nvflare.lighter.utils module

class Identity(name: str, org: str | None = None, role: str | None = None)

Bases: object

add_component_to_resources(resources_file: str, component: dict)

Add a component to the resources file, merging with existing components.

Parameters:

• resources_file – The name of the resource file

• component – The component to add

build_subject_alt_names(server_default_host=None, server_additional_hosts=None, fallback_subject_name=None)

cert_to_dict(cert)

generate_cert(subject: Identity, issuer: Identity, signing_pri_key, subject_pub_key, valid_days=360, ca=False, server_default_host=None, server_additional_hosts=None, not_valid_before=None, not_valid_after=None, extra_extensions=None)

generate_keys()

generate_password(passlen=16)

load_crt(path)

load_crt_bytes(data: bytes)

load_private_key(data: str)

load_private_key_file(file_path)

load_yaml(file)

load_yaml_include(root, yaml_data)

make_dirs(dirs)

serialize_cert(cert)

serialize_pri_key(pri_key, passphrase=None)

sh_replace(src, mapping_dict)

sign_all(content_folder, signing_pri_key)

sign_content(content, signing_pri_key, return_str=True)

sign_folders(folder, signing_pri_key, crt_path=None, max_depth=9999, signature_file='.__nvfl_sig.json')

update_participant_server_name(project_config, old_server_name, new_server_name)

update_project_server_name(project_file: str, old_server_name, server_name)

update_project_server_name_config(project_config: dict, old_server_name, server_name) → dict

update_server_default_host(project_config, default_host)

Update the default_host property of the Server in the project config. If a client does not explicitly specify “connect_to”, it will use the default_host to connect to server. This is mainly used for POC, where the default_host is set to localhost.

Parameters:

• project_config – the project config dict

• default_host – value of the default host

Returns: the updated project_config

update_storage_locations(local_dir: str, workspace: str, default_resource_name: str = 'resources.json.default', job_storage_name: str = 'jobs-storage', snapshot_storage_name: str = 'snapshot-storage')

Creates resources.json with snapshot-storage and jobs-storage set as folders directly under the workspace for the provided local_dir.

verify_cert(cert_to_be_verified, root_ca_public_key)

verify_content(content, signature, public_key)

verify_folder_signature(src_folder, root_ca_path, single_signer=False, signature_file='.__nvfl_sig.json')

Verify the signature of each file in one folder recursively.

This function iterates over all files in one folder verifying its signature stored in the signature_file of that folder. The signature is generated either by the NVFLARE_SUBMITTER_CRT_FILE or root_ca_path.

When single_signer is True, signature is generated by root_ca_path, which exists in one place. When single_signer is False, every folder contains NVFLARE_SUBMITTER_CRT_FILE, whose subject generates the signatures. In this case, the certificate chain is also built and verified from NVFLARE_SUBMITTER_CRT_FILE to root CA.

Parameters:

• src_folder (str) – The folder to be verified.

• root_ca_path (str) – the path to root CA file.

• single_signer (bool) – True means all signatures are from root CA. False means from NVFLARE_SUBMITTER_CRT_FILE of each folder. Defaults to False.

• signature_file (str) – The file name to store signature. Defaults to NVFLARE_SIG_FILE.

Returns:

True if all files have valid signatures. False if any file fails signature check.

write(file_full_path, content, mode, exe=False)

x509_name(cn_name, org_name=None, role=None)