def test_invalid_key_types(self):
keypair2 = skeygen.GenerateKeyPair(skeygen.KEY_PAIR_TYPE.EC)
user_id2 = b'user_id2'
transport = ssession.SimpleMemoryTransport(
user_id2,
keypair2.export_public_key()
)
keypair1 = skeygen.GenerateKeyPair(skeygen.KEY_PAIR_TYPE.EC)
user_id1 = b'user_id1'
self.assertIsNotNone(
ssession.SSession(user_id1, keypair1.export_private_key(), transport),
msg="EC private key should be accepted"
)
with self.assertRaises(exception.ThemisError, msg="EC public key should be rejected"):
ssession.SSession(user_id1, keypair1.export_public_key(), transport)
keypair1 = skeygen.GenerateKeyPair(skeygen.KEY_PAIR_TYPE.RSA)
with self.assertRaises(exception.ThemisError, msg="RSA key should be rejected, not supported"):
ssession.SSession(user_id1, keypair1.export_private_key(), transport)
with self.assertRaises(exception.ThemisError, msg="RSA public key should be rejected"):
ssession.SSession(user_id1, keypair1.export_public_key(), transport)
with self.assertRaises(exception.ThemisError, msg="non-valid asymm key should be rejected"):
ssession.SSession(user_id1, b'totally not a valid key', transport)
def test_ssession2(self):
keypair1 = skeygen.GenerateKeyPair(skeygen.KEY_PAIR_TYPE.EC)
keypair2 = skeygen.GenerateKeyPair(skeygen.KEY_PAIR_TYPE.EC)
user_id1 = b'user_id1'
user_id2 = b'user_id2'
client_session = ssession.SSession(
user_id1, keypair1.export_private_key(),
ssession.SimpleMemoryTransport(
user_id2, keypair2.export_public_key()))
server_session = ssession.SSession(
user_id2, keypair2.export_private_key(),
ssession.SimpleMemoryTransport(
user_id1, keypair1.export_public_key()))
client_data = client_session.connect_request()
server_data = None
while not (client_session.is_established() and
server_session.is_established()):
if not server_session.is_established():
server_data = server_session.unwrap(client_data)
if not client_session.is_established():
client_data = client_session.unwrap(server_data)
data = b'some test data'
self.assertEqual(data, client_session.unwrap(server_session.wrap(data)))
self.assertEqual(data, server_session.unwrap(client_session.wrap(data)))
def server(self):
server_transport = SendReceiveTransport(q2, q1)
session = ssession.SSession(b"server", self.server_priv,
Transport(self.pub_ids))
while True:
server_transport.send(session.unwrap(server_transport.receive()))
if session.is_established() == 1:
break
self.assertEqual(self.message,
session.unwrap(server_transport.receive()))
server_transport.send(session.wrap(self.message))
def client(self):
client_transport = SendReceiveTransport(q1, q2)
session = ssession.SSession(b"client", self.client_priv,
Transport(self.pub_ids))
control_message = session.connect_request()
while session.is_established() != 1:
client_transport.send(control_message)
control_message = session.unwrap(client_transport.receive())
client_transport.send(session.wrap(self.message))
self.assertEqual(self.message,
session.unwrap(client_transport.receive()))
def __init__(self, user_id, sign_key, transport):
self.session = ssession.SSession(user_id, sign_key, transport)
# 1. establish session
self.session.connect()
while not self.session.is_established():
self.session.receive()
"""
echo server for rabbitMQ
NOTE: due to the fact that ssession has state and it is simple example, server
can handle only one session and then need restart or you can extend example and
handle many sessions per some identifier
"""
import pika
from pythemis import ssession
client_public = b"\x55\x45\x43\x32\x00\x00\x00\x2d\x13\x8b\xdf\x0c\x02\x1f\x09\x88\x39\xd9\x73\x3a\x84\x8f\xa8\x50\xd9\x2b\xed\x3d\x38\xcf\x1d\xd0\xce\xf4\xae\xdb\xcf\xaf\xcb\x6b\xa5\x4a\x08\x11\x21"
server_private = b"\x52\x45\x43\x32\x00\x00\x00\x2d\x49\x87\x04\x6b\x00\xf2\x06\x07\x7d\xc7\x1c\x59\xa1\x8f\x39\xfc\x94\x81\x3f\x9e\xc5\xba\x70\x6f\x93\x08\x8d\xe3\x85\x82\x5b\xf8\x3f\xc6\x9f\x0b\xdf"
session = ssession.SSession(
b"server", server_private,
ssession.SimpleMemoryTransport(b'client', client_public))
connection = pika.BlockingConnection(
pika.ConnectionParameters(host='localhost'))
channel = connection.channel()
channel.queue_declare(queue='ssession_queue_server')
def on_request(ch, method, props, body):
# decrypt accepted message
message = session.unwrap(body)
if message.is_control:
# send unwrapped message to client as is
# limitations under the License.
#
"""
echo client for rabbitMQ
"""
import pika
import uuid
from pythemis import ssession
client_private = b"\x52\x45\x43\x32\x00\x00\x00\x2d\x51\xf4\xaa\x72\x00\x9f\x0f\x09\xce\xbe\x09\x33\xc2\x5e\x9a\x05\x99\x53\x9d\xb2\x32\xa2\x34\x64\x7a\xde\xde\x83\x8f\x65\xa9\x2a\x14\x6d\xaa\x90\x01"
server_public = b"\x55\x45\x43\x32\x00\x00\x00\x2d\x75\x58\x33\xd4\x02\x12\xdf\x1f\xe9\xea\x48\x11\xe1\xf9\x71\x8e\x24\x11\xcb\xfd\xc0\xa3\x6e\xd6\xac\x88\xb6\x44\xc2\x9a\x24\x84\xee\x50\x4c\x3e\xa0"
session = ssession.SSession(
b"client", client_private,
ssession.SimpleMemoryTransport(b'server', server_public))
class SsessionRpcClient(object):
def __init__(self):
self.connection = pika.BlockingConnection(
pika.ConnectionParameters(host='172.17.0.3'))
self.channel = self.connection.channel()
result = self.channel.queue_declare(exclusive=True)
self.callback_queue = result.method.queue
self.channel.basic_consume(self.on_response,
no_ack=True,
queue=self.callback_queue)
def on_response(self, ch, method, props, body):
