def Valid(self, raise_signature_invalid=False): """ ``Valid()`` should check every one of packet header fields: 1) that command is one of the legal commands 2) signature is good (which means the hashcode is good) Rest PREPRO: 3) all the number fields are just numbers 4) length is within legal limits 5) check that URL is a good URL 6) that DataOrParity is either "data" or "parity" 7) that Creator is equal to owner or a scrubber for owner 8) etc. """ if not self.Ready(): if _Debug: lg.out(_DebugLevel, "signed.Valid packet is not ready yet " + str(self)) return False if not commands.IsCommand(self.Command): lg.warn("signed.Valid bad Command " + str(self.Command)) return False if not self.SignatureChecksOut( raise_signature_invalid=raise_signature_invalid): if raise_signature_invalid: creator_xml = contactsdb.get_contact_identity(self.CreatorID) if creator_xml: creator_xml = creator_xml.serialize(as_text=True) owner_xml = contactsdb.get_contact_identity(self.OwnerID) if owner_xml: owner_xml = owner_xml.serialize(as_text=True) raise Exception( 'signature is not valid for %r:\n\n%r\n\ncreator:\n\n%r\n\nowner:\n\n%r' % (self, self.Serialize(), creator_xml, owner_xml)) lg.warn("signed.Valid Signature IS NOT VALID!!!") return False return True
def _on_remote_identity_cached(self, xmlsrc): self.caching_deferred = None self.remote_identity = contactsdb.get_contact_identity(self.remote_idurl) if self.remote_identity is None: self.automat('fail', Exception('remote id caching failed')) else: self.automat('user-identity-cached')
def _on_remote_identity_cached(self, xmlsrc): self.remote_identity = contactsdb.get_contact_identity(self.remote_idurl) if self.remote_identity is None: self.automat('failed') else: self.automat('remote-identity-on-hand') return xmlsrc
def _remote_identity_cached(self, xmlsrc): self.caching_deferred = None self.remote_identity = contactsdb.get_contact_identity(self.remote_idurl) if self.remote_identity is None: self.automat("failed") else: self.automat("remote-identity-on-hand")
def _remote_identity_cached(self, xmlsrc): self.caching_deferred = None self.remote_identity = contactsdb.get_contact_identity( self.remote_idurl) if self.remote_identity is None: self.automat('failed') else: self.automat('remote-identity-on-hand')
def SignatureChecksOut(self): """ This check correctness of signature, uses ``crypt.key.Verify``. To verify we need 3 things: - the packet ``Creator`` identity ( it keeps the public key ), - hash of that packet - just call ``GenerateHash()`` to make it, - the signature itself. """ CreatorIdentity = contactsdb.get_contact_identity(self.CreatorID) if CreatorIdentity is None: OwnerIdentity = contactsdb.get_contact_identity(self.OwnerID) if OwnerIdentity is None: lg.out(1, "signed.SignatureChecksOut ERROR could not get Identity for " + self.CreatorID + " so returning False") return False CreatorIdentity = OwnerIdentity Result = key.Verify(CreatorIdentity, self.GenerateHash(), self.Signature) return Result
def Valid(self): """ Validate signature to verify the ``encrypted_block``. """ if not self.Ready(): lg.warn("block is not ready yet " + str(self)) return False hashsrc = self.GenerateHash() ConIdentity = contactsdb.get_contact_identity(my_id.getLocalID()) if ConIdentity is None: lg.warn("could not get Identity so returning False") return False result = key.Verify(ConIdentity, hashsrc, self.Signature) # At block level only work on own stuff return result
def SignatureChecksOut(self, raise_signature_invalid=False): """ This check correctness of signature, uses ``crypt.key.Verify``. To verify we need 3 things: - the packet ``Creator`` identity ( it keeps the public key ), - hash of that packet - just call ``GenerateHash()`` to make it, - the signature itself. """ CreatorIdentity = contactsdb.get_contact_identity(self.CreatorID) if CreatorIdentity is None: # OwnerIdentity = contactsdb.get_contact_identity(self.OwnerID) # if OwnerIdentity is None: # lg.err("could not get Identity for %s so returning False" % self.CreatorID.to_text()) # return False # CreatorIdentity = OwnerIdentity if raise_signature_invalid: raise Exception( 'can not verify signed packet, unknown identity %r' % self.CreatorID) lg.err("could not get Identity for %r so returning False" % self.CreatorID) return False # if _Debug: # if _LogSignVerify: # try: # from main import settings # try: # from Cryptodome.Util import number # except: # from Crypto.Util import number # @UnresolvedImport @Reimport # open(os.path.join(settings.LogsDir(), 'crypt.log'), 'wb').write(b'\SignatureChecksOut:\n' + strng.to_bin(number.long_to_bytes(self.Signature)) + b'\n\n') # except: # lg.exc() Result = key.Verify(CreatorIdentity, self.GenerateHash(), self.Signature) # if _Debug: # if _LogSignVerify: # try: # from main import settings # open(os.path.join(settings.LogsDir(), 'crypt.log'), 'wb').write(b'\Result:' + strng.to_bin(str(Result)) + b'\n\n') # except: # lg.exc() return Result
def Valid(self): """ Validate signature to verify the ``encrypted_block``. """ if not self.Ready(): # lg.warn("block is not ready yet " + str(self)) lg.warn("block is not ready yet " + str(self)) return False hashsrc = self.GenerateHash() ConIdentity = contactsdb.get_contact_identity(my_id.getLocalID()) if ConIdentity is None: lg.warn("could not get Identity so returning False") return False result = key.Verify(ConIdentity, hashsrc, self.Signature) # At block level only work on own stuff return result
def SignatureChecksOut(self): """ This check correctness of signature, uses ``crypt.key.Verify``. To verify we need 3 things: - the packet ``Creator`` identity ( it keeps the public key ), - hash of that packet - just call ``GenerateHash()`` to make it, - the signature itself. """ ConIdentity = contactsdb.get_contact_identity(self.CreatorID) if ConIdentity is None: lg.out(1, "signed.SignatureChecksOut ERROR could not get Identity for " + self.CreatorID + " so returning False") return False Result = key.Verify(ConIdentity, self.GenerateHash(), self.Signature) return Result
def init(self): """ Method to initialize additional variables and flags at creation of the state machine. """ self.log_events = True self.error_message = None self.time = time.time() self.description = self.outpacket.Command + "(" + self.outpacket.PacketID + ")" self.payloadsize = len(self.outpacket.Payload) if not self.remote_idurl: self.remote_idurl = correct_packet_destination(self.outpacket) self.remote_identity = contactsdb.get_contact_identity(self.remote_idurl) self.packetdata = None self.filename = None self.filesize = None self.items = [] self.results = [] self.response_packet = None self.response_info = None self.timeout = None # 300 # settings.SendTimeOut() * 3
def init(self): """ Method to initialize additional variables and flags at creation of the state machine. """ self.log_events = True self.error_message = None self.time = time.time() self.description = self.outpacket.Command + '(' + self.outpacket.PacketID + ')' self.payloadsize = len(self.outpacket.Payload) if not self.remote_idurl: self.remote_idurl = correct_packet_destination(self.outpacket) self.remote_identity = contactsdb.get_contact_identity( self.remote_idurl) self.packetdata = None self.filename = None self.filesize = None self.items = [] self.results = [] self.response_packet = None self.response_info = None self.timeout = None # 300 # settings.SendTimeOut() * 3
def _remote_identity_cached(self, xmlsrc, arg): sender_identity = contactsdb.get_contact_identity(self.sender_idurl) if sender_identity is None: self.automat("failed") else: self.automat("remote-id-cached", arg)