Listen host (#2072)

IsaacYangSLA · web-flow · commit bd4468f70532 · 2023-10-13T08:47:41.000-07:00
* Add scheme to provision

* Add support for listen_host
diff --git a/nvflare/lighter/dummy_project.yml b/nvflare/lighter/dummy_project.yml
@@ -12,6 +12,10 @@ participants:
   - name: site-1
     type: client
     org: nvidia
+    # listening_host will enable creating one pair of cert/private key for this client
+    # so it can behave like a server for client api.  The value must be a hostname that
+    # client api can reach via network.
+    # listening_host: site-1-lh
   - name: site-2
     type: client
     org: nvidia
diff --git a/nvflare/lighter/ha_project.yml b/nvflare/lighter/ha_project.yml
@@ -24,6 +24,10 @@ participants:
   - name: site-1
     type: client
     org: nvidia
+    # listening_host will enable creating one pair of cert/private key for this client
+    # so it can behave like a server for client api.  The value must be a hostname that
+    # client api can reach via network.
+    # listening_host: site-1-lh
   - name: site-2
     type: client
     org: nvidia
diff --git a/nvflare/lighter/impl/cert.py b/nvflare/lighter/impl/cert.py
@@ -22,7 +22,7 @@
 from cryptography.hazmat.primitives.asymmetric import rsa
 from cryptography.x509.oid import NameOID
 
-from nvflare.lighter.spec import Builder
+from nvflare.lighter.spec import Builder, Participant
 
 
 def serialize_pri_key(pri_key):
@@ -97,6 +97,14 @@ def _build_write_cert_pair(self, participant, base_name, ctx):
             f.write(serialize_cert(cert))
         with open(os.path.join(dest_dir, f"{base_name}.key"), "wb") as f:
             f.write(serialize_pri_key(pri_key))
+        if base_name == "client" and (listening_host := participant.props.get("listening_host")):
+            tmp_participant = Participant("server", listening_host, participant.org)
+            tmp_pri_key, tmp_cert = self.get_pri_key_cert(tmp_participant)
+            with open(os.path.join(dest_dir, "server.crt"), "wb") as f:
+                f.write(serialize_cert(tmp_cert))
+            with open(os.path.join(dest_dir, "server.key"), "wb") as f:
+                f.write(serialize_pri_key(tmp_pri_key))
+
         pkcs12 = serialization.pkcs12.serialize_key_and_certificates(
             subject.encode("ascii"), pri_key, cert, None, serialization.BestAvailableEncryption(subject.encode("ascii"))
         )
