The privilege yaml file must be signed and loaded by secure content s… (

NVIDIA#403) * The privilege yaml file must be signed and loaded by secure content service * Fix isort issue Refactor sign
pxLi · Apr 13, 2022 · 205cc18 · 205cc18
1 parent 3d08c1c
commit 205cc18
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 9 deletions.
diff --git a/nvflare/ha/overseer/utils.py b/nvflare/ha/overseer/utils.py
@@ -13,9 +13,11 @@
 # limitations under the License.
 
 import os
+import pathlib
 import uuid
 from datetime import datetime, timedelta
 
+from nvflare.fuel.sec.security_content_service import LoadResult, SecurityContentService
 from nvflare.lighter.utils import load_yaml
 
 OVERSEER_STORE = os.environ.get("OVERSEER_STORE")
@@ -31,10 +33,24 @@
     from .mem_store import get_all_sp, get_primary_sp, get_sp_by, update_sp  # noqa
 
 
+def check_integrity(privilege_file):
+    data, sig = SecurityContentService.load_content(privilege_file)
+    if sig != LoadResult.OK:
+        print("Priviledge file is tampered.  Priviledged API disaled.")
+        data = None
+    return data
+
+
 def load_privilege():
     privilege_file = os.environ.get("AUTHZ_FILE", "privilege.yml")
+    file_path = pathlib.Path(privilege_file)
+    folder = file_path.parent.absolute()
+    file = file_path.name
+    SecurityContentService.initialize(folder)
+    privilege_content = check_integrity(file)
     try:
-        privilege = load_yaml(privilege_file)
+        privilege = load_yaml(privilege_content)
+        print(f"privileged users: {privilege.get('super')}")
     except:
         privilege = dict()
     return privilege

diff --git a/nvflare/lighter/impl/signature.py b/nvflare/lighter/impl/signature.py
@@ -26,15 +26,22 @@ class SignatureBuilder(Builder):
     can be cryptographically verified to ensure any tampering is detected. This builder writes the signature.pkl file.
     """
 
+    def _do_sign(self, root_pri_key, dest_dir):
+        signatures = sign_all(dest_dir, root_pri_key)
+        json.dump(signatures, open(os.path.join(dest_dir, "signature.json"), "wt"))
+
     def build(self, project: Project, ctx: dict):
+        root_pri_key = ctx.get("root_pri_key")
+
+        overseer = project.get_participants_by_type("overseer", first_only=True)
+        dest_dir = self.get_kit_dir(overseer, ctx)
+        self._do_sign(root_pri_key, dest_dir)
+
         servers = project.get_participants_by_type("server", first_only=False)
         for server in servers:
             dest_dir = self.get_kit_dir(server, ctx)
-            root_pri_key = ctx.get("root_pri_key")
-            signatures = sign_all(dest_dir, root_pri_key)
-            json.dump(signatures, open(os.path.join(dest_dir, "signature.json"), "wt"))
+            self._do_sign(root_pri_key, dest_dir)
+
         for p in project.get_participants_by_type("client", first_only=False):
             dest_dir = self.get_kit_dir(p, ctx)
-            root_pri_key = ctx.get("root_pri_key")
-            signatures = sign_all(dest_dir, root_pri_key)
-            json.dump(signatures, open(os.path.join(dest_dir, "signature.json"), "wt"))
+            self._do_sign(root_pri_key, dest_dir)
diff --git a/nvflare/lighter/utils.py b/nvflare/lighter/utils.py
@@ -45,8 +45,13 @@ def sign_all(content_folder, signing_pri_key):
     return signatures
 
 
-def load_yaml(file_name):
-    return yaml.safe_load(open(file_name, "r"))
+def load_yaml(file):
+    if isinstance(file, str):
+        return yaml.safe_load(open(file, "r"))
+    elif isinstance(file, bytes):
+        return yaml.safe_load(file)
+    else:
+        return None
 
 
 def sh_replace(src, mapping_dict):