gistfile1.txt

import asyncio
import os
import ssl
import json
import secrets

import util
from ray.util import get_node_ip_address

async def handle_echo(reader, writer):
    proc = await asyncio.create_subprocess_exec('bash', stdin=reader, stdout=writer, stderr=writer)
    await proc.wait()

async def serve(node_id):
    ip = get_node_ip_address()
    dir = os.path.join(os.getcwd(), '.ray-delegate')
    cfg = os.path.join(dir, node_id)
    os.makedirs(dir, exist_ok=True)

    sni = secrets.token_hex(16)
    client_tls = util.generate_tls_certificate(sni, sni)
    server_tls = util.generate_tls_certificate(sni, sni)
    client_crt = util.tempwrite(client_tls['crt'])
    server_crt = util.tempwrite(server_tls['crt'])
    server_key = util.tempwrite(server_tls['key'])

    context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
    context.verify_mode = ssl.CERT_REQUIRED
    context.load_cert_chain(certfile=server_crt.name, keyfile=server_key.name)
    context.load_verify_locations(cafile=client_crt.name)

    server = await asyncio.start_server(handle_echo, host='127.0.0.1', port=8888, ssl=context)

    with open(cfg, 'w') as f:
        json.dump({
            'sni': sni, 'ip': ip, 'port': server.socket.getsockname()[1], 
            'server_crt': server_tls['crt'].decode('ascii'),
            'client_crt': client_tls['crt'].decode('ascii'),
            'client_key': client_tls['key'].decode('ascii')
        }, f)

    async with server:
        await server.serve_forever()

if __name__ == '__main__':
    asyncio.run(serve('aaa'))