`` to challenge B
--    2. B must respond with ``hash(secret + nonce1)``
--    3. B generates random ``nonce2`` to challenge A
--    4. A must respond with ``hash(secret + nonce2)``
--
--We only give the responder one try, and if it's wrong, the process starts over
--with a new secret.  If the user makes a typo, we don't let them try again to
--correctly type the initial secret... they must try and correctly type a new
--secret.
--
--Limiting the responder to only one attempt lets us to use a fairly low-entropy
--secret, something easy for the user to type.  And importantly, the secret
--is not susceptible to any "offline" attack, because there isn't an intrinsicly
--correct answer.
--
--For example, this would not be the case if we used the secret to encrypt a
--message and send it from one to another.  An attacker could run through the
--keyspace till (say) gpg stopped telling them the passphrase is wrong.
--
--
--
--Request 1:
--
--    GET /challenge
--
--Response 1:
--
--    {"challenge": ""}
--
--
--Request 2:
--
--    POST /response
--
--    {"nonce": "", "response": "", "counter_challenge": ""}
--
--Response 2:
--
--    {"nonce": "", "counter_response": ""}
--
--
--
--1. A starts server, publishes _dmedia-offer._tcp under cert_a_id
--
--2. B downloads cert_a from A, if hash doesn't match cert_a_id, ABORT
--
--3. B prompts user about offer, if user declines, ABORT
--
--4. B starts server, publishes _dmedia-accept._tcp under cert_b_id
--
--5. A downloads cert_b from B, if hash doesn't match cert_b_id, ABORT
--
--6. A generates secret, displays to user, waits for request from B
--
--7. User enters secret on B
--
--8. B does GET /challenge to get challenge from A
--
--9. B does POST /response to post response and counter-challenge to A
--
--10. If response is wrong, A assumes user typo, RESTART at (6) with new secret
--
--11. A returns counter-response to B
--
--12. If counter-response is wrong, B ABORTS with scary warning
--
--13. DONE!
--
--
--
++Secure peering protocol, SSL-based machine and user identity.
  """
--import base64
++from base64 import b32encode, b32decode
  import os
  from os import path
  import stat
@@ -115,30 +31,31 @@
  import shutil
  from collections import namedtuple
  from subprocess import check_call, check_output
--import json
--import socket
  import logging
  from skein import skein512
--from microfiber import random_id, dumps
--
--from dmedia.httpd import WSGIError
--
--
++from microfiber import random_id
++
++
++# Skein personalization strings
++PERS_PUBKEY = b'20120918 jderose@novacut.com dmedia/pubkey'
++PERS_RESPONSE = b'20120918 jderose@novacut.com dmedia/response'
++PERS_CSR = b'20120918 jderose@novacut.com dmedia/csr'
++PERS_CERT = b'20120918 jderose@novacut.com dmedia/cert'
++
++MAC_BITS = 280
  DAYS = 365 * 10
  CA = namedtuple('CA', 'id ca_file')
  Cert = namedtuple('Cert', 'id cert_file key_file')
--
--# Skein personalization strings
--PERS_PUBKEY = b'20120918 jderose@novacut.com dmedia/pubkey'
--PERS_RESPONSE = b'20120918 jderose@novacut.com dmedia/response'
--
--USER = os.environ.get('USER')
--HOST = socket.gethostname()
++Machine = namedtuple('Machine', 'id ca_file key_file cert_file')
++User = namedtuple('User', 'id ca_file key_file')
  log = logging.getLogger()
++###################
++# Custom exceptions
++
  class IdentityError(Exception):
      def __init__(self, filename, expected, got):
          self.filename = filename
@@ -152,18 +69,258 @@
  class PublicKeyError(IdentityError):
      pass
--
  class SubjectError(IdentityError):
      pass
--
  class IssuerError(IdentityError):
      pass
--
  class VerificationError(IdentityError):
      pass
--
++
++
++class WrongResponse(Exception):
++    def __init__(self, expected, got):
++        self.expected = expected
++        self.got = got
++        super().__init__('Incorrect response')
++
++
++class WrongMAC(Exception):
++    def __init__(self, expected, got):
++        self.expected = expected
++        self.got = got
++        super().__init__('Incorrect MAC')
++
++
++
++###########################################
++# Helper functions for base32 encode/decode
++
++def encode(value):
++    """
++    Base32-encode the bytes *value*.
++
++    For example:
++
++    >>> encode(b'skein')
++    'ONVWK2LO'
++
++    """
++    assert isinstance(value, bytes)
++    assert len(value) > 0 and len(value) % 5 == 0
++    return b32encode(value).decode('utf-8')
++
++
++def decode(value):
++    """
++    Base32-decode the str *value*.
++
++    For example:
++
++    >>> decode('ONVWK2LO')
++    b'skein'
++
++    """
++    assert isinstance(value, str)
++    assert len(value) > 0 and len(value) % 8 == 0
++    return b32decode(value.encode('utf-8'))
++
++
++
++###########################################################
++# Skein-based hashing functions and ChallengeResponse class
++
++def hash_pubkey(pubkey_data):
++    """
++    Hash an RSA public key to compute the Dmedia identity ID.
++
++    For example:
++
++    >>> hash_pubkey(b'The PEM encoded public key')
++    'JTHPOXBZKRMAUGDKXDR74ZRVVSKYUMTHZNQUOSUNTQ2IO4UD'
++
++    """
++    skein = skein512(pubkey_data,
++        digest_bits=240,
++        pers=PERS_PUBKEY,
++    )
++    return encode(skein.digest())
++
++
++def compute_response(secret, challenge, nonce, challenger_hash, responder_hash):
++    """
++    Compute response hash used in challenge-response protocol.
++
++    :param secret: the shared secret
++    :param challenge: a nonce generated by the challenger
++    :param none: a nonce generated by the responder
++    :param challenger_hash: hash of the challenger's public key
++    :param responder_hash: hash of the responder's public key
++    """
++    assert len(secret) == 5
++    assert len(challenge) == 20
++    assert len(nonce) == 20
++    assert len(challenger_hash) == 30
++    assert len(responder_hash) == 30
++    skein = skein512(
++        digest_bits=MAC_BITS,
++        pers=PERS_RESPONSE,
++        key=secret,
++        nonce=(challenge + nonce),
++    )
++    skein.update(challenger_hash)
++    skein.update(responder_hash)
++    return encode(skein.digest())
++
++
++def compute_csr_mac(secret, csr_data, remote_hash, local_hash):
++    """
++    Compute MAC to prove machine that created CSR has the secret.
++
++    :param secret: the shared secret
++    :param csr_data: PEM encoded certificate signing request
++    :param remote_hash: hash of remote peer's public key
++    :param local_hash: hash of local peer's public key
++    """
++    assert len(secret) == 5
++    assert len(remote_hash) == 30
++    assert len(local_hash) == 30
++    skein = skein512(csr_data,
++        digest_bits=MAC_BITS,
++        pers=PERS_CSR,
++        key=secret,
++        key_id=(remote_hash + local_hash),
++    )
++    return encode(skein.digest())
++
++
++def compute_cert_mac(secret, cert_data, remote_hash, local_hash):
++    """
++    Compute MAC to prove machine that issued certificate has the secret.
++
++    :param secret: the shared secret
++    :param cert_data: PEM encoded certificate
++    :param remote_hash: hash of remote peer's public key
++    :param local_hash: hash of local peer's public key
++    """
++    assert len(secret) == 5
++    assert len(remote_hash) == 30
++    assert len(local_hash) == 30
++    skein = skein512(cert_data,
++        digest_bits=MAC_BITS,
++        pers=PERS_CERT,
++        key=secret,
++        key_id=(remote_hash + local_hash),
++    )
++    return encode(skein.digest())
++
++
++class ChallengeResponse:
++    """
++    Helper class to hold state for challenge-response protocol.
++    """
++
++    def __init__(self, _id, peer_id):
++        self.id = _id
++        self.peer_id = peer_id
++        self.local_hash = decode(_id)
++        self.remote_hash = decode(peer_id)
++        assert len(self.local_hash) == 30
++        assert len(self.remote_hash) == 30
++
++    def get_secret(self):
++        # 40-bit secret (8 characters when base32 encoded)
++        self.secret = os.urandom(5)
++        return encode(self.secret)
++
++    def set_secret(self, secret):
++        assert len(secret) == 8
++        self.secret = decode(secret)
++        assert len(self.secret) == 5
++
++    def get_challenge(self):
++        self.challenge = os.urandom(20)
++        return encode(self.challenge)
++
++    def create_response(self, challenge):
++        nonce = os.urandom(20)
++        response = compute_response(
++            self.secret,
++            decode(challenge),
++            nonce,
++            self.remote_hash,
++            self.local_hash
++        )
++        return (encode(nonce), response)
++
++    def check_response(self, nonce, response):
++        expected = compute_response(
++            self.secret,
++            self.challenge,
++            decode(nonce),
++            self.local_hash,
++            self.remote_hash
++        )
++        if response != expected:
++            del self.secret
++            del self.challenge
++            raise WrongResponse(expected, response)
++
++    def csr_mac(self, csr_data):
++        return compute_csr_mac(
++            self.secret,
++            csr_data,
++            self.remote_hash,
++            self.local_hash,
++        )
++
++    def check_csr_mac(self, csr_data, mac):
++        expected = compute_csr_mac(
++            self.secret,
++            csr_data,
++            self.local_hash,
++            self.remote_hash,
++        )
++        if mac != expected:
++            del self.secret
++            raise WrongMAC(expected, mac)
++
++    def cert_mac(self, cert_data):
++        return compute_cert_mac(
++            self.secret,
++            cert_data,
++            self.remote_hash,
++            self.local_hash,
++        )
++
++    def check_cert_mac(self, cert_data, mac):
++        expected = compute_cert_mac(
++            self.secret,
++            cert_data,
++            self.local_hash,
++            self.remote_hash,
++        )
++        if mac != expected:
++            del self.secret
++            raise WrongMAC(expected, mac)
++
++
++
++##########################
++# openssl helper functions
++
++def make_subject(cn):
++    """
++    Make an openssl certificate subject from the common name *cn*.
++
++    For example:
++
++    >>> make_subject('foo')
++    '/CN=foo'
++
++    """
++    return '/CN={}'.format(cn)
  def create_key(dst_file, bits=2048):
@@ -171,6 +328,7 @@
      Create an RSA keypair and save it to *dst_file*.
      """
      assert bits % 1024 == 0
++    assert bits >= 1024
      check_call(['openssl', 'genrsa',
          '-out', dst_file,
          str(bits)
@@ -357,301 +515,9 @@
      return filename
--def encode(value):
--    assert isinstance(value, bytes)
--    assert len(value) > 0 and len(value) % 5 == 0
--    return base64.b32encode(value).decode('utf-8')
--
--
--def decode(value):
--    assert isinstance(value, str)
--    assert len(value) > 0 and len(value) % 8 == 0
--    return base64.b32decode(value.encode('utf-8'))
--
--
--def _hash_pubkey(data):
--    return skein512(data,
--        digest_bits=240,
--        pers=PERS_PUBKEY,
--    ).digest()
--
--
--def hash_pubkey(data):
--    return encode(_hash_pubkey(data))
--
--
--def _hash_cert(cert_data):
--    return skein512(cert_data,
--        digest_bits=200,
--        pers=PERS_CERT,
--    ).digest()
--
--
--def hash_cert(cert_data):
--    return encode(_hash_cert(cert_data))
--
--
--def compute_response(secret, challenge, nonce, challenger_hash, responder_hash):
--    """
--
--    :param secret: the shared secret
--
--    :param challenge: a nonce generated by the challenger
--
--    :param none: a nonce generated by the responder
--
--    :param challenger_hash: hash of the challengers certificate
--
--    :param responder_hash: hash of the responders certificate
--    """
--    assert len(secret) == 5
--    assert len(challenge) == 20
--    assert len(nonce) == 20
--    assert len(challenger_hash) == 30
--    assert len(responder_hash) == 30
--    skein = skein512(
--        digest_bits=280,
--        pers=PERS_RESPONSE,
--        key=secret,
--        nonce=(challenge + nonce),
--    )
--    skein.update(challenger_hash)
--    skein.update(responder_hash)
--    return encode(skein.digest())
--
--
--class WrongResponse(Exception):
--    def __init__(self, expected, got):
--        self.expected = expected
--        self.got = got
--        super().__init__('Incorrect response')
--
--
--class ChallengeResponse:
--    def __init__(self, _id, peer_id):
--        self.id = _id
--        self.peer_id = peer_id
--        self.local_hash = decode(_id)
--        self.remote_hash = decode(peer_id)
--        assert len(self.local_hash) == 30
--        assert len(self.remote_hash) == 30
--
--    def get_secret(self):
--        # 40-bit secret (8 characters when base32 encoded)
--        self.secret = os.urandom(5)
--        return encode(self.secret)
--
--    def set_secret(self, secret):
--        assert len(secret) == 8
--        self.secret = decode(secret)
--        assert len(self.secret) == 5
--
--    def get_challenge(self):
--        self.challenge = os.urandom(20)
--        return encode(self.challenge)
--
--    def create_response(self, challenge):
--        nonce = os.urandom(20)
--        response = compute_response(
--            self.secret,
--            decode(challenge),
--            nonce,
--            self.remote_hash,
--            self.local_hash
--        )
--        return (encode(nonce), response)
--
--    def check_response(self, nonce, response):
--        expected = compute_response(
--            self.secret,
--            self.challenge,
--            decode(nonce),
--            self.local_hash,
--            self.remote_hash
--        )
--        if response != expected:
--            del self.secret
--            del self.challenge
--            raise WrongResponse(expected, response)
--
--
--class InfoApp:
--    def __init__(self, _id):
--        self.id = _id
--        obj = {
--            'id': _id,
--            'user': USER,
--            'host': HOST,
--        }
--        self.info = dumps(obj).encode('utf-8')
--        self.info_length = str(len(self.info))
--
--    def __call__(self, environ, start_response):
--        if environ['wsgi.multithread'] is not False:
--            raise WSGIError('500 Internal Server Error')
--        if environ['PATH_INFO'] != '/':
--            raise WSGIError('410 Gone')
--        if environ['REQUEST_METHOD'] != 'GET':
--            raise WSGIError('405 Method Not Allowed')
--        start_response('200 OK',
--            [
--                ('Content-Length', self.info_length),
--                ('Content-Type', 'application/json'),
--            ]
--        )
--        return [self.info]
--
--
--class ClientApp:
--    allowed_states = (
--        'ready',
--        'gave_challenge',
--        'in_response',
--        'wrong_response',
--        'response_ok',
--    )
--
--    forwarded_states = (
--        'wrong_response',
--        'response_ok',
--    )
--
--    def __init__(self, cr, queue):
--        assert isinstance(cr, ChallengeResponse)
--        self.cr = cr
--        self.queue = queue
--        self.__state = None
--        self.map = {
--            '/challenge': self.get_challenge,
--            '/response': self.put_response,
--        }
--
--    def get_state(self):
--        return self.__state
--
--    def set_state(self, state):
--        if state not in self.__class__.allowed_states:
--            self.__state = None
--            log.error('invalid state: %r', state)
--            raise Exception('invalid state: {!r}'.format(state))
--        self.__state = state
--        if state in self.__class__.forwarded_states:
--            self.queue.put(state)
--
--    state = property(get_state, set_state)
--
--    def __call__(self, environ, start_response):
--        if environ['wsgi.multithread'] is not False:
--            raise WSGIError('500 Internal Server Error')
--        if environ.get('SSL_CLIENT_VERIFY') != 'SUCCESS':
--            raise WSGIError('403 Forbidden')
--        if environ.get('SSL_CLIENT_S_DN_CN') != self.cr.peer_id:
--            raise WSGIError('403 Forbidden')
--        if environ.get('SSL_CLIENT_I_DN_CN') != self.cr.peer_id:
--            raise WSGIError('403 Forbidden')
--
--        path_info = environ['PATH_INFO']
--        if path_info not in self.map:
--            raise WSGIError('410 Gone')
--        log.info('%s %s', environ['REQUEST_METHOD'], environ['PATH_INFO'])
--        try:
--            obj = self.map[path_info](environ)
--            data = json.dumps(obj).encode('utf-8')
--            start_response('200 OK',
--                [
--                    ('Content-Length', str(len(data))),
--                    ('Content-Type', 'application/json'),
--                ]
--            )
--            return [data]
--        except WSGIError as e:
--            raise e
--        except Exception:
--            log.exception('500 Internal Server Error')
--            raise WSGIError('500 Internal Server Error')
--
--    def get_challenge(self, environ):
--        if self.state != 'ready':
--            raise WSGIError('400 Bad Request Order')
--        self.state = 'gave_challenge'
--        if environ['REQUEST_METHOD'] != 'GET':
--            raise WSGIError('405 Method Not Allowed')
--        return {
--            'challenge': self.cr.get_challenge(),
--        }
--
--    def put_response(self, environ):
--        if self.state != 'gave_challenge':
--            raise WSGIError('400 Bad Request Order')
--        self.state = 'in_response'
--        if environ['REQUEST_METHOD'] != 'PUT':
--            raise WSGIError('405 Method Not Allowed')
--        data = environ['wsgi.input'].read()
--        obj = json.loads(data.decode('utf-8'))
--        nonce = obj['nonce']
--        response = obj['response']
--        try:
--            self.cr.check_response(nonce, response)
--        except WrongResponse:
--            self.state = 'wrong_response'
--            raise WSGIError('401 Unauthorized')
--        self.state = 'response_ok'
--        return {'ok': True}
--
--
--class ServerApp(ClientApp):
--
--    allowed_states = (
--        'info',
--        'counter_response_ok',
--        'in_csr',
--        'bad_csr',
--        'cert_issued',
--    ) + ClientApp.allowed_states
--
--    forwarded_states = (
--        'bad_csr',
--        'cert_issued',
--    ) + ClientApp.forwarded_states
--
--    def __init__(self, cr, queue, pki):
--        super().__init__(cr, queue)
--        self.pki = pki
--        self.map['/'] = self.get_info
--        self.map['/csr'] = self.post_csr
--
--    def get_info(self, environ):
--        if self.state != 'info':
--            raise WSGIError('400 Bad Request State')
--        self.state = 'ready'
--        if environ['REQUEST_METHOD'] != 'GET':
--            raise WSGIError('405 Method Not Allowed')
--        return {
--            'id': self.cr.id,
--            'user': USER,
--            'host': HOST,
--        }
--
--    def post_csr(self, environ):
--        if self.state != 'counter_response_ok':
--            raise WSGIError('400 Bad Request Order')
--        self.state = 'in_csr'
--        if environ['REQUEST_METHOD'] != 'POST':
--            raise WSGIError('405 Method Not Allowed')
--        data = environ['wsgi.input'].read()
--        obj = json.loads(data.decode('utf-8'))
--        csr_data = base64.b64decode(obj['csr'].encode('utf-8'))
--        try:
--            self.pki.write_csr(self.cr.peer_id, csr_data)
--            self.pki.issue_cert(self.cr.peer_id, self.cr.id)
--            cert_data = self.pki.read_cert2(self.cr.peer_id, self.cr.id)
--        except Exception as e:
--            log.exception('could not issue cert')
--            self.state = 'bad_csr'
--            raise WSGIError('401 Unauthorized')
--        self.state = 'cert_issued'
--        return {'cert': base64.b64encode(cert_data).decode('utf-8')}
--
++
++###########################
++# The PKI class and related
  def ensuredir(d):
      try:
@@ -662,10 +528,6 @@
              raise ValueError('not a directory: {!r}'.format(d))
--def make_subject(cn):
--    return '/CN={}'.format(cn)
--
--
  class PKI:
      def __init__(self, ssldir):
          self.ssldir = ssldir
@@ -772,7 +634,7 @@
          tmp_file = self.random_tmp()
          cert_file = self.path(_id, 'cert')
--        ca_file = self.verify_cert(subca_id)
++        ca_file = self.path(subca_id, 'cert')
          key_file = self.verify_key(subca_id)
          srl_file = self.path(subca_id, 'srl')
@@ -780,32 +642,16 @@
          os.rename(tmp_file, cert_file)
          return cert_file
--    def verify_cert(self, _id):
--        cert_file = self.path(_id, 'cert')
--        return verify(cert_file, _id)
--
--    def verify_cert2(self, cert_id, ca_id):
++    def verify_cert(self, cert_id, ca_id):
          cert_file = self.path(cert_id, 'cert')
          ca_file = self.verify_ca(ca_id)
          return verify_cert(cert_file, cert_id, ca_file, ca_id)
--    def read_cert(self, _id):
--        cert_file = self.verify_cert(_id)
--        return open(cert_file, 'rb').read()
--
--    def read_cert2(self, cert_id, ca_id):
--        cert_file = self.verify_cert2(cert_id, ca_id)
--        return open(cert_file, 'rb').read()
--
--    def write_cert(self, _id, data):
--        tmp_file = self.random_tmp()
--        open(tmp_file, 'wb').write(data)
--        verify(tmp_file, _id)
--        cert_file = self.path(_id, 'cert')
--        os.rename(tmp_file, cert_file)
--        return cert_file
--
--    def write_cert2(self, cert_id, ca_id, cert_data):
++    def read_cert(self, cert_id, ca_id):
++        cert_file = self.verify_cert(cert_id, ca_id)
++        return open(cert_file, 'rb').read()
++
++    def write_cert(self, cert_id, ca_id, cert_data):
          ca_file = self.verify_ca(ca_id)
          tmp_file = self.random_tmp()
          open(tmp_file, 'wb').write(cert_data)
@@ -817,20 +663,33 @@
      def get_ca(self, _id):
          return CA(_id, self.verify_ca(_id))
--    def get_cert(self, _id):
--        return Cert(_id, self.verify_cert(_id), self.verify_key(_id))
++    def get_cert(self, cert_id, ca_id):
++        return Cert(
++            cert_id,
++            self.verify_cert(cert_id, ca_id),
++            self.verify_key(cert_id)
++        )
++
++    def load_machine(self, machine_id, user_id=None):
++        ca_file = self.verify_ca(machine_id)
++        key_file = self.verify_key(machine_id)
++        if user_id is None:
++            cert_file = None
++        else:
++            cert_file = self.verify_cert(machine_id, user_id)
++        return Machine(machine_id, ca_file, key_file, cert_file)
++
++    def load_user(self, user_id):
++        ca_file = self.verify_ca(user_id)
++        if path.exists(self.path(user_id, 'key')):
++            key_file = self.verify_key(user_id)
++        else:
++            key_file = None
++        return User(user_id, ca_file, key_file)
      def load_pki(self, machine_id, user_id=None):
--        if user_id is None:
--            self.machine = Cert(
--                machine_id,
--                self.verify_ca(machine_id),
--                self.verify_key(machine_id)
--            )
--            self.user = None
--        else:
--            self.machine = self.get_cert(machine_id)
--            self.user = self.get_ca(user_id)
++        self.machine = self.load_machine(machine_id, user_id)
++        self.user = (None if user_id is None else self.load_user(user_id))
  class TempPKI(PKI):
@@ -857,7 +716,7 @@
          self.create_csr(cert_id)
          self.issue_cert(cert_id, ca_id)
--        return (self.get_ca(ca_id), self.get_cert(cert_id))
++        return (self.get_ca(ca_id), self.get_cert(cert_id, ca_id))
      def get_server_config(self):
          config = {
 === modified file 'dmedia/server.py'
 --- dmedia/server.py	2012-10-04 21:58:54 +0000
 +++ dmedia/server.py	2012-10-16 12:35:25 +0000
@@ -20,96 +20,45 @@
  #   Jason Gerard DeRose <jderose@novacut.com>
  """
--dmedia HTTP server.
--
--== Security Note ==
--
--To help prevent cross-site scripting attacks, the `HTTPError` raised for any
--invalid request should not include any data supplied in the request.
--
--It is helpful to include a meaningful bit a text in the response body, plus it
--allows us to test that an `HTTPError` is being raised because of the condition
--we expected it to be raised for.  But include only static messages.
--
--For example, this is okay:
--
-->>> raise BadRequest('too many slashes in request path')  #doctest: +SKIP
--
--But this is not okay:
--
-->>> raise BadRequest('bad path: {}'.format(environ['PATH_INFO']))  #doctest: +SKIP
--
++Dmedia WSGI applications.
  """
  import json
++import os
  import socket
++from base64 import b64encode, b64decode
  from wsgiref.util import shift_path_info
  import logging
  from filestore import DIGEST_B32LEN, B32ALPHABET, LEAF_SIZE
--import microfiber
++from microfiber import dumps, basic_auth_header, CouchBase
++import dmedia
  from dmedia import __version__
--from dmedia.httpd import WSGIError, make_server
--from dmedia import local
--
--
--HTTP_METHODS = ('PUT', 'POST', 'GET', 'DELETE', 'HEAD')
--WELCOME = json.dumps(
--    {'Dmedia': 'welcome', 'version': __version__},
--    sort_keys=True,
--).encode('utf-8')
++from dmedia.httpd import WSGIError, make_server
++from dmedia import local, peering
++
++
++USER = os.environ.get('USER')
++HOST = socket.gethostname()
  log = logging.getLogger()
--def server_welcome(environ, start_response):
--    if environ['REQUEST_METHOD'] != 'GET':
--        raise WSGIError('405 Method Not Allowed')
--    start_response('200 OK',
--        [
--            ('Content-Length', str(len(WELCOME))),
--            ('Content-Type', 'application/json'),
--        ]
--    )
--    return [WELCOME]
--
--
--class HTTPError(Exception):
--    def __init__(self, body=b'', headers=None):
--        if isinstance(body, str):
--            body = body.encode('utf-8')
--            headers = [('Content-Type', 'text/plain; charset=utf-8')]
--        self.body = body
--        self.headers = ([] if headers is None else headers)
--        super().__init__(self.status)
--
--
--class BadRequest(HTTPError):
--    status = '400 Bad Request'
--
--
--class NotFound(HTTPError):
--    status = '404 Not Found'
--
--
--class MethodNotAllowed(HTTPError):
--    status = '405 Method Not Allowed'
--
--
--class Conflict(HTTPError):
--    status = '409 Conflict'
--
--
--class LengthRequired(HTTPError):
--    status = '411 Length Required'
--
--
--class PreconditionFailed(HTTPError):
--    status = '412 Precondition Failed'
--
--
--class BadRangeRequest(HTTPError):
--    status = '416 Requested Range Not Satisfiable'
++def iter_headers(environ):
++    for (key, value) in environ.items():
++        if key in ('CONTENT_LENGHT', 'CONTENT_TYPE'):
++            yield (key.replace('_', '-').lower(), value)
++        elif key.startswith('HTTP_'):
++            yield (key[5:].replace('_', '-').lower(), value)
++
++
++def request_args(environ):
++    headers = dict(iter_headers(environ))
++    if environ['wsgi.input']._avail:
++        body = environ['wsgi.input'].read()
++    else:
++        body = None
++    return (environ['REQUEST_METHOD'], environ['PATH_INFO'], body, headers)
  def get_slice(environ):
@@ -168,27 +117,27 @@
      """
      unit = 'bytes='
      if not value.startswith(unit):
--        raise BadRangeRequest('bad range units')
++        raise WSGIError('400 Bad Range Units')
      value = value[len(unit):]
      if value.startswith('-'):
          try:
              return (int(value), None)
          except ValueError:
--            raise BadRangeRequest('range -start is not an integer')
++            raise WSGIError('400 Bad Range Negative Start')
      parts = value.split('-')
      if not len(parts) == 2:
--        raise BadRangeRequest('not formatted as bytes=start-end')
++        raise WSGIError('400 Bad Range Format')
      try:
          start = int(parts[0])
      except ValueError:
--        raise BadRangeRequest('range start is not an integer')
++        raise WSGIError('400 Bad Range Start')
      try:
          end = parts[1]
          stop = (int(end) + 1 if end else None)
      except ValueError:
--        raise BadRangeRequest('range end is not an integer')
++        raise WSGIError('400 Bad Range End')
      if not (stop is None or start < stop):
--        raise BadRangeRequest('range end must be less than or equal to start')
++        raise WSGIError('400 Bad Range')
      return (start, stop)
@@ -207,35 +156,10 @@
      'bytes 500-999/1234'
      """
--    assert 0 <= start < length
--    assert start < stop <= length
++    assert 0 <= start < stop <= length
      return 'bytes {}-{}/{}'.format(start, stop - 1, length)
--class BaseWSGIMeta(type):
--    def __new__(meta, name, bases, dict):
--        http_methods = []
--        cls = type.__new__(meta, name, bases, dict)
--        for name in filter(lambda n: n in HTTP_METHODS, dir(cls)):
--            method = getattr(cls, name)
--            if callable(method):
--                http_methods.append(name)
--        cls.http_methods = frozenset(http_methods)
--        return cls
--
--
--class BaseWSGI(metaclass=BaseWSGIMeta):
--    def __call__(self, environ, start_response):
--        try:
--            name = environ['REQUEST_METHOD']
--            if name not in self.__class__.http_methods:
--                raise MethodNotAllowed()
--            return getattr(self, name)(environ, start_response)
--        except HTTPError as e:
--            start_response(e.status, e.headers)
--            return [e.body]
--
--
  MiB = 1024 * 1024
@@ -259,92 +183,28 @@
          assert remaining == 0
--class ReadOnlyApp(BaseWSGI):
--    def __init__(self, env):
--        self.local = local.LocalSlave(env)
--        info = {
--            'Dmedia': 'Welcome',
--            'version': __version__,
--            'machine_id': env.get('machine_id'),
--            'hostname': socket.gethostname(),
--        }
--        self._info = json.dumps(info, sort_keys=True).encode('utf-8')
--
--    def server_info(self, environ, start_response):
--        start_response('200 OK', [('Content-Type', 'application/json')])
--        return [self._info]
--
--    def GET(self, environ, start_response):
--        path_info = environ['PATH_INFO']
--        if path_info == '/':
--            return self.server_info(environ, start_response)
--
--        _id = path_info.lstrip('/')
--        if not (len(_id) == DIGEST_B32LEN and set(_id).issubset(B32ALPHABET)):
--            raise NotFound()
--        try:
--            doc = self.local.get_doc(_id)
--            st = self.local.stat2(doc)
--            fp = open(st.name, 'rb')
--        except Exception:
--            raise NotFound()
--
--        if doc.get('content_type'):
--            headers = [('Content-Type', doc['content_type'])]
--        else:
--            headers = []
--
--        if 'HTTP_RANGE' in environ:
--            (start, stop) = range_to_slice(environ['HTTP_RANGE'])
--            status = '206 Partial Content'
--        else:
--            start = 0
--            stop = None
--            status = '200 OK'
--
--        stop = (st.size if stop is None else min(st.size, stop))
--        length = str(stop - start)
--        headers.append(('Content-Length', length))
--        if 'HTTP_RANGE' in environ:
--            headers.append(
--                ('Content-Range', slice_to_content_range(start, stop, st.size))
--            )
--
--        start_response(status, headers)
--        return FileSlice(fp, start, stop)
--
--
--class ReadWriteApp(ReadOnlyApp):
--    def PUT(self, environ, start_response):
--        pass
--
--    def POST(self, environ, start_response):
--        pass
--
--
--def iter_headers(environ):
--    for (key, value) in environ.items():
--        if key in ('CONTENT_LENGHT', 'CONTENT_TYPE'):
--            yield (key.replace('_', '-').lower(), value)
--        elif key.startswith('HTTP_'):
--            yield (key[5:].replace('_', '-').lower(), value)
--
--
--def request_args(environ):
--    headers = dict(iter_headers(environ))
--    if environ['wsgi.input']._avail:
--        body = environ['wsgi.input'].read()
--    else:
--        body = None
--    return (environ['REQUEST_METHOD'], environ['PATH_INFO'], body, headers)
--
--
  class RootApp:
++    """
++    Main Dmedia WSGI app.
++    """
++
      def __init__(self, env):
          self.user_id = env['user_id']
++        obj = {
++            'user_id': env['user_id'],
++            'machine_id': env['machine_id'],
++            'version': dmedia.__version__,
++            'user': USER,
++            'host': HOST,
++        }
++        self.info = dumps(obj).encode('utf-8')
++        self.info_length = str(len(self.info))
++        self.proxy = ProxyApp(env)
++        self.files = FilesApp(env)
          self.map = {
--            '': server_welcome,
--            'couch': ProxyApp(env),
++            '': self.get_info,
++            'couch': self.proxy,
++            'files': self.files,
+         }
      def __call__(self, environ, start_response):
@@ -357,35 +217,35 @@
              return self.map[key](environ, start_response)
          raise WSGIError('410 Gone')
++    def get_info(self, environ, start_response):
++        if environ['REQUEST_METHOD'] != 'GET':
++            raise WSGIError('405 Method Not Allowed')
++        start_response('200 OK',
++            [
++                ('Content-Length', self.info_length),
++                ('Content-Type', 'application/json'),
++            ]
++        )
++        return [self.info]
++
  class ProxyApp:
--    def __init__(self, env, debug=False):
--        self.debug = debug
--        self.client = microfiber.CouchBase(env)
++    def __init__(self, env):
++        self.client = CouchBase(env)
          self.target_host = self.client.ctx.t.netloc
--        self.basic_auth = microfiber.basic_auth_header(env['basic'])
++        self.basic_auth = basic_auth_header(env['basic'])
      def __call__(self, environ, start_response):
          (method, path, body, headers) = request_args(environ)
          db = shift_path_info(environ)
          if db and db.startswith('_'):
              raise WSGIError('403 Forbidden')
--        if self.debug:
--            print('')
--            print('{REQUEST_METHOD} {PATH_INFO}'.format(**environ))
--            for key in sorted(headers):
--                print('{}: {}'.format(key, headers[key]))
          headers['host'] = self.target_host
          headers['authorization'] = self.basic_auth
          response = self.client.raw_request(method, path, body, headers)
          status = '{} {}'.format(response.status, response.reason)
          headers = response.getheaders()
--        if self.debug:
--            print('-' * 80)
--            print(status)
--            for (key, value) in headers:
--                print('{}: {}'.format(key, value))
          start_response(status, headers)
          body = response.read()
          if body:
@@ -393,6 +253,242 @@
          return []
++class FilesApp:
++    def __init__(self, env):
++        self.local = local.LocalSlave(env)
++
++    def __call__(self, environ, start_response):
++        if environ['REQUEST_METHOD'] != 'GET':
++            raise WSGIError('405 Method Not Allowed')
++        _id = shift_path_info(environ)
++        if not (len(_id) == DIGEST_B32LEN and set(_id).issubset(B32ALPHABET)):
++            raise WSGIError('400 Bad Request ID')
++        try:
++            doc = self.local.get_doc(_id)
++            st = self.local.stat2(doc)
++            fp = open(st.name, 'rb')
++        except Exception:
++            raise WSGIError('404 Not Found')
++
++        if 'HTTP_RANGE' in environ:
++            (start, stop) = range_to_slice(environ['HTTP_RANGE'])
++            status = '206 Partial Content'
++        else:
++            start = 0
++            stop = None
++            status = '200 OK'
++
++        # '416 Requested Range Not Satisfiable'
++
++        stop = (st.size if stop is None else min(st.size, stop))
++        length = str(stop - start)
++        headers = [('Content-Length', length)]
++        if 'HTTP_RANGE' in environ:
++            headers.append(
++                ('Content-Range', slice_to_content_range(start, stop, st.size))
++            )
++        start_response(status, headers)
++        return FileSlice(fp, start, stop)
++
++
++class InfoApp:
++    """
++    WSGI app initially used by the client-end of the peering process.
++    """
++
++    def __init__(self, _id):
++        self.id = _id
++        obj = {
++            'id': _id,
++            'version': dmedia.__version__,
++            'user': USER,
++            'host': HOST,
++        }
++        self.info = dumps(obj).encode('utf-8')
++        self.info_length = str(len(self.info))
++
++    def __call__(self, environ, start_response):
++        if environ['wsgi.multithread'] is not False:
++            raise WSGIError('500 Internal Server Error')
++        if environ['PATH_INFO'] != '/':
++            raise WSGIError('410 Gone')
++        if environ['REQUEST_METHOD'] != 'GET':
++            raise WSGIError('405 Method Not Allowed')
++        start_response('200 OK',
++            [
++                ('Content-Length', self.info_length),
++                ('Content-Type', 'application/json'),
++            ]
++        )
++        return [self.info]
++
++
++class ClientApp:
++    """
++    WSGI app used by the client-end of the peering process.
++    """
++
++    allowed_states = (
++        'ready',
++        'gave_challenge',
++        'in_response',
++        'wrong_response',
++        'response_ok',
++    )
++
++    forwarded_states = (
++        'wrong_response',
++        'response_ok',
++    )
++
++    def __init__(self, cr, queue):
++        self.cr = cr
++        self.queue = queue
++        self.__state = None
++        self.map = {
++            '/challenge': self.get_challenge,
++            '/response': self.post_response,
++        }
++
++    def get_state(self):
++        return self.__state
++
++    def set_state(self, state):
++        if state not in self.__class__.allowed_states:
++            self.__state = None
++            log.error('invalid state: %r', state)
++            raise Exception('invalid state: {!r}'.format(state))
++        self.__state = state
++        if state in self.__class__.forwarded_states:
++            self.queue.put(state)
++
++    state = property(get_state, set_state)
++
++    def __call__(self, environ, start_response):
++        if environ['wsgi.multithread'] is not False:
++            raise WSGIError('500 Internal Server Error')
++        if environ.get('SSL_CLIENT_VERIFY') != 'SUCCESS':
++            raise WSGIError('403 Forbidden SSL')
++        if environ.get('SSL_CLIENT_S_DN_CN') != self.cr.peer_id:
++            raise WSGIError('403 Forbidden Subject')
++        if environ.get('SSL_CLIENT_I_DN_CN') != self.cr.peer_id:
++            raise WSGIError('403 Forbidden Issuer')
++
++        path_info = environ['PATH_INFO']
++        if path_info not in self.map:
++            raise WSGIError('410 Gone')
++        log.info('%s %s',
++            environ.get('REQUEST_METHOD'),
++            environ.get('PATH_INFO')
++        )
++        try:
++            obj = self.map[path_info](environ)
++            data = dumps(obj).encode('utf-8')
++            start_response('200 OK',
++                [
++                    ('Content-Length', str(len(data))),
++                    ('Content-Type', 'application/json'),
++                ]
++            )
++            return [data]
++        except WSGIError as e:
++            raise e
++        except Exception:
++            log.exception('500 Internal Server Error')
++            raise WSGIError('500 Internal Server Error')
++
++    def get_challenge(self, environ):
++        if self.state != 'ready':
++            raise WSGIError('400 Bad Request Order')
++        self.state = 'gave_challenge'
++        if environ['REQUEST_METHOD'] != 'GET':
++            raise WSGIError('405 Method Not Allowed')
++        return {
++            'challenge': self.cr.get_challenge(),
++        }
++
++    def post_response(self, environ):
++        if self.state != 'gave_challenge':
++            raise WSGIError('400 Bad Request Order')
++        self.state = 'in_response'
++        if environ['REQUEST_METHOD'] != 'POST':
++            raise WSGIError('405 Method Not Allowed')
++        data = environ['wsgi.input'].read()
++        obj = json.loads(data.decode('utf-8'))
++        nonce = obj['nonce']
++        response = obj['response']
++        try:
++            self.cr.check_response(nonce, response)
++        except peering.WrongResponse:
++            self.state = 'wrong_response'
++            raise WSGIError('401 Unauthorized')
++        self.state = 'response_ok'
++        return {'ok': True}
++
++
++class ServerApp(ClientApp):
++    """
++    WSGI app used by the server-end of the peering process.
++    """
++
++    allowed_states = (
++        'info',
++        'counter_response_ok',
++        'in_csr',
++        'bad_csr',
++        'cert_issued',
++    ) + ClientApp.allowed_states
++
++    forwarded_states = (
++        'bad_csr',
++        'cert_issued',
++    ) + ClientApp.forwarded_states
++
++    def __init__(self, cr, queue, pki):
++        super().__init__(cr, queue)
++        self.pki = pki
++        self.map['/'] = self.get_info
++        self.map['/csr'] = self.post_csr
++
++    def get_info(self, environ):
++        if self.state != 'info':
++            raise WSGIError('400 Bad Request State')
++        self.state = 'ready'
++        if environ['REQUEST_METHOD'] != 'GET':
++            raise WSGIError('405 Method Not Allowed')
++        return {
++            'id': self.cr.id,
++            'user': USER,
++            'host': HOST,
++        }
++
++    def post_csr(self, environ):
++        if self.state != 'counter_response_ok':
++            raise WSGIError('400 Bad Request Order')
++        self.state = 'in_csr'
++        if environ['REQUEST_METHOD'] != 'POST':
++            raise WSGIError('405 Method Not Allowed')
++        data = environ['wsgi.input'].read()
++        d = json.loads(data.decode('utf-8'))
++        csr_data = b64decode(d['csr'].encode('utf-8'))
++        try:
++            self.cr.check_csr_mac(csr_data, d['mac'])
++            self.pki.write_csr(self.cr.peer_id, csr_data)
++            self.pki.issue_cert(self.cr.peer_id, self.cr.id)
++            cert_data = self.pki.read_cert(self.cr.peer_id, self.cr.id)
++            key_data = self.pki.read_key(self.cr.id)
++        except Exception as e:
++            log.exception('could not issue cert')
++            self.state = 'bad_csr'
++            raise WSGIError('401 Unauthorized')
++        self.state = 'cert_issued'
++        return {
++            'cert': b64encode(cert_data).decode('utf-8'),
++            'mac': self.cr.cert_mac(cert_data),
++            'key': b64encode(key_data).decode('utf-8'),
++        }
++
++
  def run_server(queue, couch_env, bind_address, ssl_config):
      try:
          app = RootApp(couch_env)
 === modified file 'dmedia/service/__init__.py'
 --- dmedia/service/__init__.py	2012-04-15 05:29:57 +0000
 +++ dmedia/service/__init__.py	2012-10-16 12:35:25 +0000
@@ -25,15 +25,34 @@
  Code that is portable should go in dmedia/*.py (the dmedia core).
  """
++import logging
++
  import dbus
  from dbus.mainloop.glib import DBusGMainLoop
  from gi.repository import GObject
++
++DBusGMainLoop(set_as_default=True)
  GObject.threads_init()
--DBusGMainLoop(set_as_default=True)
--
--
--def get_proxy():
++
++BUS = 'org.freedesktop.Dmedia'
++
++
++def get_proxy(bus=BUS):
      session = dbus.SessionBus()
--    return session.get_object('org.freedesktop.Dmedia', '/')
++    return session.get_object(bus, '/')
++
++
++def init_if_needed():
++    logging.info('Getting Dmedia proxy object...')
++    Dmedia = get_proxy()
++    logging.info('Checking Dmedia.NeedsInit()...')
++    logging.info(Dmedia.NeedsInit())
++    if Dmedia.NeedsInit():
++        logging.info('Needs firstrun init.')
++        from dmedia.gtk.peering import ClientUI
++        ui = ClientUI(Dmedia)
++        ui.run()
++        if ui.quit:
++            raise SystemExit(0)
 === modified file 'dmedia/service/avahi.py'
 --- dmedia/service/avahi.py	2012-10-06 23:43:40 +0000
 +++ dmedia/service/avahi.py	2012-10-16 12:35:25 +0000
@@ -28,30 +28,49 @@
  import time
  from collections import namedtuple
--from filestore import _start_thread
--from microfiber import Context, Server, Database, NotFound
++from microfiber import dumps, NotFound, Context, Server, Database
  import dbus
  from gi.repository import GObject
++from dmedia.parallel import start_thread
  from dmedia import util, views
  log = logging.getLogger()
++Peer = namedtuple('Peer', 'env names')
  PROTO = 0  # Protocol -1 = both, 0 = IPv4, 1 = IPv6
--Peer = namedtuple('Peer', 'env names')
--PEERS = '_local/peers'
++PEERS_ID = '_local/peers'
++
++
++def make_url(ip, port):
++    if PROTO == 0:
++        return 'https://{}:{}/'.format(ip, port)
++    elif PROTO == 1:
++        return 'https://[{}]:{}/'.format(ip, port)
++    raise Exception('bad PROTO')
  class Avahi:
--    """
--    Base class to capture the messy Avahi DBus details.
--    """
--
--    service = '_example._tcp'
--
--    def __init__(self, _id, port):
++
++    service = '_dmedia._tcp'
++
++    def __init__(self, env, port, ssl_config):
          self.group = None
--        self.id = _id
++        self.machine_id = env['machine_id']
++        self.user_id = env['user_id']
          self.port = port
++        self.ssl_config = ssl_config
++        ctx = Context(env)
++        self.db = Database('dmedia-0', ctx=ctx)
++        self.server = Server(ctx=ctx)
++        self.replications = {}
++        try:
++            self.peers = self.db.get(PEERS_ID)
++            if self.peers.get('peers') != {}:
++                self.peers['peers'] = {}
++                self.db.save(self.peers)
++        except NotFound:
++            self.peers = {'_id': PEERS_ID, 'peers': {}}
++            self.db.save(self.peers)
      def __del__(self):
          self.free()
@@ -65,14 +84,12 @@
                  dbus_interface='org.freedesktop.Avahi.Server'
+             )
+         )
--        log.info(
--            'Avahi(%s): advertising %s on port %s', self.service, self.id, self.port
--        )
++        log.info('Avahi: advertising %s on port %s', self.machine_id, self.port)
          self.group.AddService(
              -1,  # Interface
              PROTO,  # Protocol -1 = both, 0 = ipv4, 1 = ipv6
 ,  # Flags
--            self.id,
++            self.machine_id,
              self.service,
              '',  # Domain, default to .local
              '',  # Host, default to localhost
@@ -90,22 +107,25 @@
              dbus_interface='org.freedesktop.Avahi.Server'
+         )
          self.browser = system.get_object('org.freedesktop.Avahi', browser_path)
++        self.browser.connect_to_signal('ItemRemove', self.on_ItemRemove)
          self.browser.connect_to_signal('ItemNew', self.on_ItemNew)
--        self.browser.connect_to_signal('ItemRemove', self.on_ItemRemove)
++        self.timeout_id = GObject.timeout_add(15000, self.on_timeout)
      def free(self):
          if self.group is not None:
--            log.info(
--                'Avahi(%s): freeing %s on port %s', self.service, self.id, self.port
--            )
++            log.info('Avahi: freeing %s on port %s', self.machine_id, self.port)
              self.group.Reset(dbus_interface='org.freedesktop.Avahi.EntryGroup')
              self.group = None
              del self.browser
              del self.avahi
++    def on_ItemRemove(self, interface, protocol, key, _type, domain, flags):
++        log.info('Avahi: peer removed: %s', key)
++        GObject.idle_add(self.remove_peer, key)
++
      def on_ItemNew(self, interface, protocol, key, _type, domain, flags):
          # Ignore what we publish ourselves:
--        if key == self.id:
++        if key == self.machine_id:
              return
          self.avahi.ResolveService(
              # 2nd to last arg is Protocol, again for some reason
@@ -118,57 +138,30 @@
      def on_reply(self, *args):
          key = args[2]
          (ip, port) = args[7:9]
--        url = 'https://{}:{}/'.format(ip, port)
--        log.info('Avahi(%s): new peer %s at %s', self.service, key, url)
--        self.add_peer(key, url)
++        url = make_url(ip, port)
++        log.info('Avahi: new peer %s at %s', key, url)
++        start_thread(self.info_thread, key, url)
      def on_error(self, exception):
--        log.error('%s: error calling ResolveService(): %r', self.service, exception)
--
--    def on_ItemRemove(self, interface, protocol, key, _type, domain, flags):
--        log.info('Avahi(%s): peer removed: %s', self.service, key)
--        self.remove_peer(key)
--
--    def add_peer(self, key, url):
--        raise NotImplementedError(
--            '{}.add_peer()'.format(self.__class__.__name__)
--        )
--
--    def remove_peer(self, key):
--        raise NotImplementedError(
--            '{}.remove_peer()'.format(self.__class__.__name__)
--        )
--
--
--class FileServer(Avahi):
--    """
--    Advertise HTTP file server server over Avahi, discover other peers.
--    """
--    service = '_dmedia._tcp'
--
--    def __init__(self, env, port):
--        super().__init__(env['machine_id'], port)
--        ctx = Context(env)
--        self.db = Database('dmedia-0', ctx=ctx)
--        self.server = Server(ctx=ctx)
--        self.replications = {}
--
--    def run(self):
++        log.error('Avahi: error calling ResolveService(): %r', exception)
++
++    def info_thread(self, key, url):
          try:
--            self.peers = self.db.get(PEERS)
--            if self.peers.get('peers') != {}:
--                self.peers['peers'] = {}
--                self.db.save(self.peers)
--        except NotFound:
--            self.peers = {'_id': PEERS, 'peers': {}}
--            self.db.save(self.peers)
--        super().run()
--        self.timeout_id = GObject.timeout_add(15000, self.on_timeout)
++            env = {'url': url, 'ssl': self.ssl_config}
++            client = Server(env)
++            info = client.get()
++            assert info.pop('user_id') == self.user_id
++            assert info.pop('machine_id') == key
++            info['url'] = url
++            log.info('Avahi: got peer info: %s', dumps(info, pretty=True))
++            GObject.idle_add(self.add_peer, key, info)
++        except Exception:
++            log.exception('Avahi: could not get info for %s', url)
--    def add_peer(self, key, url):
--        self.peers['peers'][key] = url
++    def add_peer(self, key, info):
++        self.peers['peers'][key] = info
          self.db.save(self.peers)
--        self.add_replication_peer(key, url)
++        self.add_replication_peer(key, info['url'])
      def remove_peer(self, key):
          try:
@@ -178,6 +171,18 @@
              pass
          self.remove_replication_peer(key)
++    def add_replication_peer(self, key, url):
++        env = {'url': url + 'couch/'}
++        cancel = self.replications.pop(key, None)
++        start = Peer(env, list(self.get_names()))
++        self.replications[key] = start
++        start_thread(self.replication_worker, cancel, start)
++
++    def remove_replication_peer(self, key):
++        cancel = self.replications.pop(key, None)
++        if cancel:
++            start_thread(self.replication_worker, cancel, None)
++
      def on_timeout(self):
          if not self.replications:
              return True  # Repeat timeout call
@@ -188,21 +193,9 @@
                  log.info('New databases: %r', sorted(new))
                  tmp = Peer(peer.env, tuple(new))
                  peer.names.extend(new)
--                _start_thread(self.replication_worker, None, tmp)
++                start_thread(self.replication_worker, None, tmp)
          return True  # Repeat timeout call
--    def add_replication_peer(self, key, url):
--        env = {'url': url + 'couch/'}
--        cancel = self.replications.pop(key, None)
--        start = Peer(env, list(self.get_names()))
--        self.replications[key] = start
--        _start_thread(self.replication_worker, cancel, start)
--
--    def remove_replication_peer(self, key):
--        cancel = self.replications.pop(key, None)
--        if cancel:
--            _start_thread(self.replication_worker, cancel, None)
--
      def get_names(self):
          for name in self.server.get('_all_dbs'):
              if name.startswith('dmedia-0') or name.startswith('novacut-0'):
@@ -248,4 +241,4 @@
                  log.exception('Error canceling push of %s to %s', name, env['url'])
              else:
                  log.exception('Error starting push of %s to %s', name, env['url'])
--
++
 === modified file 'dmedia/service/peers.py'
 --- dmedia/service/peers.py	2012-10-08 19:01:37 +0000
 +++ dmedia/service/peers.py	2012-10-16 12:35:25 +0000
@@ -35,19 +35,28 @@
  import ssl
  import socket
  import threading
++from queue import Queue
++from base64 import b64encode, b64decode
++from gettext import gettext as _
  import dbus
--from dbus.mainloop.glib import DBusGMainLoop
--from gi.repository import GObject
--from microfiber import _start_thread, random_id, CouchBase, dumps, build_ssl_context
++from gi.repository import GObject, Gtk, AppIndicator3
++from microfiber import Unauthorized, CouchBase
++from microfiber import random_id, dumps, build_ssl_context
++
++
++from dmedia.parallel import start_thread
++from dmedia.gtk.peering import BaseUI
++from dmedia.gtk.ubuntu import NotifyManager
++from dmedia.peering import ChallengeResponse
++from dmedia.server import ServerApp, InfoApp, ClientApp
++from dmedia.httpd import WSGIError, make_server
++
  PROTO = 0  # Protocol -1 = both, 0 = IPv4, 1 = IPv6
--GObject.threads_init()
--DBusGMainLoop(set_as_default=True)
--log = logging.getLogger()
--
  Peer = namedtuple('Peer', 'id ip port')
  Info = namedtuple('Info', 'name host url id')
++log = logging.getLogger()
  def get_service(verb):
@@ -175,9 +184,10 @@
          self.group = None
          self.pki = pki
          self.client_mode = client_mode
--        self.id = (pki.machine.id if client_mode else pki.user.id)
--        self.cert_file = pki.verify_ca(self.id)
--        self.key_file = pki.verify_key(self.id)
++        ca = (pki.machine if client_mode else pki.user)
++        self.id = ca.id
++        self.cert_file = ca.ca_file
++        self.key_file = ca.key_file
          self.state = State()
          self.peer = None
          self.info = None
@@ -192,7 +202,7 @@
              raise Exception(
                  'Cannot activate {!r} from {!r}'.format(peer_id, self.state)
+             )
--        log.info('Activated session with %r', self.peer)
++        log.info('Peering: activated session with %r', self.peer)
          assert self.state.state == 'activated'
          assert self.state.peer_id == peer_id
          assert self.peer.id == peer_id
@@ -206,7 +216,7 @@
              raise Exception(
                  'Cannot deactivate {!r} from {!r}'.format(peer_id, self.state)
+             )
--        log.info('Deactivated session with %r', self.peer)
++        log.info('Peering: deactivated session with %r', self.peer)
          assert self.state.state == 'deactivated'
          assert self.state.peer_id == peer_id
          assert self.peer.id == peer_id
@@ -222,21 +232,21 @@
      def unbind(self, peer_id):
          retract = (self.state.state == 'verified')
          if not self.state.unbind(peer_id):
--            log.error('Cannot unbind %s from %r', peer_id, self.state)
++            log.error('Peering: cannot unbind %s from %r', peer_id, self.state)
              return
--        log.info('Unbound from %s', peer_id)
++        log.info('Peering: unbound from %s', peer_id)
          assert self.state.peer_id == peer_id
          assert self.state.state == 'unbound'
          if retract:
--            log.info("Firing 'retract' signal")
++            log.info("Peering: firing 'retract' signal")
              self.emit('retract')
          GObject.timeout_add(10 * 1000, self.on_timeout, peer_id)
      def on_timeout(self, peer_id):
          if not self.state.free(peer_id):
--            log.error('Cannot free %s from %r', peer_id, self.state)
++            log.error('Peering: cannot free %s from %r', peer_id, self.state)
              return
--        log.info('Rate-limiting timeout reached, freeing from %s', peer_id)
++        log.info('Peering: rate-limiting timeout reached, freeing from %s', peer_id)
          assert self.state.state == 'free'
          assert self.state.peer_id is None
          self.info = None
@@ -277,7 +287,7 @@
+             )
+         )
          log.info(
--            'Publishing %s for %r on port %s', self.id, service, port
++            'Peering: publishing %s for %r on port %s', self.id, service, port
+         )
          self.group.AddService(
              -1,  # Interface
@@ -295,14 +305,14 @@
      def unpublish(self):
          if self.group is not None:
--            log.info('Un-publishing %s', self.id)
++            log.info('Peering: unpublishing %s', self.id)
              self.group.Reset(dbus_interface='org.freedesktop.Avahi.EntryGroup')
              self.group = None
      def browse(self):
          verb = ('accept' if self.client_mode else 'offer')
          service = get_service(verb)
--        log.info('Browsing for %r', service)
++        log.info('Peering: browsing for %r', service)
          path = self.avahi.ServiceBrowserNew(
              -1,  # Interface
              PROTO,  # Protocol -1 = both, 0 = ipv4, 1 = ipv6
@@ -316,10 +326,10 @@
          self.browser.connect_to_signal('ItemRemove', self.on_ItemRemove)
      def on_ItemNew(self, interface, protocol, peer_id, _type, domain, flags):
--        log.info('Peer added: %s', peer_id)
++        log.info('Peering: peer added: %s', peer_id)
          if not self.state.bind(str(peer_id)):
--            log.error('Cannot bind %s from %r', peer_id, self.state)
--            log.warning('Possible attack from %s', peer_id)
++            log.error('Peering: cannot bind %s from %r', peer_id, self.state)
++            log.warning('Peering: possible attack from %s', peer_id)
              return
          assert self.state.state == 'bound'
          assert self.state.peer_id == peer_id
@@ -342,7 +352,7 @@
          (ip, port) = args[7:9]
          log.info('%s is at %s, port %s', peer_id, ip, port)
          self.peer = Peer(str(peer_id), str(ip), int(port))
--        _start_thread(self.cert_thread, self.peer)
++        start_thread(self.cert_thread, self.peer)
      def on_error(self, error):
          log.error(
@@ -417,3 +427,293 @@
          signal = ('accept' if self.client_mode else 'offer')
          log.info('Firing %r signal for %r', signal, info)
          self.emit(signal, info)
++
++
++class ServerUI(BaseUI):
++    page = 'server.html'
++
++    signals = {
++        'get_secret': [],
++        'display_secret': ['secret'],
++        'set_message': ['message'],
++        'done': [],
++    }
++
++    def __init__(self, cr):
++        super().__init__()
++        self.cr = cr
++
++    def connect_hub_signals(self, hub):
++        hub.connect('get_secret', self.on_get_secret)
++
++    def on_get_secret(self, hub):
++        secret = self.cr.get_secret()
++        hub.send('display_secret', secret)
++
++
++class ServerSession:
++    def __init__(self, pki, _id, peer, server_config, client_config):
++        self.pki = pki
++        self.peer_id = peer.id
++        self.peer = peer
++        self.cr = ChallengeResponse(_id, peer.id)
++        self.q = Queue()
++        start_thread(self.monitor_response)
++        self.app = ServerApp(self.cr, self.q, pki)
++        self.app.state = 'info'
++        self.httpd = make_server(self.app, '0.0.0.0', server_config)
++        env = {'url': peer.url, 'ssl': client_config}
++        self.client = CouchBase(env)
++        self.httpd.start()
++        self.ui = ServerUI(self.cr)
++
++    def monitor_response(self):
++        while True:
++            signal = self.q.get()
++            if signal == 'wrong_response':
++                GObject.idle_add(self.retry)
++            elif signal == 'response_ok':
++                GObject.timeout_add(500, self.on_response_ok)
++                break
++
++    def monitor_cert_request(self):
++        status = self.q.get()
++        if status != 'cert_issued':
++            log.error('Bad cert request from %r', self.peer)
++            log.warning('Possible malicious peer: %r', self.peer)
++        GObject.idle_add(self.on_cert_request, status)
++
++    def retry(self):
++        self.httpd.shutdown()
++        secret = self.cr.get_secret()
++        self.ui.hub.send('display_secret', secret)
++        self.ui.hub.send('set_message',
++            _('Typo? Please try again with new secret.')
++        )
++        self.app.state = 'ready'
++        self.httpd.start()
++
++    def on_response_ok(self):
++        assert self.app.state == 'response_ok'
++        self.ui.hub.send('set_message', _('Counter-Challenge...'))
++        start_thread(self.counter_challenge)
++
++    def counter_challenge(self):
++        log.info('Getting counter-challenge from %r', self.peer)
++        challenge = self.client.get('challenge')['challenge']
++        (nonce, response) = self.cr.create_response(challenge)
++        obj = {'nonce': nonce, 'response': response}
++        log.info('Posting counter-response to %r', self.peer)
++        try:
++            r = self.client.post(obj, 'response')
++            log.info('Counter-response accepted')
++            GObject.idle_add(self.on_counter_response_ok)
++        except Unauthorized:
++            log.error('Counter-response rejected!')
++            log.warning('Possible malicious peer: %r', self.peer)
++            GObject.idle_add(self.on_counter_response_fail)
++
++    def on_counter_response_ok(self):
++        assert self.app.state == 'response_ok'
++        self.app.state = 'counter_response_ok'
++        start_thread(self.monitor_cert_request)
++        self.ui.hub.send('set_message', _('Issuing Certificate...'))
++
++    def on_counter_response_fail(self):
++        self.ui.hub.send('set_message', _('Very Bad Things!'))
++
++    def on_cert_request(self, status):
++        if status == 'cert_issued':
++            self.ui.hub.send('set_message', _('Done!'))
++            GObject.timeout_add(250, self.ui.hub.send, 'done')
++        else:
++            self.ui.hub.send('set_message', _('Security Problems in CSR!'))
++
++
++
++class Browser:
++    def __init__(self, couch):
++        self.couch = couch
++        self.avahi = AvahiPeer(couch.pki)
++        self.avahi.connect('offer', self.on_offer)
++        self.avahi.connect('retract', self.on_retract)
++        self.avahi.browse()
++        self.notifymanager = NotifyManager()
++        self.indicator = None
++        self.session = None
++
++    def free(self):
++        self.avahi.unpublish()
++
++    def on_offer(self, avahi, info):
++        assert self.indicator is None
++        self.indicator = AppIndicator3.Indicator.new(
++            'dmedia-peer',
++            'indicator-novacut',
++            AppIndicator3.IndicatorCategory.APPLICATION_STATUS
++        )
++        menu = Gtk.Menu()
++        accept = Gtk.MenuItem()
++        accept.set_label(_('Accept {}@{}').format(info.name, info.host))
++        accept.connect('activate', self.on_accept, info)
++        menu.append(accept)
++        menu.show_all()
++        self.indicator.set_menu(menu)
++        self.indicator.set_status(AppIndicator3.IndicatorStatus.ATTENTION)
++        self.notifymanager.replace(
++            _('Novacut Peering Offer'),
++            '{}@{}'.format(info.name, info.host),
++        )
++
++    def on_retract(self, avahi):
++        if self.indicator is not None:
++            self.indicator = None
++            self.notifymanager.replace(_('Peering Offer Removed'))
++
++    def on_accept(self, menuitem, info):
++        assert self.session is None
++        self.avahi.activate(info.id)
++        self.indicator = None
++        self.session = ServerSession(self.couch.pki, self.avahi.id, info,
++            self.avahi.get_server_config(),
++            self.avahi.get_client_config()
++        )
++        self.session.ui.window.connect('delete-event', self.on_delete_event)
++        self.session.ui.hub.connect('done', self.on_delete_event)
++        self.session.ui.window.show_all()
++        self.avahi.publish(self.session.httpd.port)
++
++    def on_delete_event(self, *args):
++        self.session.httpd.shutdown()
++        self.session.ui.window.destroy()
++        self.avahi.unpublish()
++        self.avahi.deactivate(self.session.peer_id)
++        self.session = None
++
++
++class Publisher:
++    def __init__(self, service, couch):
++        self.service = service
++        self.couch = couch
++        self.thread = None
++        self.avahi = None
++
++    def __del__(self):
++        self.free()
++
++    def free(self):
++        if self.avahi is not None:
++            self.avahi.unpublish()
++            self.avahi = None
++            del self.service
++            del self.couch
++
++    def run(self):
++        self.couch.load_pki()
++        self.avahi = AvahiPeer(self.couch.pki, client_mode=True)
++        self.avahi.connect('accept', self.on_accept)
++        app = InfoApp(self.avahi.id)
++        self.httpd = make_server(app, '0.0.0.0',
++            self.avahi.get_server_config()
++        )
++        self.httpd.start()
++        self.avahi.browse()
++        self.avahi.publish(self.httpd.port)
++
++    def on_accept(self, avahi, peer):
++        log.info('Publisher.on_accept()')
++        self.avahi.activate(peer.id)
++        self.peer = peer
++        self.cr = ChallengeResponse(avahi.id, peer.id)
++        self.q = Queue()
++        self.app = ClientApp(self.cr, self.q)
++        # Reconfigure HTTPD to only accept connections from bound peer
++        self.httpd.reconfigure(self.app, avahi.get_server_config())
++        env = {'url': peer.url, 'ssl': avahi.get_client_config()}
++        self.client = CouchBase(env)
++        avahi.unpublish()
++        self.service.Accept()
++
++    def set_secret(self, secret):
++        if self.thread is not None:
++            return False
++        self.cr.set_secret(secret)
++        self.thread = start_thread(self.challenge)
++        self.service.Message(_('Challenge...'))
++        return True
++
++    def challenge(self):
++        log.info('Getting challenge from %r', self.peer)
++        challenge = self.client.get('challenge')['challenge']
++        (nonce, response) = self.cr.create_response(challenge)
++        obj = {'nonce': nonce, 'response': response}
++        log.info('Posting response to %r', self.peer)
++        try:
++            r = self.client.post(obj, 'response')
++            log.info('Response accepted')
++            success = True
++        except Unauthorized:
++            log.info('Response rejected')
++            success = False
++        GObject.idle_add(self.on_response, success)
++
++    def on_response(self, success):
++        self.thread.join()
++        self.thread = None
++        if success:
++            self.app.state = 'ready'
++            self.thread = start_thread(self.monitor_counter_response)
++            self.service.Message(_('Counter-Challenge...'))
++        else:
++            self.service.Message(_('Typo? Please try again with new secret.'))
++        self.service.Response(success)
++
++    def monitor_counter_response(self):
++        # FIXME: Should use a timeout with queue.get()
++        status = self.q.get()
++        log.info('Counter-response gave %r', status)
++        if status != 'response_ok':
++            log.error('Wrong counter-response!')
++            log.warning('Possible malicious peer: %r', self.peer)
++        GObject.timeout_add(500, self.on_counter_response, status)
++
++    def on_counter_response(self, status):
++        self.thread.join()
++        self.thread = None
++        assert self.app.state == status
++        if status == 'response_ok':
++            self.thread = start_thread(self.request_cert)
++            self.service.Message(_('Requesting Certificate...'))
++        else:
++            self.service.Message(_('Scary! Counter-Challenge Failed!'))
++
++    def request_cert(self):
++        log.info('Creating CSR')
++        success = False
++        try:
++            self.couch.pki.create_csr(self.cr.id)
++            csr_data = self.couch.pki.read_csr(self.cr.id)
++            obj = {
++                'csr': b64encode(csr_data).decode('utf-8'),
++                'mac': self.cr.csr_mac(csr_data),
++            }
++            d = self.client.post(obj, 'csr')
++            cert_data = b64decode(d['cert'].encode('utf-8'))
++            self.cr.check_cert_mac(cert_data, d['mac'])
++            self.couch.pki.write_cert(self.cr.id, self.cr.peer_id, cert_data)
++            self.couch.pki.verify_cert(self.cr.id, self.cr.peer_id)
++            key_data = b64decode(d['key'].encode('utf-8'))
++            self.couch.pki.write_key(self.cr.peer_id, key_data)
++            self.couch.pki.verify_key(self.cr.peer_id)
++            success = True
++        except Exception as e:
++            log.exception('Could not request cert')
++        GObject.idle_add(self.on_csr_response, success)
++
++    def on_csr_response(self, success):
++        self.thread.join()
++        self.thread = None
++        if success:
++            self.service.set_user(self.cr.peer_id)
++        else:
++            self.service.Message(_('Scary! Certificate Request Failed!'))
 === modified file 'dmedia/service/tests/test_avahi.py'
 --- dmedia/service/tests/test_avahi.py	2012-10-04 20:23:22 +0000
 +++ dmedia/service/tests/test_avahi.py	2012-10-16 12:35:25 +0000
@@ -23,32 +23,66 @@
  Unit tests for `dmedia.service.avahi`.
  """
--from unittest import TestCase
++from random import SystemRandom
  from copy import deepcopy
--from microfiber import random_id
--from usercouch import random_oauth
++import microfiber
++from dmedia.tests.couch import CouchCase
  from dmedia.service import avahi
--class TestAvahi(TestCase):
++random = SystemRandom()
++
++
++def random_port():
++    return random.randint(1001, 50000)
++
++
++class TestAvahi(CouchCase):
      def test_init(self):
--        _id = random_id()
--        inst = avahi.Avahi(_id, 42)
--        self.assertEqual(inst.id, _id)
--        self.assertEqual(inst.port, 42)
++        db = microfiber.Database('dmedia-0', self.env)
++        self.assertTrue(db.ensure())
++        port = random_port()
++        ssl_config = 'the SSL config'
++        inst = avahi.Avahi(self.env, port, ssl_config)
          self.assertIsNone(inst.group)
--
--    def test_add_peer(self):
--        inst = avahi.Avahi('the id', 42)
--        with self.assertRaises(NotImplementedError) as cm:
--            inst.add_peer('key', 'url')
--        self.assertEqual(str(cm.exception), 'Avahi.add_peer()')
--
--    def test_remove_peer(self):
--        inst = avahi.Avahi('the id', 42)
--        with self.assertRaises(NotImplementedError) as cm:
--            inst.remove_peer('key')
--        self.assertEqual(str(cm.exception), 'Avahi.remove_peer()')
++        self.assertIs(inst.machine_id, self.machine_id)
++        self.assertIs(inst.user_id, self.user_id)
++        self.assertIs(inst.port, port)
++        self.assertIs(inst.ssl_config, ssl_config)
++        self.assertIsInstance(inst.db, microfiber.Database)
++        self.assertIsInstance(inst.server, microfiber.Server)
++        self.assertIs(inst.db.ctx, inst.server.ctx)
++        self.assertEqual(inst.replications, {})
++        self.assertEqual(inst.peers,
++            {
++                '_id': '_local/peers',
++                '_rev': '0-1',
++                'peers': {},
++            }
++        )
++        self.assertEqual(db.get('_local/peers'), inst.peers)
++
++        peers = deepcopy(inst.peers)
++        peers['peers'] = {'foo': 'bar'}
++        db.save(peers)
++        inst = avahi.Avahi(self.env, port, ssl_config)
++        self.assertEqual(inst.peers,
++            {
++                '_id': '_local/peers',
++                '_rev': '0-3',
++                'peers': {},
++            }
++        )
++        inst = avahi.Avahi(self.env, port, ssl_config)
++        self.assertEqual(inst.peers,
++            {
++                '_id': '_local/peers',
++                '_rev': '0-3',
++                'peers': {},
++            }
++        )
++
++        inst.__del__()
 === modified file 'dmedia/startup.py'
 --- dmedia/startup.py	2012-10-03 19:45:56 +0000
 +++ dmedia/startup.py	2012-10-16 12:35:25 +0000
@@ -79,29 +79,6 @@
+     }
--def get_ssl_config(pki):
--    assert isinstance(pki, PKI)
--    if pki.user is None:
--        return None
--    return {
--        'check_hostname': False,
--        'max_depth': 1,
--        'ca_file': pki.user.ca_file,
--        'cert_file': pki.machine.cert_file,
--        'key_file': pki.machine.key_file,
--    }
--
--
--def get_bootstrap_config(pki):
--    assert isinstance(pki, PKI)
--    if pki.user is None:
--        return {'username': 'admin'}
--    return {
--        'username': 'admin',
--        'replicator': get_ssl_config(pki),
--    }
--
--
  class DmediaCouch(UserCouch):
      def __init__(self, basedir):
          super().__init__(basedir)
@@ -116,44 +93,67 @@
          save_config(path.join(self.basedir, name + '.json'), config)
      def isfirstrun(self):
--        return self.machine is None
++        return self.user is None
--    def firstrun_init(self, create_user=False):
--        if not self.isfirstrun():
--            raise Exception('not first run, cannot call firstrun_init()')
++    def create_machine(self):
++        if self.machine is not None:
++            raise Exception('machine already exists')
          log.info('Creating RSA machine identity...')
          machine_id = self.pki.create_key()
          log.info('... machine_id: %s', machine_id)
          self.pki.create_ca(machine_id)
--        if create_user:
--            if self.user is None:
--                log.info('Creating RSA user identity...')
--                user_id = self.pki.create_key()
--                log.info('... user_id: %s', user_id)
--                self.pki.create_ca(user_id)
--                doc = create_doc(user_id, 'dmedia/user')
--                self.save_config('user', doc)
--                self.user = self.load_config('user')
--            else:
--                user_id = self.user['_id']
--            self.pki.create_csr(machine_id)
--            self.pki.issue_cert(machine_id, user_id)
          doc = create_doc(machine_id, 'dmedia/machine')
          self.save_config('machine', doc)
          self.machine = self.load_config('machine')
++        return machine_id
++
++    def create_user(self):
++        if self.machine is None:
++            raise Exception('must create machine first')
++        if self.user is not None:
++            raise Exception('user already exists')
++        log.info('Creating RSA user identity...')
++        user_id = self.pki.create_key()
++        log.info('... user_id: %s', user_id)
++        self.pki.create_ca(user_id)
++        self.pki.create_csr(self.machine['_id'])
++        self.pki.issue_cert(self.machine['_id'], user_id)
++        doc = create_doc(user_id, 'dmedia/user')
++        self.save_config('user', doc)
++        self.user = self.load_config('user')
++        return user_id
++
++    def set_user(self, user_id):
++        log.info('... user_id: %s', user_id)
++        doc = create_doc(user_id, 'dmedia/user')
++        self.save_config('user', doc)
++        self.user = self.load_config('user')
      def load_pki(self):
--        if self.machine is None:
--            return
          if self.user is None:
              self.pki.load_pki(self.machine['_id'])
          else:
              self.pki.load_pki(self.machine['_id'], self.user['_id'])
++    def get_ssl_config(self):
++        return {
++            'check_hostname': False,
++            'max_depth': 1,
++            'ca_file': self.pki.user.ca_file,
++            'cert_file': self.pki.machine.cert_file,
++            'key_file': self.pki.machine.key_file,
++        }
++
++    def get_bootstrap_config(self):
++        return {
++            'username': 'admin',
++            'replicator': self.get_ssl_config(),
++        }
++
      def auto_bootstrap(self):
++        assert self.user is not None
++        assert self.machine is not None
          self.load_pki()
--        config = get_bootstrap_config(self.pki)
++        config = self.get_bootstrap_config()
          return self.bootstrap('basic', config)
--    def get_ssl_config(self):
--        return get_ssl_config(self.pki)
 === modified file 'dmedia/tests/couch.py'
 --- dmedia/tests/couch.py	2011-10-04 14:00:22 +0000
 +++ dmedia/tests/couch.py	2012-10-16 12:35:25 +0000
@@ -38,6 +38,8 @@
      def setUp(self):
          super().setUp()
--        self.machine_id = random_id()
++        self.machine_id = random_id(30)
++        self.user_id = random_id(30)
          self.env['machine_id'] = self.machine_id
++        self.env['user_id'] = self.user_id
 === modified file 'dmedia/tests/test_core.py'
 --- dmedia/tests/test_core.py	2012-10-04 18:04:14 +0000
 +++ dmedia/tests/test_core.py	2012-10-16 12:35:25 +0000
@@ -63,71 +63,14 @@
          self.assertEqual(inst.local, {'_id': '_local/dmedia', 'stores': {}})
      def test_load_identity(self):
--        id1 = random_id()
--        inst = core.Core(self.env)
--        inst.load_identity({'_id': id1})
--        doc = inst.db.get(id1)
--        self.assertEqual(set(doc), set(['_id', '_rev']))
--        self.assertTrue(doc['_rev'].startswith('1-'))
--        self.assertEqual(
--            inst.db.get('_local/dmedia'),
--            {
--                '_id': '_local/dmedia',
--                '_rev': '0-1',
--                'stores': {},
--                'machine_id': id1,
--            }
--        )
--        self.assertEqual(inst.local, inst.db.get('_local/dmedia'))
--        self.assertEqual(self.env['machine_id'], id1)
--
--        inst.load_identity({'_id': id1})
--        doc = inst.db.get(id1)
--        self.assertEqual(set(doc), set(['_id', '_rev']))
--        self.assertTrue(doc['_rev'].startswith('1-'))
--        self.assertEqual(
--            inst.db.get('_local/dmedia'),
--            {
--                '_id': '_local/dmedia',
--                '_rev': '0-1',
--                'stores': {},
--                'machine_id': id1,
--            }
--        )
--        self.assertEqual(inst.local, inst.db.get('_local/dmedia'))
--        self.assertEqual(self.env['machine_id'], id1)
--
--        id2 = random_id()
--        inst = core.Core(self.env)
--        inst.load_identity({'_id': id2})
--        doc = inst.db.get(id2)
--        self.assertEqual(set(doc), set(['_id', '_rev']))
--        self.assertTrue(doc['_rev'].startswith('1-'))
--        self.assertEqual(
--            inst.db.get('_local/dmedia'),
--            {
--                '_id': '_local/dmedia',
--                '_rev': '0-2',
--                'stores': {},
--                'machine_id': id2,
--            }
--        )
--        self.assertEqual(inst.local, inst.db.get('_local/dmedia'))
--        self.assertEqual(self.env['machine_id'], id2)
--
--    def test_load_identity2(self):
--        """
--        Test load_identity() with a user.
--        """
--        machine_id = random_id()
--        user_id = random_id()
++        machine_id = random_id(30)
++        user_id = random_id(30)
          inst = core.Core(self.env)
          inst.load_identity({'_id': machine_id}, {'_id': user_id})
          machine = inst.db.get(machine_id)
          self.assertEqual(set(machine), set(['_id', '_rev']))
          self.assertTrue(machine['_rev'].startswith('1-'))
--
          user = inst.db.get(user_id)
          self.assertEqual(set(user), set(['_id', '_rev']))
          self.assertTrue(user['_rev'].startswith('1-'))
@@ -147,6 +90,24 @@
          self.assertEqual(self.env['machine_id'], machine_id)
          self.assertEqual(self.env['user_id'], user_id)
++        inst = core.Core(self.env)
++        inst.load_identity({'_id': machine_id}, {'_id': user_id})
++        self.assertTrue(inst.db.get(machine_id)['_rev'].startswith('1-'))
++        self.assertTrue(inst.db.get(user_id)['_rev'].startswith('1-'))
++
++        self.assertEqual(set(machine), set(['_id', '_rev']))
++        self.assertTrue(machine['_rev'].startswith('1-'))
++        self.assertEqual(
++            inst.db.get('_local/dmedia'),
++            {
++                '_id': '_local/dmedia',
++                '_rev': '0-1',
++                'stores': {},
++                'machine_id': machine_id,
++                'user_id': user_id,
++            }
++        )
++
      def test_init_default_store(self):
          private = TempDir()
          shared = TempDir()
 === modified file 'dmedia/tests/test_peering.py'
 --- dmedia/tests/test_peering.py	2012-10-09 03:07:15 +0000
 +++ dmedia/tests/test_peering.py	2012-10-16 12:35:25 +0000
@@ -25,207 +25,191 @@
  from unittest import TestCase
  import os
--from os import path
++from os import path, urandom
  import subprocess
  import socket
--from queue import Queue
--import microfiber
--from microfiber import random_id, CouchBase
++from microfiber import random_id
++from skein import skein512
  from .base import TempDir
--from dmedia.httpd import make_server
  from dmedia.peering import encode, decode
  from dmedia import peering
--class TestSSLFunctions(TestCase):
--    def test_create_key(self):
--        tmp = TempDir()
--        key = tmp.join('key.pem')
--
--        # bits=1024
--        sizes = [883, 887, 891]
--        peering.create_key(key, bits=1024)
--        self.assertLess(min(sizes) - 25, path.getsize(key))
--        self.assertLess(path.getsize(key), max(sizes) + 25)
--        os.remove(key)
--
--        # bits=2048 (default)
--        sizes = [1671, 1675, 1679]
--        peering.create_key(key)
--        self.assertLess(min(sizes) - 25, path.getsize(key))
--        self.assertLess(path.getsize(key), max(sizes) + 25)
--        os.remove(key)
--
--        peering.create_key(key, bits=2048)
--        self.assertLess(min(sizes) - 25, path.getsize(key))
--        self.assertLess(path.getsize(key), max(sizes) + 25)
--        os.remove(key)
--
--        # bits=3072
--        sizes = [2455, 2459]
--        peering.create_key(key, bits=3072)
--        self.assertLess(min(sizes) - 25, path.getsize(key))
--        self.assertLess(path.getsize(key), max(sizes) + 25)
--
--    def test_create_ca(self):
--        tmp = TempDir()
--        foo_key = tmp.join('foo.key')
--        foo_ca = tmp.join('foo.ca')
--        peering.create_key(foo_key)
--        self.assertFalse(path.exists(foo_ca))
--        peering.create_ca(foo_key, '/CN=foo', foo_ca)
--        self.assertGreater(path.getsize(foo_ca), 0)
--
--    def test_create_csr(self):
--        tmp = TempDir()
--        bar_key = tmp.join('bar.key')
--        bar_csr = tmp.join('bar.csr')
--        peering.create_key(bar_key)
--        self.assertFalse(path.exists(bar_csr))
--        peering.create_csr(bar_key, '/CN=bar', bar_csr)
--        self.assertGreater(path.getsize(bar_csr), 0)
--
--    def test_issue_cert(self):
--        tmp = TempDir()
--
--        foo_key = tmp.join('foo.key')
--        foo_ca = tmp.join('foo.ca')
--        foo_srl = tmp.join('foo.srl')
--        peering.create_key(foo_key)
--        peering.create_ca(foo_key, '/CN=foo', foo_ca)
--
--        bar_key = tmp.join('bar.key')
--        bar_csr = tmp.join('bar.csr')
--        bar_cert = tmp.join('bar.cert')
--        peering.create_key(bar_key)
--        peering.create_csr(bar_key, '/CN=bar', bar_csr)
--
--        files = (foo_srl, bar_cert)
--        for f in files:
--            self.assertFalse(path.exists(f))
--        peering.issue_cert(bar_csr, foo_ca, foo_key, foo_srl, bar_cert)
--        for f in files:
--            self.assertGreater(path.getsize(f), 0)
--
--    def test_get_pubkey(self):
--        tmp = TempDir()
--
--        # Create CA
--        foo_key = tmp.join('foo.key')
--        foo_ca = tmp.join('foo.ca')
--        foo_srl = tmp.join('foo.srl')
--        peering.create_key(foo_key)
--        foo_pubkey = peering.get_rsa_pubkey(foo_key)
--        peering.create_ca(foo_key, '/CN=foo', foo_ca)
--
--        # Create CSR and issue cert
--        bar_key = tmp.join('bar.key')
--        bar_csr = tmp.join('bar.csr')
--        bar_cert = tmp.join('bar.cert')
--        peering.create_key(bar_key)
--        bar_pubkey = peering.get_rsa_pubkey(bar_key)
--        peering.create_csr(bar_key, '/CN=bar', bar_csr)
--        peering.issue_cert(bar_csr, foo_ca, foo_key, foo_srl, bar_cert)
--
--        # Now compare
--        os.remove(foo_key)
--        os.remove(bar_key)
--        self.assertEqual(peering.get_pubkey(foo_ca), foo_pubkey)
--        self.assertEqual(peering.get_csr_pubkey(bar_csr), bar_pubkey)
--        self.assertEqual(peering.get_pubkey(bar_cert), bar_pubkey)
--
--    def test_get_subject(self):
--        tmp = TempDir()
--
--        foo_subject = '/CN={}'.format(random_id(30))
--        foo_key = tmp.join('foo.key')
--        foo_ca = tmp.join('foo.ca')
--        foo_srl = tmp.join('foo.srl')
--        peering.create_key(foo_key)
--        peering.create_ca(foo_key, foo_subject, foo_ca)
--        self.assertEqual(peering.get_subject(foo_ca), foo_subject)
--
--        bar_subject = '/CN={}'.format(random_id(30))
--        bar_key = tmp.join('bar.key')
--        bar_csr = tmp.join('bar.csr')
--        bar_cert = tmp.join('bar.cert')
--        peering.create_key(bar_key)
--        peering.create_csr(bar_key, bar_subject, bar_csr)
--        peering.issue_cert(bar_csr, foo_ca, foo_key, foo_srl, bar_cert)
--        self.assertEqual(peering.get_csr_subject(bar_csr), bar_subject)
--        self.assertEqual(peering.get_subject(bar_cert), bar_subject)
--
--    def test_get_csr_subject(self):
--        tmp = TempDir()
--        subject = '/CN={}'.format(random_id(30))
--        key_file = tmp.join('foo.key')
--        csr_file = tmp.join('foo.csr')
--        peering.create_key(key_file)
--        peering.create_csr(key_file, subject, csr_file)
--        os.remove(key_file)
--        self.assertEqual(peering.get_csr_subject(csr_file), subject)
--
--    def test_get_issuer(self):
--        tmp = TempDir()
--
--        foo_subject = '/CN={}'.format(random_id(30))
--        foo_key = tmp.join('foo.key')
--        foo_ca = tmp.join('foo.ca')
--        foo_srl = tmp.join('foo.srl')
--        peering.create_key(foo_key)
--        peering.create_ca(foo_key, foo_subject, foo_ca)
--        self.assertEqual(peering.get_issuer(foo_ca), foo_subject)
--
--        bar_subject = '/CN={}'.format(random_id(30))
--        bar_key = tmp.join('bar.key')
--        bar_csr = tmp.join('bar.csr')
--        bar_cert = tmp.join('bar.cert')
--        peering.create_key(bar_key)
--        peering.create_csr(bar_key, bar_subject, bar_csr)
--        peering.issue_cert(bar_csr, foo_ca, foo_key, foo_srl, bar_cert)
--        self.assertEqual(peering.get_csr_subject(bar_csr), bar_subject)
--        self.assertEqual(peering.get_issuer(bar_cert), foo_subject)
--
--    def test_ssl_verify(self):
--        tmp = TempDir()
--        pki = peering.PKI(tmp.dir)
--
--        ca1 = pki.create_key()
--        pki.create_ca(ca1)
--        cert1 = pki.create_key()
--        pki.create_csr(cert1)
--        pki.issue_cert(cert1, ca1)
--        ca1_file = pki.path(ca1, 'ca')
--        cert1_file = pki.path(cert1, 'cert')
--        self.assertEqual(peering.ssl_verify(ca1_file, ca1_file), ca1_file)
--        self.assertEqual(peering.ssl_verify(cert1_file, ca1_file), cert1_file)
--        with self.assertRaises(peering.VerificationError) as cm:
--            peering.ssl_verify(ca1_file, cert1_file)
--        with self.assertRaises(peering.VerificationError) as cm:
--            peering.ssl_verify(cert1_file, cert1_file)
--
--        ca2 = pki.create_key()
--        pki.create_ca(ca2)
--        cert2 = pki.create_key()
--        pki.create_csr(cert2)
--        pki.issue_cert(cert2, ca2)
--        ca2_file = pki.path(ca2, 'ca')
--        cert2_file = pki.path(cert2, 'cert')
--        self.assertEqual(peering.ssl_verify(ca2_file, ca2_file), ca2_file)
--        self.assertEqual(peering.ssl_verify(cert2_file, ca2_file), cert2_file)
--        with self.assertRaises(peering.VerificationError) as cm:
--            peering.ssl_verify(ca2_file, cert2_file)
--        with self.assertRaises(peering.VerificationError) as cm:
--            peering.ssl_verify(cert2_file, cert2_file)
--
--        with self.assertRaises(peering.VerificationError) as cm:
--            peering.ssl_verify(ca2_file, ca1_file)
--        with self.assertRaises(peering.VerificationError) as cm:
--            peering.ssl_verify(cert2_file, ca1_file)
--        with self.assertRaises(peering.VerificationError) as cm:
--            peering.ssl_verify(cert2_file, cert1_file)
++class TestSkeinFunctions(TestCase):
++    def test_hash_pubkey(self):
++        data = urandom(500)
++        _id = peering.hash_pubkey(data)
++        self.assertIsInstance(_id, str)
++        self.assertEqual(len(_id), 48)
++        skein = skein512(data,
++            digest_bits=240,
++            pers=b'20120918 jderose@novacut.com dmedia/pubkey',
++        )
++        self.assertEqual(
++            decode(_id),
++            skein.digest()
++        )
++
++        # Sanity check
++        for i in range(1000):
++            self.assertNotEqual(_id,
++                peering.hash_pubkey(urandom(500)),
++            )
++
++    def test_compute_response(self):
++        secret = urandom(5)
++        challenge = urandom(20)
++        nonce = urandom(20)
++        hash1 = urandom(30)
++        hash2 = urandom(30)
++        response = peering.compute_response(
++            secret, challenge, nonce, hash1, hash2
++        )
++        self.assertIsInstance(response, str)
++        self.assertEqual(len(response), 56)
++        skein = skein512(hash1 + hash2,
++            digest_bits=280,
++            pers=b'20120918 jderose@novacut.com dmedia/response',
++            key=secret,
++            nonce=(challenge + nonce),
++        )
++        self.assertEqual(
++            decode(response),
++            skein.digest()
++        )
++
++        # Test with direction reversed
++        self.assertNotEqual(response,
++            peering.compute_response(secret, challenge, nonce, hash2, hash1)
++        )
++
++        # Test with wrong secret
++        for i in range(100):
++            self.assertNotEqual(response,
++                peering.compute_response(urandom(5), challenge, nonce, hash1, hash2)
++            )
++
++        # Test with wrong challange
++        for i in range(100):
++            self.assertNotEqual(response,
++                peering.compute_response(secret, urandom(20), nonce, hash1, hash2)
++            )
++
++        # Test with wrong nonce
++        for i in range(100):
++            self.assertNotEqual(response,
++                peering.compute_response(secret, challenge, urandom(20), hash1, hash2)
++            )
++
++        # Test with wrong challenger_hash
++        for i in range(100):
++            self.assertNotEqual(response,
++                peering.compute_response(secret, challenge, nonce, urandom(30), hash2)
++            )
++
++        # Test with wrong responder_hash
++        for i in range(100):
++            self.assertNotEqual(response,
++                peering.compute_response(secret, challenge, nonce, hash1, urandom(30))
++            )
++
++    def test_compute_csr_mac(self):
++        secret = os.urandom(5)
++        remote_hash = os.urandom(30)
++        local_hash = os.urandom(30)
++        csr_data = os.urandom(500)
++        mac = peering.compute_csr_mac(secret, csr_data, remote_hash, local_hash)
++        self.assertIsInstance(mac, str)
++        self.assertEqual(len(mac), 56)
++        skein = skein512(csr_data,
++            digest_bits=280,
++            pers=b'20120918 jderose@novacut.com dmedia/csr',
++            key=secret,
++            key_id=(remote_hash + local_hash),
++        )
++        self.assertEqual(
++            decode(mac),
++            skein.digest()
++        )
++
++        # Test with direction reversed
++        self.assertNotEqual(mac,
++            peering.compute_csr_mac(secret, csr_data, local_hash, remote_hash)
++        )
++
++        # Test with wrong secret
++        for i in range(100):
++            self.assertNotEqual(mac,
++                peering.compute_csr_mac(os.urandom(5), csr_data, remote_hash, local_hash)
++            )
++
++        # Test with wrong cert_data
++        for i in range(100):
++            self.assertNotEqual(mac,
++                peering.compute_csr_mac(secret, os.urandom(500), remote_hash, local_hash)
++            )
++
++        # Test with wrong remote_hash
++        for i in range(100):
++            self.assertNotEqual(mac,
++                peering.compute_csr_mac(secret, csr_data, os.urandom(30), local_hash)
++            )
++
++        # Test with wrong local_hash
++        for i in range(100):
++            self.assertNotEqual(mac,
++                peering.compute_csr_mac(secret, csr_data, remote_hash, os.urandom(30))
++            )
++
++    def test_compute_cert_mac(self):
++        secret = os.urandom(5)
++        remote_hash = os.urandom(30)
++        local_hash = os.urandom(30)
++        cert_data = os.urandom(500)
++        mac = peering.compute_cert_mac(secret, cert_data, remote_hash, local_hash)
++        self.assertIsInstance(mac, str)
++        self.assertEqual(len(mac), 56)
++        skein = skein512(cert_data,
++            digest_bits=280,
++            pers=b'20120918 jderose@novacut.com dmedia/cert',
++            key=secret,
++            key_id=(remote_hash + local_hash),
++        )
++        self.assertEqual(
++            decode(mac),
++            skein.digest()
++        )
++
++        # Test with direction reversed
++        self.assertNotEqual(mac,
++            peering.compute_cert_mac(secret, cert_data, local_hash, remote_hash)
++        )
++
++        # Test with wrong secret
++        for i in range(100):
++            self.assertNotEqual(mac,
++                peering.compute_cert_mac(os.urandom(5), cert_data, remote_hash, local_hash)
++            )
++
++        # Test with wrong cert_data
++        for i in range(100):
++            self.assertNotEqual(mac,
++                peering.compute_cert_mac(secret, os.urandom(500), remote_hash, local_hash)
++            )
++
++        # Test with wrong remote_hash
++        for i in range(100):
++            self.assertNotEqual(mac,
++                peering.compute_cert_mac(secret, cert_data, os.urandom(30), local_hash)
++            )
++
++        # Test with wrong local_hash
++        for i in range(100):
++            self.assertNotEqual(mac,
++                peering.compute_cert_mac(secret, cert_data, remote_hash, os.urandom(30))
++            )
  class TestChallengeResponse(TestCase):
@@ -478,133 +462,193 @@
                  inst.check_response(nonce, response)
--class TestServerApp(TestCase):
--    def test_live(self):
++class TestSSLFunctions(TestCase):
++    def test_create_key(self):
++        tmp = TempDir()
++        key = tmp.join('key.pem')
++
++        # bits=1024
++        sizes = [883, 887, 891]
++        peering.create_key(key, bits=1024)
++        self.assertLess(min(sizes) - 25, path.getsize(key))
++        self.assertLess(path.getsize(key), max(sizes) + 25)
++        os.remove(key)
++
++        # bits=2048 (default)
++        sizes = [1671, 1675, 1679]
++        peering.create_key(key)
++        self.assertLess(min(sizes) - 25, path.getsize(key))
++        self.assertLess(path.getsize(key), max(sizes) + 25)
++        os.remove(key)
++
++        peering.create_key(key, bits=2048)
++        self.assertLess(min(sizes) - 25, path.getsize(key))
++        self.assertLess(path.getsize(key), max(sizes) + 25)
++        os.remove(key)
++
++        # bits=3072
++        sizes = [2455, 2459]
++        peering.create_key(key, bits=3072)
++        self.assertLess(min(sizes) - 25, path.getsize(key))
++        self.assertLess(path.getsize(key), max(sizes) + 25)
++
++    def test_create_ca(self):
++        tmp = TempDir()
++        foo_key = tmp.join('foo.key')
++        foo_ca = tmp.join('foo.ca')
++        peering.create_key(foo_key)
++        self.assertFalse(path.exists(foo_ca))
++        peering.create_ca(foo_key, '/CN=foo', foo_ca)
++        self.assertGreater(path.getsize(foo_ca), 0)
++
++    def test_create_csr(self):
++        tmp = TempDir()
++        bar_key = tmp.join('bar.key')
++        bar_csr = tmp.join('bar.csr')
++        peering.create_key(bar_key)
++        self.assertFalse(path.exists(bar_csr))
++        peering.create_csr(bar_key, '/CN=bar', bar_csr)
++        self.assertGreater(path.getsize(bar_csr), 0)
++
++    def test_issue_cert(self):
++        tmp = TempDir()
++
++        foo_key = tmp.join('foo.key')
++        foo_ca = tmp.join('foo.ca')
++        foo_srl = tmp.join('foo.srl')
++        peering.create_key(foo_key)
++        peering.create_ca(foo_key, '/CN=foo', foo_ca)
++
++        bar_key = tmp.join('bar.key')
++        bar_csr = tmp.join('bar.csr')
++        bar_cert = tmp.join('bar.cert')
++        peering.create_key(bar_key)
++        peering.create_csr(bar_key, '/CN=bar', bar_csr)
++
++        files = (foo_srl, bar_cert)
++        for f in files:
++            self.assertFalse(path.exists(f))
++        peering.issue_cert(bar_csr, foo_ca, foo_key, foo_srl, bar_cert)
++        for f in files:
++            self.assertGreater(path.getsize(f), 0)
++
++    def test_get_pubkey(self):
++        tmp = TempDir()
++
++        # Create CA
++        foo_key = tmp.join('foo.key')
++        foo_ca = tmp.join('foo.ca')
++        foo_srl = tmp.join('foo.srl')
++        peering.create_key(foo_key)
++        foo_pubkey = peering.get_rsa_pubkey(foo_key)
++        peering.create_ca(foo_key, '/CN=foo', foo_ca)
++
++        # Create CSR and issue cert
++        bar_key = tmp.join('bar.key')
++        bar_csr = tmp.join('bar.csr')
++        bar_cert = tmp.join('bar.cert')
++        peering.create_key(bar_key)
++        bar_pubkey = peering.get_rsa_pubkey(bar_key)
++        peering.create_csr(bar_key, '/CN=bar', bar_csr)
++        peering.issue_cert(bar_csr, foo_ca, foo_key, foo_srl, bar_cert)
++
++        # Now compare
++        os.remove(foo_key)
++        os.remove(bar_key)
++        self.assertEqual(peering.get_pubkey(foo_ca), foo_pubkey)
++        self.assertEqual(peering.get_csr_pubkey(bar_csr), bar_pubkey)
++        self.assertEqual(peering.get_pubkey(bar_cert), bar_pubkey)
++
++    def test_get_subject(self):
++        tmp = TempDir()
++
++        foo_subject = '/CN={}'.format(random_id(30))
++        foo_key = tmp.join('foo.key')
++        foo_ca = tmp.join('foo.ca')
++        foo_srl = tmp.join('foo.srl')
++        peering.create_key(foo_key)
++        peering.create_ca(foo_key, foo_subject, foo_ca)
++        self.assertEqual(peering.get_subject(foo_ca), foo_subject)
++
++        bar_subject = '/CN={}'.format(random_id(30))
++        bar_key = tmp.join('bar.key')
++        bar_csr = tmp.join('bar.csr')
++        bar_cert = tmp.join('bar.cert')
++        peering.create_key(bar_key)
++        peering.create_csr(bar_key, bar_subject, bar_csr)
++        peering.issue_cert(bar_csr, foo_ca, foo_key, foo_srl, bar_cert)
++        self.assertEqual(peering.get_csr_subject(bar_csr), bar_subject)
++        self.assertEqual(peering.get_subject(bar_cert), bar_subject)
++
++    def test_get_csr_subject(self):
++        tmp = TempDir()
++        subject = '/CN={}'.format(random_id(30))
++        key_file = tmp.join('foo.key')
++        csr_file = tmp.join('foo.csr')
++        peering.create_key(key_file)
++        peering.create_csr(key_file, subject, csr_file)
++        os.remove(key_file)
++        self.assertEqual(peering.get_csr_subject(csr_file), subject)
++
++    def test_get_issuer(self):
++        tmp = TempDir()
++
++        foo_subject = '/CN={}'.format(random_id(30))
++        foo_key = tmp.join('foo.key')
++        foo_ca = tmp.join('foo.ca')
++        foo_srl = tmp.join('foo.srl')
++        peering.create_key(foo_key)
++        peering.create_ca(foo_key, foo_subject, foo_ca)
++        self.assertEqual(peering.get_issuer(foo_ca), foo_subject)
++
++        bar_subject = '/CN={}'.format(random_id(30))
++        bar_key = tmp.join('bar.key')
++        bar_csr = tmp.join('bar.csr')
++        bar_cert = tmp.join('bar.cert')
++        peering.create_key(bar_key)
++        peering.create_csr(bar_key, bar_subject, bar_csr)
++        peering.issue_cert(bar_csr, foo_ca, foo_key, foo_srl, bar_cert)
++        self.assertEqual(peering.get_csr_subject(bar_csr), bar_subject)
++        self.assertEqual(peering.get_issuer(bar_cert), foo_subject)
++
++    def test_ssl_verify(self):
          tmp = TempDir()
          pki = peering.PKI(tmp.dir)
--        local_id = pki.create_key()
--        pki.create_ca(local_id)
--        remote_id = pki.create_key()
--        pki.create_ca(remote_id)
--        server_config = {
--            'cert_file': pki.path(local_id, 'ca'),
--            'key_file': pki.path(local_id, 'key'),
--            'ca_file': pki.path(remote_id, 'ca'),
--        }
--        client_config = {
--            'check_hostname': False,
--            'ca_file': pki.path(local_id, 'ca'),
--            'cert_file': pki.path(remote_id, 'ca'),
--            'key_file': pki.path(remote_id, 'key'),
--        }
--        local = peering.ChallengeResponse(local_id, remote_id)
--        remote = peering.ChallengeResponse(remote_id, local_id)
--        q = Queue()
--        app = peering.ServerApp(local, q, None)
--        server = make_server(app, '127.0.0.1', server_config)
--        client = CouchBase({'url': server.url, 'ssl': client_config})
--        server.start()
--        secret = local.get_secret()
--        remote.set_secret(secret)
--
--        self.assertIsNone(app.state)
--        with self.assertRaises(microfiber.BadRequest) as cm:
--            client.get('')
--        self.assertEqual(
--            str(cm.exception),
--            '400 Bad Request State: GET /'
--        )
--        app.state = 'info'
--        self.assertEqual(client.get(),
--            {
--                'id': local_id,
--                'user': os.environ.get('USER'),
--                'host': socket.gethostname(),
--            }
--        )
--        self.assertEqual(app.state, 'ready')
--        with self.assertRaises(microfiber.BadRequest) as cm:
--            client.get('')
--        self.assertEqual(
--            str(cm.exception),
--            '400 Bad Request State: GET /'
--        )
--        self.assertEqual(app.state, 'ready')
--
--        app.state = 'info'
--        with self.assertRaises(microfiber.BadRequest) as cm:
--            client.get('challenge')
--        self.assertEqual(
--            str(cm.exception),
--            '400 Bad Request Order: GET /challenge'
--        )
--        with self.assertRaises(microfiber.BadRequest) as cm:
--            client.put({'hello': 'world'}, 'response')
--        self.assertEqual(
--            str(cm.exception),
--            '400 Bad Request Order: PUT /response'
--        )
--
--        app.state = 'ready'
--        self.assertEqual(app.state, 'ready')
--        obj = client.get('challenge')
--        self.assertEqual(app.state, 'gave_challenge')
--        self.assertIsInstance(obj, dict)
--        self.assertEqual(set(obj), set(['challenge']))
--        self.assertEqual(local.challenge, decode(obj['challenge']))
--        with self.assertRaises(microfiber.BadRequest) as cm:
--            client.get('challenge')
--        self.assertEqual(
--            str(cm.exception),
--            '400 Bad Request Order: GET /challenge'
--        )
--        self.assertEqual(app.state, 'gave_challenge')
--
--        (nonce, response) = remote.create_response(obj['challenge'])
--        obj = {'nonce': nonce, 'response': response}
--        self.assertEqual(client.put(obj, 'response'), {'ok': True})
--        self.assertEqual(app.state, 'response_ok')
--        with self.assertRaises(microfiber.BadRequest) as cm:
--            client.put(obj, 'response')
--        self.assertEqual(
--            str(cm.exception),
--            '400 Bad Request Order: PUT /response'
--        )
--        self.assertEqual(app.state, 'response_ok')
--        self.assertEqual(q.get(), 'response_ok')
--
--        # Test when an error occurs in put_response()
--        app.state = 'gave_challenge'
--        with self.assertRaises(microfiber.ServerError) as cm:
--            client.put(b'bad json', 'response')
--        self.assertEqual(app.state, 'in_response')
--
--        # Test with wrong secret
--        app.state = 'ready'
--        secret = local.get_secret()
--        remote.get_secret()
--        challenge = client.get('challenge')['challenge']
--        self.assertEqual(app.state, 'gave_challenge')
--        (nonce, response) = remote.create_response(challenge)
--        with self.assertRaises(microfiber.Unauthorized) as cm:
--            client.put({'nonce': nonce, 'response': response}, 'response')
--        self.assertEqual(app.state, 'wrong_response')
--        self.assertFalse(hasattr(local, 'secret'))
--        self.assertFalse(hasattr(local, 'challenge'))
--
--        # Verify that you can't retry
--        remote.set_secret(secret)
--        (nonce, response) = remote.create_response(challenge)
--        with self.assertRaises(microfiber.BadRequest) as cm:
--            client.put({'nonce': nonce, 'response': response}, 'response')
--        self.assertEqual(
--            str(cm.exception),
--            '400 Bad Request Order: PUT /response'
--        )
--        self.assertEqual(app.state, 'wrong_response')
--        self.assertEqual(q.get(), 'wrong_response')
--
--        server.shutdown()
++
++        ca1 = pki.create_key()
++        pki.create_ca(ca1)
++        cert1 = pki.create_key()
++        pki.create_csr(cert1)
++        pki.issue_cert(cert1, ca1)
++        ca1_file = pki.path(ca1, 'ca')
++        cert1_file = pki.path(cert1, 'cert')
++        self.assertEqual(peering.ssl_verify(ca1_file, ca1_file), ca1_file)
++        self.assertEqual(peering.ssl_verify(cert1_file, ca1_file), cert1_file)
++        with self.assertRaises(peering.VerificationError) as cm:
++            peering.ssl_verify(ca1_file, cert1_file)
++        with self.assertRaises(peering.VerificationError) as cm:
++            peering.ssl_verify(cert1_file, cert1_file)
++
++        ca2 = pki.create_key()
++        pki.create_ca(ca2)
++        cert2 = pki.create_key()
++        pki.create_csr(cert2)
++        pki.issue_cert(cert2, ca2)
++        ca2_file = pki.path(ca2, 'ca')
++        cert2_file = pki.path(cert2, 'cert')
++        self.assertEqual(peering.ssl_verify(ca2_file, ca2_file), ca2_file)
++        self.assertEqual(peering.ssl_verify(cert2_file, ca2_file), cert2_file)
++        with self.assertRaises(peering.VerificationError) as cm:
++            peering.ssl_verify(ca2_file, cert2_file)
++        with self.assertRaises(peering.VerificationError) as cm:
++            peering.ssl_verify(cert2_file, cert2_file)
++
++        with self.assertRaises(peering.VerificationError) as cm:
++            peering.ssl_verify(ca2_file, ca1_file)
++        with self.assertRaises(peering.VerificationError) as cm:
++            peering.ssl_verify(cert2_file, ca1_file)
++        with self.assertRaises(peering.VerificationError) as cm:
++            peering.ssl_verify(cert2_file, cert1_file)
  class TestPKI(TestCase):
@@ -935,17 +979,17 @@
          cert1_file = pki.path(id1, 'cert')
          cert2_file = pki.path(id2, 'cert')
--        self.assertEqual(pki.verify_cert(id1), cert1_file)
--        self.assertEqual(pki.verify_cert(id2), cert2_file)
++        self.assertEqual(pki.verify_cert(id1, ca_id), cert1_file)
++        self.assertEqual(pki.verify_cert(id2, ca_id), cert2_file)
          os.remove(cert1_file)
          os.rename(cert2_file, cert1_file)
          with self.assertRaises(peering.PublicKeyError) as cm:
--            pki.verify_cert(id1)
++            pki.verify_cert(id1, ca_id)
          self.assertEqual(cm.exception.filename, cert1_file)
          self.assertEqual(cm.exception.expected, id1)
          self.assertEqual(cm.exception.got, id2)
          with self.assertRaises(subprocess.CalledProcessError) as cm:
--            pki.verify_cert(id2)
++            pki.verify_cert(id2, ca_id)
          # Test with bad subject
          id3 = pki.create_key()
@@ -960,7 +1004,7 @@
              cert_file
+         )
          with self.assertRaises(peering.SubjectError) as cm:
--            pki.verify_cert(id3)
++            pki.verify_cert(id3, ca_id)
          self.assertEqual(cm.exception.filename, cert_file)
          self.assertEqual(cm.exception.expected, '/CN={}'.format(id3))
          self.assertEqual(cm.exception.got, '/CN={}'.format(id1))
@@ -968,7 +1012,7 @@
      def test_get_ca(self):
          tmp = TempDir()
          pki = peering.PKI(tmp.dir)
--        ca_id = pki.create_key()
++        ca_id = pki.create_key(1024)
          pki.create_ca(ca_id)
          ca = pki.get_ca(ca_id)
@@ -986,13 +1030,64 @@
          pki.create_csr(cert_id)
          pki.issue_cert(cert_id, ca_id)
--        cert = pki.get_cert(cert_id)
++        cert = pki.get_cert(cert_id, ca_id)
          self.assertIsInstance(cert, peering.Cert)
          self.assertEqual(cert.id, cert_id)
          self.assertEqual(cert.cert_file, pki.path(cert_id, 'cert'))
          self.assertEqual(cert.key_file, pki.path(cert_id, 'key'))
          self.assertEqual(cert, (cert.id, cert.cert_file, cert.key_file))
++    def test_load_machine(self):
++        tmp = TempDir()
++        pki = peering.PKI(tmp.dir)
++        machine_id = pki.create_key()
++        pki.create_ca(machine_id)
++
++        machine = pki.load_machine(machine_id)
++        self.assertIsInstance(machine, peering.Machine)
++        self.assertEqual(machine.id, machine_id)
++        self.assertEqual(machine.ca_file, pki.path(machine_id, 'ca'))
++        self.assertEqual(machine.key_file, pki.path(machine_id, 'key'))
++        self.assertIsNone(machine.cert_file)
++        self.assertEqual(machine,
++            (machine.id, machine.ca_file, machine.key_file, None)
++        )
++
++        user_id = pki.create_key()
++        pki.create_ca(user_id)
++        pki.create_csr(machine_id)
++        pki.issue_cert(machine_id, user_id)
++        machine = pki.load_machine(machine_id, user_id)
++        self.assertIsInstance(machine, peering.Machine)
++        self.assertEqual(machine.id, machine_id)
++        self.assertEqual(machine.ca_file, pki.path(machine_id, 'ca'))
++        self.assertEqual(machine.key_file, pki.path(machine_id, 'key'))
++        self.assertEqual(machine.cert_file, pki.path(machine_id, 'cert'))
++        self.assertEqual(machine,
++            (machine.id, machine.ca_file, machine.key_file, machine.cert_file)
++        )
++
++    def test_load_user(self):
++        tmp = TempDir()
++        pki = peering.PKI(tmp.dir)
++        user_id = pki.create_key()
++        pki.create_ca(user_id)
++
++        user = pki.load_user(user_id)
++        self.assertIsInstance(user, peering.User)
++        self.assertEqual(user.id, user_id)
++        self.assertEqual(user.ca_file, pki.path(user_id, 'ca'))
++        self.assertEqual(user.key_file, pki.path(user_id, 'key'))
++        self.assertEqual(user, (user.id, user.ca_file, user.key_file))
++
++        os.remove(pki.path(user_id, 'key'))
++        user = pki.load_user(user_id)
++        self.assertIsInstance(user, peering.User)
++        self.assertEqual(user.id, user_id)
++        self.assertEqual(user.ca_file, pki.path(user_id, 'ca'))
++        self.assertIsNone(user.key_file)
++        self.assertEqual(user, (user.id, user.ca_file, None))
++
  class TestTempPKI(TestCase):
      def test_init(self):
 === modified file 'dmedia/tests/test_server.py'
 --- dmedia/tests/test_server.py	2012-10-04 21:58:54 +0000
 +++ dmedia/tests/test_server.py	2012-10-16 12:35:25 +0000
@@ -1,4 +1,4 @@
--# dmedia: dmedia hashing protocol and file layout
++# dmedia: distributed media library
  # Copyright (C) 2011 Novacut Inc
+ #
  # This file is part of `dmedia`.
@@ -27,15 +27,21 @@
  import multiprocessing
  import time
  from copy import deepcopy
++import os
++import socket
++from base64 import b64encode, b64decode
++from queue import Queue
  from usercouch.misc import TempCouch
  from filestore import DIGEST_B32LEN, DIGEST_BYTES
  import microfiber
--from microfiber import random_id
++from microfiber import random_id, dumps
++from .base import TempDir
  import dmedia
--from dmedia.peering import TempPKI
--from dmedia import server, client
++from dmedia.httpd import make_server, WSGIError, Input
++from dmedia.peering import encode, decode
++from dmedia import server, client, peering
  def random_dbname():
@@ -47,180 +53,41 @@
          self.__called = False
      def __call__(self, status, headers):
--        assert not self.__callled
++        assert self.__called is False
          self.__called = True
          self.status = status
          self.headers = headers
  class TestFunctions(TestCase):
--    def test_get_slice(self):
--        # Test all the valid types of requests:
--        _id = random_id(DIGEST_BYTES)
--        self.assertEqual(
--            server.get_slice({'PATH_INFO': '/{}'.format(_id)}),
--            (_id, 0, None)
--        )
--
--        _id = random_id(DIGEST_BYTES)
--        self.assertEqual(
--            server.get_slice({'PATH_INFO': '/{}/0'.format(_id)}),
--            (_id, 0, None)
--        )
--
--        _id = random_id(DIGEST_BYTES)
--        self.assertEqual(
--            server.get_slice({'PATH_INFO': '/{}/17'.format(_id)}),
--            (_id, 17, None)
--        )
--
--        _id = random_id(DIGEST_BYTES)
--        self.assertEqual(
--            server.get_slice({'PATH_INFO': '/{}/17/21'.format(_id)}),
--            (_id, 17, 21)
--        )
--
--        _id = random_id(DIGEST_BYTES)
--        self.assertEqual(
--            server.get_slice({'PATH_INFO': '/{}/0/1'.format(_id)}),
--            (_id, 0, 1)
--        )
--
--        # Too many slashes
--        with self.assertRaises(server.BadRequest) as cm:
--            server.get_slice({'PATH_INFO': '/file-id/start/stop/other'})
--        self.assertEqual(cm.exception.body, b'too many slashes in request path')
--
--        with self.assertRaises(server.BadRequest) as cm:
--            server.get_slice({'PATH_INFO': 'file-id/start/stop/'})
--        self.assertEqual(cm.exception.body, b'too many slashes in request path')
--
--        with self.assertRaises(server.BadRequest) as cm:
--            server.get_slice({'PATH_INFO': '/file-id///'})
--        self.assertEqual(cm.exception.body, b'too many slashes in request path')
--
--        # Bad ID
--        attack = 'CCCCCCCCCCCCCCCCCCCCCCCCCCC\..\..\..\.ssh\id_rsa'
--        self.assertEqual(len(attack), DIGEST_B32LEN)
--        with self.assertRaises(server.BadRequest) as cm:
--            server.get_slice({'PATH_INFO': attack})
--        self.assertEqual(cm.exception.body, b'badly formed dmedia ID')
--
--        short = random_id(DIGEST_BYTES - 5)
--        with self.assertRaises(server.BadRequest) as cm:
--            server.get_slice({'PATH_INFO': short})
--        self.assertEqual(cm.exception.body, b'badly formed dmedia ID')
--
--        long = random_id(DIGEST_BYTES + 5)
--        with self.assertRaises(server.BadRequest) as cm:
--            server.get_slice({'PATH_INFO': long})
--        self.assertEqual(cm.exception.body, b'badly formed dmedia ID')
--
--        lower = random_id(DIGEST_BYTES).lower()
--        with self.assertRaises(server.BadRequest) as cm:
--            server.get_slice({'PATH_INFO': lower})
--        self.assertEqual(cm.exception.body, b'badly formed dmedia ID')
--
--        # start not integer
--        bad = '/{}/17.9'.format(random_id(DIGEST_BYTES))
--        with self.assertRaises(server.BadRequest) as cm:
--            server.get_slice({'PATH_INFO': bad})
--        self.assertEqual(cm.exception.body, b'start is not a valid integer')
--
--        bad = '/{}/00ff'.format(random_id(DIGEST_BYTES))
--        with self.assertRaises(server.BadRequest) as cm:
--            server.get_slice({'PATH_INFO': bad})
--        self.assertEqual(cm.exception.body, b'start is not a valid integer')
--
--        bad = '/{}/foo'.format(random_id(DIGEST_BYTES))
--        with self.assertRaises(server.BadRequest) as cm:
--            server.get_slice({'PATH_INFO': bad})
--        self.assertEqual(cm.exception.body, b'start is not a valid integer')
--
--        bad = '/{}/17.9/333'.format(random_id(DIGEST_BYTES))
--        with self.assertRaises(server.BadRequest) as cm:
--            server.get_slice({'PATH_INFO': bad})
--        self.assertEqual(cm.exception.body, b'start is not a valid integer')
--
--        bad = '/{}/00ff/333'.format(random_id(DIGEST_BYTES))
--        with self.assertRaises(server.BadRequest) as cm:
--            server.get_slice({'PATH_INFO': bad})
--        self.assertEqual(cm.exception.body, b'start is not a valid integer')
--
--        bad = '/{}/foo/333'.format(random_id(DIGEST_BYTES))
--        with self.assertRaises(server.BadRequest) as cm:
--            server.get_slice({'PATH_INFO': bad})
--        self.assertEqual(cm.exception.body, b'start is not a valid integer')
--
--        # stop not integer
--        bad = '/{}/18/21.2'.format(random_id(DIGEST_BYTES))
--        with self.assertRaises(server.BadRequest) as cm:
--            server.get_slice({'PATH_INFO': bad})
--        self.assertEqual(cm.exception.body, b'stop is not a valid integer')
--
--        bad = '/{}/18/00ff'.format(random_id(DIGEST_BYTES))
--        with self.assertRaises(server.BadRequest) as cm:
--            server.get_slice({'PATH_INFO': bad})
--        self.assertEqual(cm.exception.body, b'stop is not a valid integer')
--
--        bad = '/{}/18/foo'.format(random_id(DIGEST_BYTES))
--        with self.assertRaises(server.BadRequest) as cm:
--            server.get_slice({'PATH_INFO': bad})
--        self.assertEqual(cm.exception.body, b'stop is not a valid integer')
--
--        # start < 0
--        bad = '/{}/-1'.format(random_id(DIGEST_BYTES))
--        with self.assertRaises(server.BadRequest) as cm:
--            server.get_slice({'PATH_INFO': bad})
--        self.assertEqual(cm.exception.body, b'start cannot be less than zero')
--
--        bad = '/{}/-1/18'.format(random_id(DIGEST_BYTES))
--        with self.assertRaises(server.BadRequest) as cm:
--            server.get_slice({'PATH_INFO': bad})
--        self.assertEqual(cm.exception.body, b'start cannot be less than zero')
--
--        # start >= stop
--        bad = '/{}/18/17'.format(random_id(DIGEST_BYTES))
--        with self.assertRaises(server.BadRequest) as cm:
--            server.get_slice({'PATH_INFO': bad})
--        self.assertEqual(cm.exception.body, b'start must be less than stop')
--
--        bad = '/{}/17/17'.format(random_id(DIGEST_BYTES))
--        with self.assertRaises(server.BadRequest) as cm:
--            server.get_slice({'PATH_INFO': bad})
--        self.assertEqual(cm.exception.body, b'start must be less than stop')
--
      def test_range_to_slice(self):
--        with self.assertRaises(server.BadRangeRequest) as cm:
++        with self.assertRaises(WSGIError) as cm:
              (start, stop) = server.range_to_slice('goats=0-500')
--        self.assertEqual(cm.exception.body, b'bad range units')
++        self.assertEqual(cm.exception.status, '400 Bad Range Units')
--        with self.assertRaises(server.BadRangeRequest) as cm:
++        with self.assertRaises(WSGIError) as cm:
              (start, stop) = server.range_to_slice('bytes=-500-999')
--        self.assertEqual(cm.exception.body, b'range -start is not an integer')
++        self.assertEqual(cm.exception.status, '400 Bad Range Negative Start')
--        with self.assertRaises(server.BadRangeRequest) as cm:
++        with self.assertRaises(WSGIError) as cm:
              (start, stop) = server.range_to_slice('bytes=-foo')
--        self.assertEqual(cm.exception.body, b'range -start is not an integer')
++        self.assertEqual(cm.exception.status, '400 Bad Range Negative Start')
--        with self.assertRaises(server.BadRangeRequest) as cm:
++        with self.assertRaises(WSGIError) as cm:
              (start, stop) = server.range_to_slice('bytes=500')
--        self.assertEqual(cm.exception.body, b'not formatted as bytes=start-end')
++        self.assertEqual(cm.exception.status, '400 Bad Range Format')
--        with self.assertRaises(server.BadRangeRequest) as cm:
++        with self.assertRaises(WSGIError) as cm:
              (start, stop) = server.range_to_slice('bytes=foo-999')
--        self.assertEqual(cm.exception.body, b'range start is not an integer')
++        self.assertEqual(cm.exception.status, '400 Bad Range Start')
--        with self.assertRaises(server.BadRangeRequest) as cm:
++        with self.assertRaises(WSGIError) as cm:
              (start, stop) = server.range_to_slice('bytes=500-bar')
--        self.assertEqual(cm.exception.body, b'range end is not an integer')
++        self.assertEqual(cm.exception.status, '400 Bad Range End')
--        with self.assertRaises(server.BadRangeRequest) as cm:
++        with self.assertRaises(WSGIError) as cm:
              (start, stop) = server.range_to_slice('bytes=500-499')
--        self.assertEqual(
--            cm.exception.body,
--            b'range end must be less than or equal to start'
--        )
++        self.assertEqual(cm.exception.status, '400 Bad Range')
          self.assertEqual(
              server.range_to_slice('bytes=0-0'), (0, 1)
@@ -257,31 +124,370 @@
+             )
--class TestBaseWSGI(TestCase):
--    def test_metaclass(self):
--        self.assertEqual(server.BaseWSGI.http_methods, frozenset())
--
--        class Example(server.BaseWSGI):
--            def PUT(self, environ, start_response):
--                pass
--
--            def POST(self, environ, start_response):
--                pass
--
--            def GET(self, environ, start_response):
--                pass
--
--            def DELETE(self, environ, start_response):
--                pass
--
--            def HEAD(self, environ, start_response):
--                pass
--
--        self.assertEqual(
--            Example.http_methods,
--            frozenset(['PUT', 'POST', 'GET', 'DELETE', 'HEAD'])
--        )
--
++class TestRootApp(TestCase):
++    def test_init(self):
++        user_id = random_id(30)
++        machine_id = random_id(30)
++        password = random_id()
++        env = {
++            'user_id': user_id,
++            'machine_id': machine_id,
++            'basic': {'username': 'admin', 'password': password},
++            'url': microfiber.HTTP_IPv4_URL,
++        }
++        app = server.RootApp(env)
++        self.assertIs(app.user_id, user_id)
++        self.assertEqual(
++            app.info,
++            microfiber.dumps(
++                {
++                    'user_id': user_id,
++                    'machine_id': machine_id,
++                    'version': dmedia.__version__,
++                    'user': os.environ.get('USER'),
++                    'host': socket.gethostname(),
++                }
++            ).encode('utf-8')
++        )
++        self.assertEqual(app.info_length, str(int(len(app.info))))
++        self.assertIsInstance(app.proxy, server.ProxyApp)
++        self.assertIsInstance(app.files, server.FilesApp)
++        self.assertEqual(app.map,
++            {
++                '': app.get_info,
++                'couch': app.proxy,
++                'files': app.files,
++            }
++        )
++
++    def test_call(self):
++        user_id = random_id(30)
++        machine_id = random_id(30)
++        password = random_id()
++        env = {
++            'user_id': user_id,
++            'machine_id': machine_id,
++            'basic': {'username': 'admin', 'password': password},
++            'url': microfiber.HTTP_IPv4_URL,
++        }
++        app = server.RootApp(env)
++
++        # SSL_CLIENT_VERIFY
++        with self.assertRaises(WSGIError) as cm:
++            app({}, None)
++        self.assertEqual(cm.exception.status, '403 Forbidden SSL')
++        with self.assertRaises(WSGIError) as cm:
++            app({'SSL_CLIENT_VERIFY': 'NOPE'}, None)
++        self.assertEqual(cm.exception.status, '403 Forbidden SSL')
++
++        # SSL_CLIENT_I_DN_CN
++        environ = {
++            'SSL_CLIENT_VERIFY': 'SUCCESS',
++        }
++        with self.assertRaises(WSGIError) as cm:
++            app(environ, None)
++        self.assertEqual(cm.exception.status, '403 Forbidden Issuer')
++        environ = {
++            'SSL_CLIENT_VERIFY': 'SUCCESS',
++            'SSL_CLIENT_I_DN_CN': random_id(30),
++        }
++        with self.assertRaises(WSGIError) as cm:
++            app(environ, None)
++        self.assertEqual(cm.exception.status, '403 Forbidden Issuer')
++
++        # PATH_INFO
++        environ = {
++            'SSL_CLIENT_VERIFY': 'SUCCESS',
++            'SSL_CLIENT_I_DN_CN': user_id,
++            'PATH_INFO': '/foo',
++        }
++        with self.assertRaises(WSGIError) as cm:
++            app(environ, None)
++        self.assertEqual(cm.exception.status, '410 Gone')
++
++        # REQUEST_METHOD
++        environ = {
++            'SSL_CLIENT_VERIFY': 'SUCCESS',
++            'SSL_CLIENT_I_DN_CN': user_id,
++            'PATH_INFO': '/',
++            'REQUEST_METHOD': 'HEAD',
++        }
++        with self.assertRaises(WSGIError) as cm:
++            app(environ, None)
++        self.assertEqual(cm.exception.status, '405 Method Not Allowed')
++        environ = {
++            'SSL_CLIENT_VERIFY': 'SUCCESS',
++            'SSL_CLIENT_I_DN_CN': user_id,
++            'PATH_INFO': '/files/' + random_id(30),
++            'REQUEST_METHOD': 'PUT',
++        }
++        with self.assertRaises(WSGIError) as cm:
++            app(environ, None)
++        self.assertEqual(cm.exception.status, '405 Method Not Allowed')
++
++        # Test when it's all good
++        environ = {
++            'SSL_CLIENT_VERIFY': 'SUCCESS',
++            'SSL_CLIENT_I_DN_CN': user_id,
++            'PATH_INFO': '/',
++            'REQUEST_METHOD': 'GET',
++        }
++        sr = StartResponse()
++        ret = app(environ, sr)
++        self.assertEqual(ret, [app.info])
++        self.assertEqual(sr.status, '200 OK')
++        self.assertEqual(sr.headers,
++            [
++                ('Content-Length', app.info_length),
++                ('Content-Type', 'application/json'),
++            ]
++        )
++
++
++class TestProxyApp(TestCase):
++    def test_init(self):
++        password = random_id()
++        env = {
++            'basic': {'username': 'admin', 'password': password},
++            'url': microfiber.HTTP_IPv4_URL,
++        }
++        app = server.ProxyApp(deepcopy(env))
++        self.assertIsInstance(app.client, microfiber.CouchBase)
++        self.assertEqual(app.client.env, env)
++        self.assertEqual(app.target_host, '127.0.0.1:5984')
++        self.assertEqual(app.basic_auth,
++            microfiber.basic_auth_header(env['basic'])
++        )
++
++    def test_call(self):
++        password = random_id()
++        env = {
++            'basic': {'username': 'admin', 'password': password},
++            'url': microfiber.HTTP_IPv4_URL,
++        }
++        app = server.ProxyApp(env)
++
++        # PATH_INFO
++        environ = {
++            'REQUEST_METHOD': 'GET',
++            'PATH_INFO': '/_config/foo',
++            'wsgi.input': Input(None, {'REQUEST_METHOD': 'GET'}),
++        }
++        with self.assertRaises(WSGIError) as cm:
++            app(environ, None)
++        self.assertEqual(cm.exception.status, '403 Forbidden')
++
++
++class TestInfoApp(TestCase):
++    def test_init(self):
++        _id = random_id(30)
++        app = server.InfoApp(_id)
++        self.assertIs(app.id, _id)
++        self.assertEqual(
++            app.info,
++            microfiber.dumps(
++                {
++                    'id': _id,
++                    'version': dmedia.__version__,
++                    'user': os.environ.get('USER'),
++                    'host': socket.gethostname(),
++                }
++            ).encode('utf-8')
++        )
++        self.assertEqual(app.info_length, str(int(len(app.info))))
++
++    def test_call(self):
++        app = server.InfoApp(random_id(30))
++
++        # wsgi.multithread
++        with self.assertRaises(WSGIError) as cm:
++            app({'wsgi.multithread': True}, None)
++        self.assertEqual(cm.exception.status, '500 Internal Server Error')
++        with self.assertRaises(WSGIError) as cm:
++            app({'wsgi.multithread': 0}, None)
++        self.assertEqual(cm.exception.status, '500 Internal Server Error')
++
++        # PATH_INFO
++        environ = {
++            'wsgi.multithread': False,
++            'PATH_INFO': '/foo',
++        }
++        with self.assertRaises(WSGIError) as cm:
++            app(environ, None)
++        self.assertEqual(cm.exception.status, '410 Gone')
++
++        # REQUEST_METHOD
++        environ = {
++            'wsgi.multithread': False,
++            'PATH_INFO': '/',
++            'REQUEST_METHOD': 'HEAD',
++        }
++        with self.assertRaises(WSGIError) as cm:
++            app(environ, None)
++        self.assertEqual(cm.exception.status, '405 Method Not Allowed')
++
++        # Test when it's all good
++        environ = {
++            'wsgi.multithread': False,
++            'PATH_INFO': '/',
++            'REQUEST_METHOD': 'GET',
++        }
++        sr = StartResponse()
++        ret = app(environ, sr)
++        self.assertEqual(ret, [app.info])
++        self.assertEqual(sr.status, '200 OK')
++        self.assertEqual(sr.headers,
++            [
++                ('Content-Length', app.info_length),
++                ('Content-Type', 'application/json'),
++            ]
++        )
++
++
++class TestClientApp(TestCase):
++    def test_init(self):
++        id1 = random_id(30)
++        id2 = random_id(30)
++        cr = peering.ChallengeResponse(id1, id2)
++        q = Queue()
++        app = server.ClientApp(cr, q)
++        self.assertIs(app.cr, cr)
++        self.assertIs(app.queue, q)
++        self.assertEqual(app.map,
++            {
++                '/challenge': app.get_challenge,
++                '/response': app.post_response,
++            }
++        )
++
++    def test_call(self):
++        _id = random_id(30)
++        peer_id = random_id(30)
++        cr = peering.ChallengeResponse(_id, peer_id)
++        app = server.ClientApp(cr, Queue())
++
++        # wsgi.multithread
++        with self.assertRaises(WSGIError) as cm:
++            app({'wsgi.multithread': True}, None)
++        self.assertEqual(cm.exception.status, '500 Internal Server Error')
++        with self.assertRaises(WSGIError) as cm:
++            app({'wsgi.multithread': 0}, None)
++        self.assertEqual(cm.exception.status, '500 Internal Server Error')
++
++        # SSL_CLIENT_VERIFY
++        with self.assertRaises(WSGIError) as cm:
++            app({'wsgi.multithread': False}, None)
++        self.assertEqual(cm.exception.status, '403 Forbidden SSL')
++        environ = {
++            'wsgi.multithread': False,
++            'SSL_CLIENT_VERIFY': 'NOPE',
++        }
++        with self.assertRaises(WSGIError) as cm:
++            app(environ, None)
++        self.assertEqual(cm.exception.status, '403 Forbidden SSL')
++
++        # SSL_CLIENT_S_DN_CN
++        environ = {
++            'wsgi.multithread': False,
++            'SSL_CLIENT_VERIFY': 'SUCCESS',
++        }
++        with self.assertRaises(WSGIError) as cm:
++            app(environ, None)
++        self.assertEqual(cm.exception.status, '403 Forbidden Subject')
++        environ = {
++            'wsgi.multithread': False,
++            'SSL_CLIENT_VERIFY': 'SUCCESS',
++            'SSL_CLIENT_S_DN_CN': random_id(30),
++        }
++        with self.assertRaises(WSGIError) as cm:
++            app(environ, None)
++        self.assertEqual(cm.exception.status, '403 Forbidden Subject')
++
++        # SSL_CLIENT_I_DN_CN
++        environ = {
++            'wsgi.multithread': False,
++            'SSL_CLIENT_VERIFY': 'SUCCESS',
++            'SSL_CLIENT_S_DN_CN': peer_id,
++        }
++        with self.assertRaises(WSGIError) as cm:
++            app(environ, None)
++        self.assertEqual(cm.exception.status, '403 Forbidden Issuer')
++        environ = {
++            'wsgi.multithread': False,
++            'SSL_CLIENT_VERIFY': 'SUCCESS',
++            'SSL_CLIENT_S_DN_CN': peer_id,
++            'SSL_CLIENT_I_DN_CN': random_id(30),
++        }
++        with self.assertRaises(WSGIError) as cm:
++            app(environ, None)
++        self.assertEqual(cm.exception.status, '403 Forbidden Issuer')
++
++        # PATH_INFO
++        environ = {
++            'wsgi.multithread': False,
++            'SSL_CLIENT_VERIFY': 'SUCCESS',
++            'SSL_CLIENT_S_DN_CN': peer_id,
++            'SSL_CLIENT_I_DN_CN': peer_id,
++            'PATH_INFO': '/',
++        }
++        with self.assertRaises(WSGIError) as cm:
++            app(environ, None)
++        self.assertEqual(cm.exception.status, '410 Gone')
++
++        # state
++        environ = {
++            'wsgi.multithread': False,
++            'SSL_CLIENT_VERIFY': 'SUCCESS',
++            'SSL_CLIENT_S_DN_CN': peer_id,
++            'SSL_CLIENT_I_DN_CN': peer_id,
++            'PATH_INFO': '/challenge',
++        }
++        with self.assertRaises(WSGIError) as cm:
++            app(environ, None)
++        self.assertEqual(cm.exception.status, '400 Bad Request Order')
++
++        # REQUEST_METHOD
++        app.state = 'ready'
++        environ = {
++            'wsgi.multithread': False,
++            'SSL_CLIENT_VERIFY': 'SUCCESS',
++            'SSL_CLIENT_S_DN_CN': peer_id,
++            'SSL_CLIENT_I_DN_CN': peer_id,
++            'PATH_INFO': '/challenge',
++            'REQUEST_METHOD': 'POST',
++        }
++        with self.assertRaises(WSGIError) as cm:
++            app(environ, None)
++        self.assertEqual(cm.exception.status, '405 Method Not Allowed')
++        self.assertEqual(app.state, 'gave_challenge')
++
++        # Test when it's all good
++        app.state = 'ready'
++        environ = {
++            'wsgi.multithread': False,
++            'SSL_CLIENT_VERIFY': 'SUCCESS',
++            'SSL_CLIENT_S_DN_CN': peer_id,
++            'SSL_CLIENT_I_DN_CN': peer_id,
++            'PATH_INFO': '/challenge',
++            'REQUEST_METHOD': 'GET',
++        }
++        sr = StartResponse()
++        ret = app(environ, sr)
++        data = dumps({'challenge': encode(cr.challenge)}).encode('utf-8')
++        self.assertEqual(ret, [data])
++        self.assertEqual(sr.status, '200 OK')
++        self.assertEqual(sr.headers,
++            [
++                ('Content-Length', str(len(data))),
++                ('Content-Type', 'application/json'),
++            ]
++        )
++        self.assertEqual(app.state, 'gave_challenge')
++
++
++
++####################################
++# Live test cases using Dmedia HTTPD
  class TempHTTPD:
      def __init__(self, couch_env, ssl_config):
@@ -306,14 +512,15 @@
          self.process.join()
--class TestRootApp(TestCase):
++class TestRootAppLive(TestCase):
      def test_call(self):
          couch = TempCouch()
          couch_env = couch.bootstrap()
--        couch_env['user_id'] = random_id()
++        couch_env['user_id'] = random_id(30)
++        couch_env['machine_id'] = random_id(30)
          # Test when client PKI isn't configured
--        pki = TempPKI()
++        pki = peering.TempPKI()
          httpd = TempHTTPD(couch_env, pki.get_server_config())
          env = deepcopy(httpd.env)
          env['ssl'] = pki.get_client_config()
@@ -323,7 +530,7 @@
          self.assertEqual(cm.exception.response.reason, 'Forbidden SSL')
          # Test when cert issuer is wrong
--        pki = TempPKI(True)
++        pki = peering.TempPKI(True)
          httpd = TempHTTPD(couch_env, pki.get_server_config())
          env = deepcopy(httpd.env)
          env['ssl'] = pki.get_client_config()
@@ -333,14 +540,21 @@
          self.assertEqual(cm.exception.response.reason, 'Forbidden Issuer')
          # Test when SSL config is correct, then test other aspects
--        pki = TempPKI(True)
++        pki = peering.TempPKI(True)
          couch_env['user_id'] = pki.client_ca.id
++        couch_env['machine_id'] = pki.server.id
          httpd = TempHTTPD(couch_env, pki.get_server_config())
          env = deepcopy(httpd.env)
          env['ssl'] = pki.get_client_config()
          client = microfiber.CouchBase(env)
          self.assertEqual(client.get(),
--            {'Dmedia': 'welcome', 'version': dmedia.__version__}
++            {
++                'user_id': pki.client_ca.id,
++                'machine_id': pki.server.id,
++                'version': dmedia.__version__,
++                'user': os.environ.get('USER'),
++                'host': socket.gethostname(),
++            }
+         )
          self.assertEqual(client.get('couch')['couchdb'], 'Welcome')
@@ -357,7 +571,7 @@
          """
          Test push replication Couch1 => HTTPD => Couch2.
          """
--        pki = TempPKI(True)
++        pki = peering.TempPKI(True)
          config = {'replicator': pki.get_client_config()}
          couch1 = TempCouch()
          couch2 = TempCouch()
@@ -369,6 +583,7 @@
          # couch2 needs env['user_id']
          env2 = couch2.bootstrap('basic', None)
          env2['user_id'] = pki.client_ca.id
++        env2['machine_id'] = pki.server.id
          s2 = microfiber.Server(env2)
          # httpd is the SSL frontend for couch2
@@ -392,3 +607,157 @@
          for doc in docs:
              self.assertEqual(s2.get(name2, doc['_id']), doc)
++
++class TestServerAppLive(TestCase):
++    def test_live(self):
++        tmp = TempDir()
++        pki = peering.PKI(tmp.dir)
++        local_id = pki.create_key()
++        pki.create_ca(local_id)
++        remote_id = pki.create_key()
++        pki.create_ca(remote_id)
++        server_config = {
++            'cert_file': pki.path(local_id, 'ca'),
++            'key_file': pki.path(local_id, 'key'),
++            'ca_file': pki.path(remote_id, 'ca'),
++        }
++        client_config = {
++            'check_hostname': False,
++            'ca_file': pki.path(local_id, 'ca'),
++            'cert_file': pki.path(remote_id, 'ca'),
++            'key_file': pki.path(remote_id, 'key'),
++        }
++        local = peering.ChallengeResponse(local_id, remote_id)
++        remote = peering.ChallengeResponse(remote_id, local_id)
++        q = Queue()
++        app = server.ServerApp(local, q, None)
++        httpd = make_server(app, '127.0.0.1', server_config)
++        client = microfiber.CouchBase(
++            {'url': httpd.url, 'ssl': client_config}
++        )
++        httpd.start()
++        secret = local.get_secret()
++        remote.set_secret(secret)
++
++        self.assertIsNone(app.state)
++        with self.assertRaises(microfiber.BadRequest) as cm:
++            client.get('')
++        self.assertEqual(
++            str(cm.exception),
++            '400 Bad Request State: GET /'
++        )
++        app.state = 'info'
++        self.assertEqual(client.get(),
++            {
++                'id': local_id,
++                'user': os.environ.get('USER'),
++                'host': socket.gethostname(),
++            }
++        )
++        self.assertEqual(app.state, 'ready')
++        with self.assertRaises(microfiber.BadRequest) as cm:
++            client.get('')
++        self.assertEqual(
++            str(cm.exception),
++            '400 Bad Request State: GET /'
++        )
++        self.assertEqual(app.state, 'ready')
++
++        app.state = 'info'
++        with self.assertRaises(microfiber.BadRequest) as cm:
++            client.get('challenge')
++        self.assertEqual(
++            str(cm.exception),
++            '400 Bad Request Order: GET /challenge'
++        )
++        with self.assertRaises(microfiber.BadRequest) as cm:
++            client.post({'hello': 'world'}, 'response')
++        self.assertEqual(
++            str(cm.exception),
++            '400 Bad Request Order: POST /response'
++        )
++
++        app.state = 'ready'
++        self.assertEqual(app.state, 'ready')
++        obj = client.get('challenge')
++        self.assertEqual(app.state, 'gave_challenge')
++        self.assertIsInstance(obj, dict)
++        self.assertEqual(set(obj), set(['challenge']))
++        self.assertEqual(local.challenge, decode(obj['challenge']))
++        with self.assertRaises(microfiber.BadRequest) as cm:
++            client.get('challenge')
++        self.assertEqual(
++            str(cm.exception),
++            '400 Bad Request Order: GET /challenge'
++        )
++        self.assertEqual(app.state, 'gave_challenge')
++
++        (nonce, response) = remote.create_response(obj['challenge'])
++        obj = {'nonce': nonce, 'response': response}
++        self.assertEqual(client.post(obj, 'response'), {'ok': True})
++        self.assertEqual(app.state, 'response_ok')
++        with self.assertRaises(microfiber.BadRequest) as cm:
++            client.post(obj, 'response')
++        self.assertEqual(
++            str(cm.exception),
++            '400 Bad Request Order: POST /response'
++        )
++        self.assertEqual(app.state, 'response_ok')
++        self.assertEqual(q.get(), 'response_ok')
++
++        # Test when an error occurs in put_response()
++        app.state = 'gave_challenge'
++        with self.assertRaises(microfiber.ServerError) as cm:
++            client.post(b'bad json', 'response')
++        self.assertEqual(app.state, 'in_response')
++
++        # Test with wrong secret
++        app.state = 'ready'
++        secret = local.get_secret()
++        remote.get_secret()
++        challenge = client.get('challenge')['challenge']
++        self.assertEqual(app.state, 'gave_challenge')
++        (nonce, response) = remote.create_response(challenge)
++        with self.assertRaises(microfiber.Unauthorized) as cm:
++            client.post({'nonce': nonce, 'response': response}, 'response')
++        self.assertEqual(app.state, 'wrong_response')
++        self.assertFalse(hasattr(local, 'secret'))
++        self.assertFalse(hasattr(local, 'challenge'))
++
++        # Verify that you can't retry
++        remote.set_secret(secret)
++        (nonce, response) = remote.create_response(challenge)
++        with self.assertRaises(microfiber.BadRequest) as cm:
++            client.post({'nonce': nonce, 'response': response}, 'response')
++        self.assertEqual(
++            str(cm.exception),
++            '400 Bad Request Order: POST /response'
++        )
++        self.assertEqual(app.state, 'wrong_response')
++        self.assertEqual(q.get(), 'wrong_response')
++
++        # Test POST /csr
++        secret = local.get_secret()
++        remote.set_secret(secret)
++        app.state = 'response_ok'
++        with self.assertRaises(microfiber.BadRequest) as cm:
++            client.post({}, 'csr')
++        self.assertEqual(
++            str(cm.exception),
++            '400 Bad Request Order: POST /csr'
++        )
++        self.assertEqual(app.state, 'response_ok')
++
++        app.state = 'counter_response_ok'
++        secret = local.get_secret()
++        remote.set_secret(secret)
++        pki.create_csr(remote_id)
++        csr_data = pki.read_csr(remote_id)
++        obj = {
++            'csr': b64encode(csr_data).decode('utf-8'),
++            'mac': local.csr_mac(csr_data),
++        }
++        # FIXME: Why isn't this working?
++        #r = client.post(obj, 'csr')
++
++        httpd.shutdown()
 === modified file 'dmedia/tests/test_startup.py'
 --- dmedia/tests/test_startup.py	2012-10-03 14:42:56 +0000
 +++ dmedia/tests/test_startup.py	2012-10-16 12:35:25 +0000
@@ -68,69 +68,6 @@
          self.assertFalse(path.exists(filename + '.tmp'))
          self.assertEqual(json.load(open(filename, 'r')), config)
--    def test_get_ssl_config(self):
--        tmp = TempDir()
--        pki = PKI(tmp.dir)
--        machine_id = pki.create_key()
--        pki.create_ca(machine_id)
--        pki.create_csr(machine_id)
--        user_id = pki.create_key()
--        pki.create_ca(user_id)
--        pki.issue_cert(machine_id, user_id)
--
--        self.assertIsNone(startup.get_ssl_config(pki))
--
--        pki.machine = pki.get_cert(machine_id)
--        self.assertIsNone(startup.get_ssl_config(pki))
--
--        pki.user = pki.get_ca(user_id)
--        self.assertEqual(
--            startup.get_ssl_config(pki),
--            {
--                'check_hostname': False,
--                'max_depth': 1,
--                'ca_file': pki.path(user_id, 'ca'),
--                'cert_file': pki.path(machine_id, 'cert'),
--                'key_file': pki.path(machine_id, 'key'),
--            }
--        )
--
--    def test_get_bootstrap_config(self):
--        tmp = TempDir()
--        pki = PKI(tmp.dir)
--        machine_id = pki.create_key()
--        pki.create_ca(machine_id)
--        pki.create_csr(machine_id)
--        user_id = pki.create_key()
--        pki.create_ca(user_id)
--        pki.issue_cert(machine_id, user_id)
--
--        self.assertEqual(
--            startup.get_bootstrap_config(pki),
--            {'username': 'admin'},
--        )
--
--        pki.machine = pki.get_cert(machine_id)
--        self.assertEqual(
--            startup.get_bootstrap_config(pki),
--            {'username': 'admin'},
--        )
--
--        pki.user = pki.get_ca(user_id)
--        self.assertEqual(
--            startup.get_bootstrap_config(pki),
--            {
--                'username': 'admin',
--                'replicator': {
--                    'check_hostname': False,
--                    'max_depth': 1,
--                    'ca_file': pki.path(user_id, 'ca'),
--                    'cert_file': pki.path(machine_id, 'cert'),
--                    'key_file': pki.path(machine_id, 'key'),
--                },
--            }
--        )
--
  class TestDmediaCouch(TestCase):
      def test_init(self):
@@ -180,62 +117,105 @@
          tmp = TempDir()
          inst = startup.DmediaCouch(tmp.dir)
          self.assertTrue(inst.isfirstrun())
--        inst.machine = 'foo'
++        inst.user = 'foo'
          self.assertFalse(inst.isfirstrun())
--        inst.machine = None
++        inst.user = None
          self.assertTrue(inst.isfirstrun())
--    def test_firstrun_init(self):
--        class Subclass(startup.DmediaCouch):
--            def __init__(self):
--                pass
--
--            def isfirstrun(self):
--                return False
--
--        inst = Subclass()
--        with self.assertRaises(Exception) as cm:
--            inst.firstrun_init()
--        self.assertEqual(
--            str(cm.exception),
--            'not first run, cannot call firstrun_init()'
--        )
--
--        tmp = TempDir()
--        inst = startup.DmediaCouch(tmp.dir)
--        self.assertIsNone(inst.firstrun_init())
--        self.assertIsInstance(inst.machine, dict)
--        self.assertEqual(inst.machine, inst.load_config('machine'))
--        self.assertIsNone(inst.user)
--        self.assertIsNone(inst.load_config('user'))
--
--        tmp = TempDir()
--        inst = startup.DmediaCouch(tmp.dir)
--        self.assertIsNone(inst.firstrun_init(create_user=True))
--        self.assertIsInstance(inst.machine, dict)
--        self.assertEqual(inst.machine, inst.load_config('machine'))
++    def test_create_machine(self):
++        class Subclass(startup.DmediaCouch):
++            def __init__(self):
++                self.machine = 'foo'
++
++        inst = Subclass()
++        with self.assertRaises(Exception) as cm:
++            inst.create_machine()
++        self.assertEqual(str(cm.exception), 'machine already exists')
++
++        tmp = TempDir()
++        inst = startup.DmediaCouch(tmp.dir)
++        machine_id = inst.create_machine()
++        self.assertIsInstance(machine_id, str)
++        self.assertEqual(len(machine_id), 48)
++        self.assertIsInstance(inst.machine, dict)
++        self.assertEqual(inst.machine['_id'], machine_id)
++        self.assertEqual(inst.load_config('machine'), inst.machine)
++
++        with self.assertRaises(Exception) as cm:
++            inst.create_machine()
++        self.assertEqual(str(cm.exception), 'machine already exists')
++
++    def test_create_user(self):
++        class Subclass(startup.DmediaCouch):
++            def __init__(self):
++                self.machine = 'foo'
++                self.user = 'bar'
++
++        inst = Subclass()
++        with self.assertRaises(Exception) as cm:
++            inst.create_user()
++        self.assertEqual(str(cm.exception), 'user already exists')
++
++        tmp = TempDir()
++        inst = startup.DmediaCouch(tmp.dir)
++        with self.assertRaises(Exception) as cm:
++            inst.create_user()
++        self.assertEqual(str(cm.exception), 'must create machine first')
++        machine_id = inst.create_machine()
++        user_id = inst.create_user()
++        self.assertNotEqual(machine_id, user_id)
++        self.assertIsInstance(user_id, str)
++        self.assertEqual(len(user_id), 48)
          self.assertIsInstance(inst.user, dict)
--        self.assertEqual(inst.user, inst.load_config('user'))
++        self.assertEqual(inst.user['_id'], user_id)
++        self.assertEqual(inst.load_config('user'), inst.user)
++
++        with self.assertRaises(Exception) as cm:
++            inst.create_user()
++        self.assertEqual(str(cm.exception), 'user already exists')
++
++    def test_get_ssl_config(self):
++        tmp = TempDir()
++        inst = startup.DmediaCouch(tmp.dir)
++        machine_id = inst.create_machine()
++        user_id = inst.create_user()
++        inst.load_pki()
++        self.assertEqual(
++            inst.get_ssl_config(),
++            {
++                'check_hostname': False,
++                'max_depth': 1,
++                'ca_file': inst.pki.path(user_id, 'ca'),
++                'cert_file': inst.pki.path(machine_id, 'cert'),
++                'key_file': inst.pki.path(machine_id, 'key'),
++            }
++        )
++
++    def test_get_bootstrap_config(self):
++        tmp = TempDir()
++        inst = startup.DmediaCouch(tmp.dir)
++        machine_id = inst.create_machine()
++        user_id = inst.create_user()
++        inst.load_pki()
++        self.assertEqual(
++            inst.get_bootstrap_config(),
++            {
++                'username': 'admin',
++                'replicator': {
++                    'check_hostname': False,
++                    'max_depth': 1,
++                    'ca_file': inst.pki.path(user_id, 'ca'),
++                    'cert_file': inst.pki.path(machine_id, 'cert'),
++                    'key_file': inst.pki.path(machine_id, 'key'),
++                },
++            }
++        )
      def test_auto_bootstrap(self):
          tmp = TempDir()
          inst = startup.DmediaCouch(tmp.dir)
--        env = inst.auto_bootstrap()
--        s = Server(env)
--        self.assertEqual(s.get()['couchdb'], 'Welcome')
--        self.assertIsNone(inst.get_ssl_config())
--
--        tmp = TempDir()
--        inst = startup.DmediaCouch(tmp.dir)
--        inst.firstrun_init(create_user=False)
--        env = inst.auto_bootstrap()
--        s = Server(env)
--        self.assertEqual(s.get()['couchdb'], 'Welcome')
--        self.assertIsNone(inst.get_ssl_config())
--
--        tmp = TempDir()
--        inst = startup.DmediaCouch(tmp.dir)
--        inst.firstrun_init(create_user=True)
++        inst.create_machine()
++        inst.create_user()
          env = inst.auto_bootstrap()
          s = Server(env)
          self.assertEqual(s.get()['couchdb'], 'Welcome')
@@ -249,3 +229,4 @@
                  'key_file': inst.pki.machine.key_file,
+             }
+         )
++
 === modified file 'run-browse.py'
 --- run-browse.py	2012-10-09 04:05:45 +0000
 +++ run-browse.py	2012-10-16 12:35:25 +0000
@@ -130,7 +130,8 @@
  class Browse:
      def __init__(self):
          self.couch = DmediaCouch(tempfile.mkdtemp())
--        self.couch.firstrun_init(create_user=True)
++        self.couch.create_machine()
++        self.couch.create_user()

Dmedia

Merge lp:~jderose/dmedia/all-in into lp:dmedia

Commit message

Description of the change

Preview Diff

Subscribers