class SessionContext: def __init__(self, sessid): if not sessid: raise ValueError("Missing sessid") self.__key = [evcommon.IDSPOOL, sessid] self.__reg = Election().get_root_reg() def store_session(self, cert): self.__reg.ensure_key(self.__key) self.__reg.create_value(self.__key, "cert", cert) self.__reg.create_integer_value(self.__key, "start", int(time.time())) def check_session(self, cert): if not self.__reg.check(self.__key): return evcommon.EVOTE_ERROR, evmessage.EV_ERRORS.SEANSS_PUUDUB start = self.__reg.read_integer_value(self.__key, "start").value length = Election().get_session_length() * 60 if start + length < int(time.time()): return evcommon.EVOTE_ERROR, evmessage.EV_ERRORS.SEANSS_PUUDUB if self.__reg.read_value(self.__key, "cert").value != cert: evlog.log_error('Sertifikaat muutus') return evcommon.EVOTE_CERT_ERROR, evmessage.EV_ERRORS.TEHNILINE_VIGA return evcommon.EVOTE_OK, None def kill(self): self.__reg.ensure_no_key(self.__key)
class MobileIDContext: phoneno = None lang = None challenge = None midsess = None origvote = None votefiles = {} __sessid = None __reg = None def __init__(self, sessid): if sessid is None: raise Exception('Puuduv sessiooniidentifikaator') self.__sessid = sessid self.__reg = Election().get_root_reg() self.lang = 'EST' def sessid(self): return self.__sessid def kill(self): self.__reg.ensure_no_key([evcommon.MIDSPOOL, self.__sessid]) def set_phone(self, phone): self.phoneno = phone def set_origvote(self, hv): self.origvote = hv def get_origvote(self): self.origvote = self.__reg.read_value( [evcommon.MIDSPOOL, self.__sessid], 'origvote').value return self.origvote def add_votefile(self, filename, data): self.votefiles[filename] = data def get_votefiles(self): for key in self.__reg.list_keys( [evcommon.MIDSPOOL, self.__sessid, 'votefiles']): self.votefiles[key] = self.__reg.read_value( [evcommon.MIDSPOOL, self.__sessid, 'votefiles'], key).value return self.votefiles def generate_challenge(self): self.challenge = binascii.b2a_hex(os.urandom(10)) def verify_challenge(self, signature): return challenge_ok(self.certificate(), self.mychallenge(), self.ourchallenge(), signature) def mychallenge(self): return self.__reg.read_value([evcommon.MIDSPOOL, self.__sessid], 'mychallenge').value def ourchallenge(self): return self.__reg.read_value([evcommon.MIDSPOOL, self.__sessid], 'ourchallenge').value def certificate(self): return self.__reg.read_value([evcommon.MIDSPOOL, self.__sessid], 'cert').value def set_auth_succ(self): self.__reg.ensure_key([evcommon.MIDSPOOL, self.__sessid, 'authsucc']) def auth_succ(self): return self.__reg.check([evcommon.MIDSPOOL, self.__sessid, 'authsucc']) def check_session(self): if not self.__reg.check([evcommon.MIDSPOOL, self.__sessid]): return False start = self.__reg.read_integer_value( [evcommon.MIDSPOOL, self.__sessid], 'start').value length = Election().get_session_length() * 60 return start + length >= int(time.time()) and self.auth_succ() def save_post_auth(self, rsp): self.__reg.reset_key([evcommon.MIDSPOOL, self.__sessid]) self.__reg.create_value([evcommon.MIDSPOOL, self.__sessid], 'cert', rsp._CertificateData) self.__reg.create_value([evcommon.MIDSPOOL, self.__sessid], 'phone', self.phoneno) self.__reg.create_value([evcommon.MIDSPOOL, self.__sessid], 'midsess', rsp._Sesscode) self.__reg.create_value([evcommon.MIDSPOOL, self.__sessid], 'mychallenge', self.challenge) self.__reg.create_value([evcommon.MIDSPOOL, self.__sessid], 'ourchallenge', rsp._Challenge) self.__reg.create_integer_value([evcommon.MIDSPOOL, self.__sessid], 'start', int(time.time())) def load_pre_sign(self): self.phoneno = self.__reg.read_value( [evcommon.MIDSPOOL, self.__sessid], 'phone').value def save_post_sign(self, midsess): self.__reg.create_value([evcommon.MIDSPOOL, self.__sessid], 'midsess', midsess) self.__reg.create_value([evcommon.MIDSPOOL, self.__sessid], 'origvote', self.origvote) self.__reg.ensure_key([evcommon.MIDSPOOL, self.__sessid, 'votefiles']) for el in self.votefiles: self.__reg.create_value( [evcommon.MIDSPOOL, self.__sessid, 'votefiles'], el, self.votefiles[el]) def load_pre_poll(self): self.midsess = int( self.__reg.read_value([evcommon.MIDSPOOL, self.__sessid], 'midsess').value)
class HTSVerify: def __init__(self): self._rreg = Election().get_root_reg() self._vote_id = None self._voter_code = None self._voter = None def __revoke_vote_id(self): _revoke_vote_id(self._voter_code) def verify_id(self, vote_id): # check if valid vote ID if not formatutil.is_vote_verification_id(vote_id): # We don't know how large vote_id is, so don't write to disk evlog.log_error("Malformed vote ID") raise HTSVerifyException, evcommon.VERIFY_ERROR vote_id = vote_id.lower() otp_key = htscommon.get_verification_key(vote_id) # check if corresponding OTP exists if not self._rreg.check(otp_key): evlog.log_error("No such vote ID: %s" % vote_id) raise HTSVerifyException, evcommon.VERIFY_ERROR self._voter_code = self._rreg.read_string_value(\ otp_key, "voter").value.rstrip() # check if timestamp is OK current = int(time.time()) created = self._rreg.read_integer_value(otp_key, "timestamp").value timeout = Election().get_verification_time() * 60 if created + timeout < current: evlog.log("Vote ID %s has expired" % vote_id) self.__revoke_vote_id() raise HTSVerifyException, evcommon.VERIFY_ERROR # check if count is OK count = self._rreg.read_integer_value(otp_key, "count").value if count <= 0: evlog.log_error("Vote ID %s count is zero, but had not been revoked") self.__revoke_vote_id() raise HTSVerifyException, evcommon.VERIFY_ERROR self._vote_id = vote_id def __load_bdoc(self, elid): voter_key = htscommon.get_user_key(self._voter_code) sreg = Election().get_sub_reg(elid) for votefile in sreg.list_keys(voter_key): if htscommon.VALID_VOTE_PATTERN.match(votefile): bdoc = bdocpythonutils.BDocContainer() bdoc.load(sreg.path(voter_key + [votefile])) bdoc.validate(bdocpythonutils.ManifestProfile("TM")) self._voter = htscommon.get_votefile_voter(votefile) break if not bdoc: evlog.log_error("No valid BDOC found for voter %s using vote ID %s" % \ (self._voter, self._vote_id)) raise HTSVerifyException, evcommon.VERIFY_ERROR return bdoc def __decrease_count(self): otp_key = htscommon.get_verification_key(self._vote_id) count = self._rreg.read_integer_value(otp_key, "count").value - 1 if count > 0: self._rreg.create_integer_value(otp_key, "count", count) else: self.__revoke_vote_id() def get_response(self): import binascii # load a random BDOC from the ones available otp_key = htscommon.get_verification_key(self._vote_id) elids = self._rreg.read_string_value(otp_key, "elids")\ .value.rstrip().split("\t") bdoc = self.__load_bdoc(random.choice(elids)) evlog.log("Sending BDOC %s with vote ID %s for verification" %\ (ksum.votehash(bdoc.get_bytes()), self._vote_id)) # check consistency bdoc_set = set([doc.split(".")[0] for doc in bdoc.documents]) elids_set = set(elids) if bdoc_set != elids_set: evlog.log_error("Votes in BDOC for vote ID %s are inconsistent " \ "with registry: %s, %s" % (self._vote_id, bdoc_set, elids_set)) raise HTSVerifyException, evcommon.VERIFY_ERROR # create question objects questions = [] for elid in elids: questions.append(question.Question(\ elid, "hts", Election().get_sub_reg(elid))) # start assembling the response ret = "" # append questions for quest in questions: ret += quest.qname() + ":" + str(quest.get_type()) + "\t" ret += "\n" # append election IDs and votes for votefile in bdoc.documents: elid = votefile.split(".")[0] ret += elid + "\t" + binascii.b2a_hex(bdoc.documents[votefile]) + "\n" ret += "\n" # append voter ret += self._voter["nimi"] + "\t" + self._voter_code + "\n" # append choices list for quest in questions: ret += quest.choices_to_voter(self._voter) self.__decrease_count() return ret
class MobileIDContext: phoneno = None lang = None challenge = None midsess = None origvote = None votefiles = {} __sessid = None __reg = None def __init__(self, sessid): if sessid is None: raise Exception("Puuduv sessiooniidentifikaator") self.__sessid = sessid self.__reg = Election().get_root_reg() self.lang = "EST" def sessid(self): return self.__sessid def kill(self): self.__reg.ensure_no_key([evcommon.MIDSPOOL, self.__sessid]) def set_phone(self, phone): self.phoneno = phone def set_origvote(self, hv): self.origvote = hv def get_origvote(self): self.origvote = self.__reg.read_value([evcommon.MIDSPOOL, self.__sessid], "origvote").value return self.origvote def add_votefile(self, filename, data): self.votefiles[filename] = data def get_votefiles(self): for key in self.__reg.list_keys([evcommon.MIDSPOOL, self.__sessid, "votefiles"]): self.votefiles[key] = self.__reg.read_value([evcommon.MIDSPOOL, self.__sessid, "votefiles"], key).value return self.votefiles def generate_challenge(self): self.challenge = binascii.b2a_hex(os.urandom(10)) def verify_challenge(self, signature): return challenge_ok(self.certificate(), self.mychallenge(), self.ourchallenge(), signature) def mychallenge(self): return self.__reg.read_value([evcommon.MIDSPOOL, self.__sessid], "mychallenge").value def ourchallenge(self): return self.__reg.read_value([evcommon.MIDSPOOL, self.__sessid], "ourchallenge").value def certificate(self): return self.__reg.read_value([evcommon.MIDSPOOL, self.__sessid], "cert").value def set_auth_succ(self): self.__reg.ensure_key([evcommon.MIDSPOOL, self.__sessid, "authsucc"]) def auth_succ(self): return self.__reg.check([evcommon.MIDSPOOL, self.__sessid, "authsucc"]) def check_session(self): if not self.__reg.check([evcommon.MIDSPOOL, self.__sessid]): return False start = self.__reg.read_integer_value([evcommon.MIDSPOOL, self.__sessid], "start").value length = Election().get_session_length() * 60 return start + length >= int(time.time()) and self.auth_succ() def save_post_auth(self, rsp): self.__reg.reset_key([evcommon.MIDSPOOL, self.__sessid]) self.__reg.create_value([evcommon.MIDSPOOL, self.__sessid], "cert", rsp._CertificateData) self.__reg.create_value([evcommon.MIDSPOOL, self.__sessid], "phone", self.phoneno) self.__reg.create_value([evcommon.MIDSPOOL, self.__sessid], "midsess", rsp._Sesscode) self.__reg.create_value([evcommon.MIDSPOOL, self.__sessid], "mychallenge", self.challenge) self.__reg.create_value([evcommon.MIDSPOOL, self.__sessid], "ourchallenge", rsp._Challenge) self.__reg.create_integer_value([evcommon.MIDSPOOL, self.__sessid], "start", int(time.time())) def load_pre_sign(self): self.phoneno = self.__reg.read_value([evcommon.MIDSPOOL, self.__sessid], "phone").value def save_post_sign(self, midsess): self.__reg.create_value([evcommon.MIDSPOOL, self.__sessid], "midsess", midsess) self.__reg.create_value([evcommon.MIDSPOOL, self.__sessid], "origvote", self.origvote) self.__reg.ensure_key([evcommon.MIDSPOOL, self.__sessid, "votefiles"]) for el in self.votefiles: self.__reg.create_value([evcommon.MIDSPOOL, self.__sessid, "votefiles"], el, self.votefiles[el]) def load_pre_poll(self): self.midsess = int(self.__reg.read_value([evcommon.MIDSPOOL, self.__sessid], "midsess").value)