def __proxy(self, vote = None, votebox = None):
try:
evlog.log(LOGSIG[self.__task] + ': ALGUS')
if ElectionState().election_on():
security = CertAnalyzer()
if security.work():
if self.__task == TASK_CAND:
return \
self.__get_candidate_list(security.valid_person())
elif self.__task == TASK_VOTE:
return self.__hts_vote(\
security.valid_person(), vote, votebox)
else:
r1, r2 = protocol.msg_error_technical()
return self.__return_error(r1, r2)
else:
evlog.log_error('Viga: "%s"' % security.logmsg)
return \
self.__return_error(security.errcode, security.errmsg)
else:
r1, r2 = ElectionState().election_off_msg()
return self.__return_error(r1, r2)
except:
return self.__return_exception()
finally:
evlog.log(LOGSIG[self.__task] + ': LõPP')
def mobid_vote_data(b64vote):
import bdocpythonutils
bdocdata = base64.b64decode(b64vote)
bdocfile = None
try:
bdocfile = StringIO.StringIO(bdocdata)
bdoc = bdocpythonutils.BDocContainer()
bdoc.load(bdocfile)
bdoc.validateflex()
_doc_count = len(bdoc.documents)
if _doc_count == 0:
raise Exception, "BDoc ei sisalda ühtegi andmefaili"
ret = {}
for el in bdoc.documents:
evlog.log(evlogdata.get_vote(el, bdoc.documents[el]))
ret[el] = base64.b64encode(bdoc.documents[el])
return ret
finally:
if bdocfile != None:
bdocfile.close()
def __proxy(self, vote=None, votebox=None):
try:
evlog.log(LOGSIG[self.__task] + ': ALGUS')
if ElectionState().election_on():
security = CertAnalyzer()
if security.work():
if self.__task == TASK_CAND:
return \
self.__get_candidate_list(security.valid_person())
elif self.__task == TASK_VOTE:
return self.__hts_vote(\
security.valid_person(), vote, votebox)
else:
r1, r2 = protocol.msg_error_technical()
return self.__return_error(r1, r2)
else:
evlog.log_error('Viga: "%s"' % security.logmsg)
return \
self.__return_error(security.errcode, security.errmsg)
else:
r1, r2 = ElectionState().election_off_msg()
return self.__return_error(r1, r2)
except:
return self.__return_exception()
finally:
evlog.log(LOGSIG[self.__task] + ': LõPP')
def hts_vote(self, valid_person, vote):
ik = valid_person[0]
en = valid_person[1]
pn = valid_person[2]
evlog.AppLog().set_person(ik)
import base64
decoded_vote = base64.decodestring(vote)
evlog.log('Hääle talletamine: %s %s' % (en, pn))
if not Election().can_vote(ik):
error = HESResult()
error.pole_valija(ik)
return self.__return_error(error)
inspector = VoteChecker(decoded_vote, ik)
mobid = 'MOBILE_ID_CONTEXT' in os.environ
if not inspector.check_vote(mobid):
return self.__return_error(inspector.error)
params = {}
params[evcommon.POST_EVOTE] = vote
params[evcommon.POST_PERSONAL_CODE] = ik
params[evcommon.POST_VOTERS_FILES_SHA256] = \
Election().get_voters_files_sha256()
params[evcommon.POST_SESS_ID] = sessionid.voting()
hts_connector = HTSConnector(params)
if not hts_connector.work_strict():
return self.__return_error(hts_connector.error)
return hts_connector.answer[1], hts_connector.answer[2]
def verify_id(self, vote_id):
# check if valid vote ID
if not formatutil.is_vote_verification_id(vote_id):
# We don't know how large vote_id is, so don't write to disk
evlog.log_error("Malformed vote ID")
raise HTSVerifyException, evcommon.VERIFY_ERROR
vote_id = vote_id.lower()
otp_key = htscommon.get_verification_key(vote_id)
# check if corresponding OTP exists
if not self._rreg.check(otp_key):
evlog.log_error("No such vote ID: %s" % vote_id)
raise HTSVerifyException, evcommon.VERIFY_ERROR
self._voter_code = self._rreg.read_string_value(\
otp_key, "voter").value.rstrip()
# check if timestamp is OK
current = int(time.time())
created = self._rreg.read_integer_value(otp_key, "timestamp").value
timeout = Election().get_verification_time() * 60
if created + timeout < current:
evlog.log("Vote ID %s has expired" % vote_id)
self.__revoke_vote_id()
raise HTSVerifyException, evcommon.VERIFY_ERROR
# check if count is OK
count = self._rreg.read_integer_value(otp_key, "count").value
if count <= 0:
evlog.log_error("Vote ID %s count is zero, but had not been revoked")
self.__revoke_vote_id()
raise HTSVerifyException, evcommon.VERIFY_ERROR
self._vote_id = vote_id
def mobid_vote_data(b64vote):
import bdocpythonutils
bdocdata = base64.b64decode(b64vote)
bdocfile = None
try:
bdocfile = StringIO.StringIO(bdocdata)
bdoc = bdocpythonutils.BDocContainer()
bdoc.load(bdocfile)
bdoc.validateflex()
_doc_count = len(bdoc.documents)
if _doc_count == 0:
raise Exception("BDoc ei sisalda ühtegi andmefaili")
ret = {}
for el in bdoc.documents:
evlog.log(evlogdata.get_vote(el, bdoc.documents[el]))
ret[el] = bdoc.documents[el]
return ret
finally:
if bdocfile is not None:
bdocfile.close()
def hts_vote(self, valid_person, vote):
ik = valid_person[0]
en = valid_person[1]
pn = valid_person[2]
evlog.AppLog().set_person(ik)
import base64
decoded_vote = base64.decodestring(vote)
evlog.log("Hääle talletamine: %s %s" % (en, pn))
if not Election().can_vote(ik):
error = HESResult()
error.pole_valija(ik)
return self.__return_error(error)
inspector = VoteChecker(decoded_vote, ik)
mobid = "MOBILE_ID_CONTEXT" in os.environ
if not inspector.check_vote(mobid):
return self.__return_error(inspector.error)
params = {}
params[evcommon.POST_EVOTE] = vote
params[evcommon.POST_PERSONAL_CODE] = ik
params[evcommon.POST_VOTERS_FILES_SHA256] = Election().get_voters_files_sha256()
params[evcommon.POST_SESS_ID] = sessionid.voting()
hts_connector = HTSConnector(params)
if not hts_connector.work_strict():
return self.__return_error(hts_connector.error)
return hts_connector.answer[1], hts_connector.answer[2]
def hts_consistency_check(self):
try:
evlog.log('HES ja HTS kooskõlalisuse kontroll: ALGUS')
return self.__hes.hts_consistency_check()
except:
return self.__return_exception(evcommon.EVOTE_CONSISTENCY_ERROR)
finally:
evlog.log('HTS kooskõlalisuse kontroll: LõPP')
def __tyhista_haaled(self, input_list, operaator):
evlog.log("Tühistusavalduse import")
good_list = []
bad_list = []
action_list = []
self.__kylm_tyhistamine(input_list, good_list, bad_list, action_list)
self.__kuum_tyhistamine(operaator, action_list)
return good_list, bad_list
def __ennista_haaled(self, input_list, operaator):
evlog.log('Ennistusavalduse import')
action_list = []
bad_list = []
good_list = []
self.__kylm_ennistamine(input_list, good_list, bad_list, action_list)
self.__kuum_ennistamine(operaator, action_list)
return good_list, bad_list
def hts_consistency_check(self):
try:
evlog.log('HES ja HTS kooskõlalisuse kontroll: ALGUS')
return self.__hes.hts_consistency_check()
except:
return self.__return_exception(evcommon.EVOTE_CONSISTENCY_ERROR)
finally:
evlog.log('HTS kooskõlalisuse kontroll: LõPP')
def __ennista_haaled(self, input_list, operaator):
evlog.log('Ennistusavalduse import')
action_list = []
bad_list = []
good_list = []
self.__kylm_ennistamine(input_list, good_list, bad_list, action_list)
self.__kuum_ennistamine(operaator, action_list)
return good_list, bad_list
def check_vote(self, mobid):
try:
bdocpython.initialize()
conf = bdocconfig.BDocConfig()
conf.load(Election().get_bdoc_conf())
alines = []
elines = []
if mobid:
alines, elines = regrights.analyze_signature_for_log(self._decoded_vote)
else:
alines, elines = regrights.analyze_vote_for_log(self._decoded_vote)
for el in alines:
evlog.log(el)
for el in elines:
evlog.log_error(el)
res = None
if mobid:
res = regrights.check_vote_hes_mobid(self._decoded_vote, conf)
else:
res = regrights.check_vote_hes(self._decoded_vote, conf)
if not res.result:
self.error.log_msg = res.error
if self.error.user_msg == "":
self.error.user_msg = evmessage.EV_ERRORS.TEHNILINE_VIGA
self.error.user_code = evcommon.EVOTE_ERROR
if not res.cert_is_valid:
self.error.user_msg = evmessage.EV_ERRORS.SERTIFIKAAT_ON_AEGUNUD
self.error.user_code = evcommon.EVOTE_CERT_ERROR
return False
ik_ver = regrights.get_personal_code(res.subject)
if self._ik != ik_ver:
self.error.log_msg = "Autentija (%s) ja allkirjastaja (%s) erinevad" % (self._ik, ik_ver)
self.error.user_msg = evmessage.EV_ERRORS.TEHNILINE_VIGA
self.error.user_code = evcommon.EVOTE_ERROR
return False
return True
except:
self.error.user_msg = evmessage.EV_ERRORS.TEHNILINE_VIGA
self.error.user_code = evcommon.EVOTE_ERROR
self.error.log_msg = exception_msg.trace()
finally:
bdocpython.terminate()
return False
def unschedule(cmd):
sched = scheduled(cmd)
if sched:
job, timestr = sched
_atrm(job)
evlog.log(LOG_UNSCHEDULED % (cmd, job, timestr))
print UI_UNSCHEDULED % (cmd, job, timestr)
_clean_reg(cmd) # Always.
def restore_revoke(elid, rfile, operator):
the_hts = hts.HTS(elid)
rl = revocationlists.RevocationList()
rl.attach_elid(elid)
rl.attach_logger(evlog.AppLog())
if not rl.check_format(rfile, 'Kontrollin tühistus-/ennistusnimekirja: '):
errmsg = 'Vigase formaadiga tühistus-/ennistusnimekiri'
raise Exception(errmsg)
g_l = None
b_l = None
act = ''
report = []
newtime = time.localtime()
if rl.revoke:
act = 'tühistamine'
evlog.log('Tühistusavalduse import')
g_l, b_l = the_hts.load_revoke(rl.rev_list, operator)
report.append(['------------------------------'])
report.append(['TÜHISTAMINE (%s)' % \
time.strftime("%Y%m%d%H%M%S", newtime)])
report.append(['%d õnnestumist, %d ebaõnnestumist' % \
(len(g_l), len(b_l))])
report.append(['Operaator %s, fail %s ' % (operator, rfile)])
else:
act = 'ennistamine'
evlog.log('Ennistusavalduse import')
g_l, b_l = the_hts.load_restore(rl.rev_list, operator)
report.append(['------------------------------'])
report.append(['ENNISTAMINE (%s)' % \
time.strftime("%Y%m%d%H%M%S", newtime)])
report.append(['%d õnnestumist, %d ebaõnnestumist' % \
(len(g_l), len(b_l))])
report.append(['Operaator %s, fail %s ' % (operator, rfile)])
for el in b_l:
el.append(act + ' nurjus')
report.append(el)
for el in g_l:
el.append(act + ' õnnestus')
report.append(el)
report.append(['------------------------------'])
the_hts.save_revocation_report(report)
return len(rl.rev_list), len(g_l), len(b_l)
def poll(self):
try:
evlog.log('Poll: ALGUS')
self.ctx().load_pre_poll()
if self.ctx().auth_succ():
return self.__poll_sign()
return self.__poll_auth()
except httplib.BadStatusLine, exc:
return self.__return_badstatusline_error(exc)
def __poll_sign(self):
service = MobileIDService()
r1, r2 = service.poll_sign(self.ctx())
if r1 == 'OUTSTANDING_TRANSACTION':
return protocol.msg_mobid_poll()
if r1 == 'SIGNATURE':
evlog.log('Received SIGNATURE from DDS')
return self.__hts_vote(r2)
return self.__return_mid_error(r1)
def restore_revoke(elid, rfile, operator):
the_hts = hts.HTS(elid)
rl = revocationlists.RevocationList()
rl.attach_elid(elid)
rl.attach_logger(evlog.AppLog())
if not rl.check_format(rfile, 'Kontrollin tühistus-/ennistusnimekirja: '):
errmsg = 'Vigase formaadiga tühistus-/ennistusnimekiri'
raise Exception(errmsg)
g_l = None
b_l = None
act = ''
report = []
newtime = time.localtime()
if rl.revoke:
act = 'tühistamine'
evlog.log('Tühistusavalduse import')
g_l, b_l = the_hts.load_revoke(rl.rev_list, operator)
report.append(['------------------------------'])
report.append(['TÜHISTAMINE (%s)' %
time.strftime("%Y%m%d%H%M%S", newtime)])
report.append(['%d õnnestumist, %d ebaõnnestumist' %
(len(g_l), len(b_l))])
report.append(['Operaator %s, fail %s ' % (operator, rfile)])
else:
act = 'ennistamine'
evlog.log('Ennistusavalduse import')
g_l, b_l = the_hts.load_restore(rl.rev_list, operator)
report.append(['------------------------------'])
report.append(['ENNISTAMINE (%s)' %
time.strftime("%Y%m%d%H%M%S", newtime)])
report.append(['%d õnnestumist, %d ebaõnnestumist' %
(len(g_l), len(b_l))])
report.append(['Operaator %s, fail %s ' % (operator, rfile)])
for el in b_l:
el.append(act + ' nurjus')
report.append(el)
for el in g_l:
el.append(act + ' õnnestus')
report.append(el)
report.append(['------------------------------'])
the_hts.save_revocation_report(report)
return len(rl.rev_list), len(g_l), len(b_l)
def __poll_sign(self):
service = MobileIDService()
r1, r2 = service.poll_sign(self.ctx())
if r1 == 'OUTSTANDING_TRANSACTION':
return protocol.msg_mobid_poll()
if r1 == 'SIGNATURE':
evlog.log('Received SIGNATURE from DDS')
return self.__hts_vote(r2)
return self.__return_mid_error(r1)
def poll(self):
try:
evlog.log('Poll: ALGUS')
self.ctx().load_pre_poll()
if self.ctx().auth_succ():
return self.__poll_sign()
return self.__poll_auth()
except httplib.BadStatusLine, exc:
return self.__return_badstatusline_error(exc)
def poll(self, form):
try:
evlog.log('Poll: ALGUS')
self.ctx().load_pre_poll()
poll_type = form.getvalue(evcommon.POST_MID_POLL)
if formatutil.is_mobid_poll_auth(poll_type):
evlog.log('Poll: authentication request')
return self.__poll_auth()
if formatutil.is_mobid_poll_vote(poll_type):
if not self.ctx().auth_succ():
raise Exception('Unauthenticated session')
evlog.log('Poll: signing request')
return self.__poll_sign()
# Should never happen if cgivalidator is working correctly
raise Exception('Bad poll type: %s' % poll_type[:20])
except httplib.BadStatusLine as exc:
return self.__return_badstatusline_error(exc)
except ZSI.FaultException as exc:
return self.__return_zsi_error(exc)
except:
return self.__return_exception()
finally:
evlog.log('Poll: LÕPP')
def compose_list(self):
questions = Election().get_questions_obj('hes')
for quest in questions:
voter = quest.get_voter(self._ik)
if voter == None:
continue
elid = quest.qname()
self._name_type = \
self._name_type + elid + ':' + str(quest.get_type()) + '\t'
kandidaadid = quest.choices_to_voter(voter)
evlog.log("Ringkond: %s-%s-%s-%s-%s" % \
(elid, voter['jaoskond_omavalitsus'], voter['jaoskond'], \
voter['ringkond_omavalitsus'], voter['ringkond']))
self._list.append(kandidaadid)
def get_candidate_list(self, valid_person):
ik = valid_person[0]
en = valid_person[1]
pn = valid_person[2]
evlog.AppLog().set_person(ik)
evlog.log('Kandidaatide nimekiri: %s %s' % (en, pn))
cld = CandidateListExtractor(ik, sessionid.voting())
cld.compose_list()
if cld.has_list():
return evcommon.EVOTE_OK, cld.get_list()
error = HESResult()
error.pole_valija(ik)
return self.__return_error(error)
def compose_list(self):
questions = Election().get_questions_obj('hes')
for quest in questions:
voter = quest.get_voter(self._ik)
if voter == None:
continue
elid = quest.qname()
self._name_type = \
self._name_type + elid + ':' + str(quest.get_type()) + '\t'
kandidaadid = quest.choices_to_voter(voter)
evlog.log("Ringkond: %s-%s-%s-%s-%s" % \
(elid, voter['jaoskond_omavalitsus'], voter['jaoskond'], \
voter['ringkond_omavalitsus'], voter['ringkond']))
self._list.append(kandidaadid)
def poll(self, form):
try:
evlog.log("Poll: ALGUS")
self.ctx().load_pre_poll()
poll_type = form.getvalue(evcommon.POST_MID_POLL)
if formatutil.is_mobid_poll_auth(poll_type):
evlog.log("Poll: authentication request")
return self.__poll_auth()
if formatutil.is_mobid_poll_vote(poll_type):
if not self.ctx().auth_succ():
raise Exception("Unauthenticated session")
evlog.log("Poll: signing request")
return self.__poll_sign()
# Should never happen if cgivalidator is working correctly
raise Exception("Bad poll type: %s" % poll_type[:20])
except httplib.BadStatusLine as exc:
return self.__return_badstatusline_error(exc)
except ZSI.FaultException as exc:
return self.__return_zsi_error(exc)
except:
return self.__return_exception()
finally:
evlog.log("Poll: LÕPP")
def get_candidate_list(self, valid_person):
ik = valid_person[0]
en = valid_person[1]
pn = valid_person[2]
evlog.AppLog().set_person(ik)
evlog.log("Kandidaatide nimekiri: %s %s" % (en, pn))
cld = CandidateListExtractor(ik, sessionid.voting())
cld.compose_list()
if cld.has_list():
return evcommon.EVOTE_OK, cld.get_list()
error = HESResult()
error.pole_valija(ik)
return self.__return_error(error)
def get_response(self):
import binascii
# load a random BDOC from the ones available
otp_key = htscommon.get_verification_key(self._vote_id)
elids = self._rreg.read_string_value(otp_key, "elids")\
.value.rstrip().split("\t")
bdoc = self.__load_bdoc(random.choice(elids))
evlog.log("Sending BDOC %s with vote ID %s for verification" %\
(ksum.votehash(bdoc.get_bytes()), self._vote_id))
# check consistency
bdoc_set = set([doc.split(".")[0] for doc in bdoc.documents])
elids_set = set(elids)
if bdoc_set != elids_set:
evlog.log_error("Votes in BDOC for vote ID %s are inconsistent " \
"with registry: %s, %s" % (self._vote_id, bdoc_set, elids_set))
raise HTSVerifyException, evcommon.VERIFY_ERROR
# create question objects
questions = []
for elid in elids:
questions.append(question.Question(\
elid, "hts", Election().get_sub_reg(elid)))
# start assembling the response
ret = ""
# append questions
for quest in questions:
ret += quest.qname() + ":" + str(quest.get_type()) + "\t"
ret += "\n"
# append election IDs and votes
for votefile in bdoc.documents:
elid = votefile.split(".")[0]
ret += elid + "\t" + binascii.b2a_hex(
bdoc.documents[votefile]) + "\n"
ret += "\n"
# append choices list
for quest in questions:
tv = quest.get_voter(self._voter_code)
if tv:
ret += quest.choices_to_voter(tv)
else:
evlog.log_error("Voter not found")
self.__decrease_count()
return ret
def get_response(self):
import binascii
# load a random BDOC from the ones available
otp_key = htscommon.get_verification_key(self._vote_id)
elids = self._rreg.read_string_value(otp_key, "elids")\
.value.rstrip().split("\t")
bdoc = self.__load_bdoc(random.choice(elids))
evlog.log("Sending BDOC %s with vote ID %s for verification" %\
(ksum.votehash(bdoc.get_bytes()), self._vote_id))
# check consistency
bdoc_set = set([doc.split(".")[0] for doc in bdoc.documents])
elids_set = set(elids)
if bdoc_set != elids_set:
evlog.log_error("Votes in BDOC for vote ID %s are inconsistent " \
"with registry: %s, %s" % (self._vote_id, bdoc_set, elids_set))
raise HTSVerifyException, evcommon.VERIFY_ERROR
# create question objects
questions = []
for elid in elids:
questions.append(question.Question(\
elid, "hts", Election().get_sub_reg(elid)))
# start assembling the response
ret = ""
# append questions
for quest in questions:
ret += quest.qname() + ":" + str(quest.get_type()) + "\t"
ret += "\n"
# append election IDs and votes
for votefile in bdoc.documents:
elid = votefile.split(".")[0]
ret += elid + "\t" + binascii.b2a_hex(bdoc.documents[votefile]) + "\n"
ret += "\n"
# append choices list
for quest in questions:
tv = quest.get_voter(self._voter_code)
if tv:
ret += quest.choices_to_voter(tv)
else:
evlog.log_error("Voter not found")
self.__decrease_count()
return ret
def restore_revoke(elid, rfile, operator):
the_hts = hts.HTS(elid)
rl = revocationlists.RevocationList()
rl.attach_elid(elid)
rl.attach_logger(evlog.AppLog())
if not rl.check_format(rfile, "Kontrollin tühistus-/ennistusnimekirja: "):
errmsg = "Vigase formaadiga tühistus-/ennistusnimekiri"
raise Exception(errmsg)
g_l = None
b_l = None
act = ""
report = []
newtime = time.localtime()
if rl.revoke:
act = "tühistamine"
evlog.log("Tühistusavalduse import")
g_l, b_l = the_hts.load_revoke(rl.rev_list, operator)
report.append(["------------------------------"])
report.append(["TÜHISTAMINE (%s)" % time.strftime("%Y%m%d%H%M%S", newtime)])
report.append(["%d õnnestumist, %d ebaõnnestumist" % (len(g_l), len(b_l))])
report.append(["Operaator %s, fail %s " % (operator, rfile)])
else:
act = "ennistamine"
evlog.log("Ennistusavalduse import")
g_l, b_l = the_hts.load_restore(rl.rev_list, operator)
report.append(["------------------------------"])
report.append(["ENNISTAMINE (%s)" % time.strftime("%Y%m%d%H%M%S", newtime)])
report.append(["%d õnnestumist, %d ebaõnnestumist" % (len(g_l), len(b_l))])
report.append(["Operaator %s, fail %s " % (operator, rfile)])
for el in b_l:
el.append(act + " nurjus")
report.append(el)
for el in g_l:
el.append(act + " õnnestus")
report.append(el)
report.append(["------------------------------"])
the_hts.save_revocation_report(report)
return len(rl.rev_list), len(g_l), len(b_l)
def verify(self, vote_id):
verifier = HTSVerify()
try:
verifier.verify_id(vote_id)
except HTSVerifyException as e:
return e.ret, EvMessage().get_str(\
"INVALID_VOTE_ID", evstrings.INVALID_VOTE_ID)
evlog.log("Verifying vote with ID %s" % vote_id)
try:
return evcommon.VERIFY_OK, verifier.get_response()
except HTSVerifyException as e:
return e.ret, EvMessage().get_str(\
"TECHNICAL_ERROR_VOTE_VERIFICATION", \
evstrings.TECHNICAL_ERROR_VOTE_VERIFICATION)
def do_cgi():
try:
elec = election.Election()
evlog.AppLog().set_app(APP)
# Create a list of pairs from the form parameters. Don't use a dictionary
# because that will overwrite recurring keys.
form = cgi.FieldStorage()
params = []
for key in form:
for value in form.getlist(key):
params.append((key, value))
# Only accept up to a single parameter
if len(params) > 1:
def keys(pairs):
"""Return a comma-separated list of the keys."""
return ", ".join([pair[0] for pair in pairs])
evlog.log_error("Too many query parameters: " + keys(params))
bad_parameters()
return
# Only accept the POST_VERIFY_VOTE parameter.
if len(params) and params[0][0] != evcommon.POST_VERIFY_VOTE:
evlog.log_error('Unknown query parameter "%s"' % params[0][0])
bad_parameters()
return
# Make sure the parameter is correctly formatted.
if not formatutil.is_vote_verification_id(params[0][1]):
# Don't write to disk; we don't know how large the value is
evlog.log_error("Malformed vote ID")
bad_parameters()
return
evlog.log("verif/auth REMOTE_ADDR: " + evlogdata.get_remote_ip())
evlog.log("verif/auth VOTE-ID: " + params[0][1])
params.append((evcommon.POST_SESS_ID, sessionid.voting()))
url = "http://" + elec.get_hts_ip() + "/" + elec.get_hts_verify_path()
conn = urllib.urlopen(url, urllib.urlencode(params))
protocol.http_response(conn.read())
except:
evlog.log_exception()
technical_error()
def do_cgi():
try:
elec = election.Election()
evlog.AppLog().set_app(APP)
# Create a list of pairs from the form parameters. Don't use a dictionary
# because that will overwrite recurring keys.
form = cgi.FieldStorage()
params = []
for key in form:
for value in form.getlist(key):
params.append((key, value))
# Only accept up to a single parameter
if len(params) > 1:
def keys(pairs):
"""Return a comma-separated list of the keys."""
return ", ".join([pair[0] for pair in pairs])
evlog.log_error("Too many query parameters: " + keys(params))
bad_parameters()
return
# Only accept the POST_VERIFY_VOTE parameter.
if len(params) and params[0][0] != evcommon.POST_VERIFY_VOTE:
evlog.log_error("Unknown query parameter \"%s\"" % params[0][0])
bad_parameters()
return
# Make sure the parameter is correctly formatted.
if not formatutil.is_vote_verification_id(params[0][1]):
# Don't write to disk; we don't know how large the value is
evlog.log_error("Malformed vote ID")
bad_parameters()
return
evlog.log("verif/auth REMOTE_ADDR: " + evlogdata.get_remote_ip())
evlog.log("verif/auth VOTE-ID: " + params[0][1])
params.append((evcommon.POST_SESS_ID, sessionid.voting()))
url = "http://" + elec.get_hts_ip() + "/" + elec.get_hts_verify_path()
conn = urllib.urlopen(url, urllib.urlencode(params))
protocol.http_response(conn.read())
except:
evlog.log_exception()
technical_error()
def _main(expected, cmd):
state = election.ElectionState().get()
if state == int(expected):
evlog.log(LOG_EXECUTING % cmd)
if cmd == COMMAND_START:
_execute_start()
elif cmd == COMMAND_PREPARE_STOP:
_execute_prepare_stop()
elif cmd == COMMAND_STOP:
_execute_stop()
else:
evlog.log_error(LOG_ERROR_UNKNOWN % cmd)
raise Exception
_signal_ui()
else:
evlog.log_error(LOG_ERROR_STATE % (cmd, state, expected))
_clean_reg(cmd)
def __poll_auth(self):
service = MobileIDService()
rsp = service.poll_auth(self.ctx())
if rsp._Status == 'OUTSTANDING_TRANSACTION':
return protocol.msg_mobid_poll()
if rsp._Status == 'USER_AUTHENTICATED':
evlog.log('Received USER_AUTHENTICATED from DDS')
c1, c2 = self.ctx().verify_challenge(rsp._Signature)
if not c1:
evlog.log_error(c2)
return self.__return_mid_error('Autentimine ebaõnnestus')
return self.__get_candidate_list()
return self.__return_mid_error(rsp._Status)
def __poll_auth(self):
service = MobileIDService()
rsp = service.poll_auth(self.ctx())
if rsp._Status == 'OUTSTANDING_TRANSACTION':
return protocol.msg_mobid_poll()
if rsp._Status == 'USER_AUTHENTICATED':
evlog.log('Received USER_AUTHENTICATED from DDS')
c1, c2 = self.ctx().verify_challenge(rsp._Signature)
if not c1:
evlog.log_error(c2)
return self.__return_mid_error('Autentimine ebaõnnestus')
return self.__get_candidate_list()
return self.__return_mid_error(rsp._Status)
def _revoke_vote_id(voter_code):
elec = Election()
otps = set()
for quest in elec.get_questions():
reg = elec.get_sub_reg(quest)
key = htscommon.get_user_key(voter_code)
if reg.check(key + [htscommon.VOTE_VERIFICATION_ID_FILENAME]):
otp = reg.read_string_value(key, \
htscommon.VOTE_VERIFICATION_ID_FILENAME)
otps.add(otp.value)
evlog.log("Revoking vote ID %s" % otp)
if not _delete_vote_id(otp.value):
evlog.log_error("No such vote-ID: %s" % otp)
otp.delete()
if len(otps) > 1:
evlog.log_error("The voter %s had multiple vote ID-s: %s" % \
(voter_code, ", ".join(otps)))
def hts_repeat_check(self, valid_person):
ik = valid_person[0]
evlog.AppLog().set_person(ik)
evlog.log("Korduvhääletuse kontroll")
params = {}
params[evcommon.POST_PERSONAL_CODE] = ik
params[evcommon.POST_VOTERS_FILES_SHA256] = Election().get_voters_files_sha256()
params[evcommon.POST_SESS_ID] = sessionid.voting()
hts_connector = HTSConnector(params)
if not hts_connector.work():
hts_connector.error.user_code = evcommon.EVOTE_REPEAT_ERROR
return self.__return_error(hts_connector.error)
retcode = hts_connector.answer[1]
ans = "<br>".join(hts_connector.answer[2:])
return retcode, ans
def __get_candidate_list(self, valid_person):
cand_ok, cand_msg = self.__hes.get_candidate_list(valid_person)
if not cand_ok == evcommon.EVOTE_OK:
return self.__return_error(cand_ok, cand_msg)
korduv_ret, korduv_msg = self.__hes.hts_repeat_check(valid_person)
if korduv_ret == evcommon.EVOTE_REPEAT_NO:
evlog.log('Kandidaatide nimekiri väljastati A')
return protocol.msg_ok(cand_msg)
elif korduv_ret == evcommon.EVOTE_REPEAT_YES:
evlog.log('Kandidaatide nimekiri väljastati B')
return protocol.msg_repeat(cand_msg, korduv_msg)
elif korduv_ret == evcommon.EVOTE_REPEAT_NOT_CONSISTENT:
r1, r2 = protocol.plain_error_maintainance()
return self.__return_error(r1, r2)
else:
return self.__return_error(evcommon.EVOTE_ERROR, korduv_msg)
def hts_repeat_check(self, valid_person):
ik = valid_person[0]
evlog.AppLog().set_person(ik)
evlog.log('Korduvhääletuse kontroll')
params = {}
params[evcommon.POST_PERSONAL_CODE] = ik
params[evcommon.POST_VOTERS_FILES_SHA256] = \
Election().get_voters_files_sha256()
params[evcommon.POST_SESS_ID] = sessionid.voting()
hts_connector = HTSConnector(params)
if not hts_connector.work():
hts_connector.error.user_code = evcommon.EVOTE_REPEAT_ERROR
return self.__return_error(hts_connector.error)
retcode = hts_connector.answer[1]
ans = '<br>'.join(hts_connector.answer[2:])
return retcode, ans
def __get_candidate_list(self, valid_person):
cand_ok, cand_msg = self.__hes.get_candidate_list(valid_person)
if not cand_ok == evcommon.EVOTE_OK:
return self.__return_error(cand_ok, cand_msg)
korduv_ret, korduv_msg = self.__hes.hts_repeat_check(valid_person)
if korduv_ret == evcommon.EVOTE_REPEAT_NO:
evlog.log('Kandidaatide nimekiri väljastati A')
return protocol.msg_ok(cand_msg)
elif korduv_ret == evcommon.EVOTE_REPEAT_YES:
evlog.log('Kandidaatide nimekiri väljastati B')
return protocol.msg_repeat(cand_msg, korduv_msg)
elif korduv_ret == evcommon.EVOTE_REPEAT_NOT_CONSISTENT:
r1, r2 = protocol.plain_error_maintainance()
return self.__return_error(r1, r2)
else:
return self.__return_error(evcommon.EVOTE_ERROR, korduv_msg)
def schedule(cmd, tstruct):
sched = scheduled(cmd)
if sched:
job, timestr = sched
evlog.log_error(LOG_ERROR_SCHEDULED % (cmd, job, timestr))
print UI_ERROR_SCHEDULED % (cmd, job, timestr)
return
timestr = time.strftime(TIME_FORMAT, tstruct)
job = _at(timestr, "python -m %s %i %s" % (MODULE_AUTOCMD, EXPECTED[cmd], cmd))
if not job:
evlog.log_error(LOG_ERROR_SCHEDULE % cmd)
print UI_ERROR_SCHEDULE % cmd
return
reg = evreg.Registry(root=evcommon.EVREG_CONFIG)
reg.ensure_key(AUTOCMD_KEY)
reg.create_integer_value(AUTOCMD_KEY, _job_value(cmd), job)
reg.create_string_value(AUTOCMD_KEY, _time_value(cmd), timestr)
evlog.log(LOG_SCHEDULED % (cmd, job, timestr))
print UI_SCHEDULED % (cmd, job, timestr)
def compose_list(self):
questions = Election().get_questions_obj("hes")
for quest in questions:
voter = quest.get_voter(self._ik)
if voter is None:
continue
# Read voter's name from voters list
self._pname = voter["nimi"]
elid = quest.qname()
self._name_type = self._name_type + elid + ":" + str(quest.get_type()) + "\t"
kandidaadid = quest.choices_to_voter(voter)
evlog.log(
"Ringkond: %s-%s-%s-%s-%s"
% (
elid,
voter["jaoskond_omavalitsus"],
voter["jaoskond"],
voter["ringkond_omavalitsus"],
voter["ringkond"],
)
)
self._list.append(kandidaadid)
def __talleta(self, binvote):
store = HTSStore()
new_otp = False
try:
store.verify_vote(binvote)
evlog.log('Hääle allkirjastaja: %s' % store.signercode)
store.extract_questions()
store.create_actions()
store.revoke_vote_id()
vote_id = store.issue_vote_id()
evlog.log("Issued vote ID %s to %s for BDOC %s" % \
(vote_id, store.signercode, ksum.votehash(store.signed_vote)))
new_otp = True
store.store_votes()
except HTSStoreException as e:
evlog.log_error(store.log_msg)
if new_otp:
store.revoke_vote_id()
return e.ret, store.user_msg
return evcommon.EVOTE_OK, vote_id
def init_auth(self, phone):
try:
evlog.log("Autentimispäring: ALGUS %s" % (phone))
if not ElectionState().election_on():
r1, r2 = ElectionState().election_off_msg()
return protocol.msg_error(r1, r2)
self.ctx().set_phone(phone)
self.ctx().generate_challenge()
service = MobileIDService()
rsp_cert = service.get_cert(self.ctx())
if not (rsp_cert._SignCertStatus == 'OK'):
return self.__return_mid_error(rsp_cert._SignCertStatus)
if rsp_cert._AuthCertStatus == 'OK':
res, err = cert_ok(rsp_cert._AuthCertData)
if not res:
evlog.log_error(err)
return self.__return_mid_policy_error()
else:
return self.__return_mid_error(rsp_cert._AuthCertStatus)
rsp = service.init_auth(self.ctx())
if rsp._Status == 'OK':
self.ctx().save_post_auth(rsp)
evlog.log('Autentimispäring (%s, %s, %s, %s)' % \
(rsp._UserIDCode, rsp._UserGivenname, \
rsp._UserSurname, rsp._Challenge))
return protocol.msg_mobid_auth_init_ok(\
self.ctx().sessid(), rsp._ChallengeID)
return self.__return_mid_error(rsp._Status)
except httplib.BadStatusLine, exc:
return self.__return_badstatusline_error(exc)
def init_auth(self, phone):
try:
evlog.log("Autentimispäring: ALGUS %s" % (phone))
if not ElectionState().election_on():
r1, r2 = ElectionState().election_off_msg()
return protocol.msg_error(r1, r2)
self.ctx().set_phone(phone)
self.ctx().generate_challenge()
service = MobileIDService()
rsp_cert = service.get_cert(self.ctx())
if not (rsp_cert._SignCertStatus == 'OK'):
return self.__return_mid_error(rsp_cert._SignCertStatus)
if rsp_cert._AuthCertStatus == 'OK':
res, err = cert_ok(rsp_cert._AuthCertData)
if not res:
evlog.log_error(err)
return self.__return_mid_policy_error()
else:
return self.__return_mid_error(rsp_cert._AuthCertStatus)
rsp = service.init_auth(self.ctx())
if rsp._Status == 'OK':
self.ctx().save_post_auth(rsp)
evlog.log('Autentimispäring (%s, %s, %s, %s)' % \
(rsp._UserIDCode, rsp._UserGivenname, \
rsp._UserSurname, rsp._Challenge))
return protocol.msg_mobid_auth_init_ok(\
self.ctx().sessid(), rsp._ChallengeID)
return self.__return_mid_error(rsp._Status)
except httplib.BadStatusLine, exc:
return self.__return_badstatusline_error(exc)
def init_sign(self, form):
try:
evlog.log('Signeerimispäring: ALGUS')
if not self.ctx().auth_succ():
raise Exception('Autentimata sessioon')
self.ctx().load_pre_sign()
service = MobileIDService()
for el in form:
if el == evcommon.POST_SESS_ID:
pass
elif el == evcommon.POST_EVOTE:
b64 = form.getvalue(el)
votes = mobid_vote_data(b64)
for el in votes:
vote = base64.b64decode(votes[el])
service.add_file(el, vote)
self.ctx().add_votefile(el, vote)
self.ctx().set_origvote(b64)
else:
raise Exception('Vigane päringuparameeter %s' % el)
if service.files() < 1:
raise Exception('Ei ole hääli, mida signeerida')
r1, r2, r3 = service.init_sign(self.ctx())
if r1:
self.ctx().save_post_sign(r2)
return protocol.msg_mobid_sign_init_ok(r3)
return self.__return_mid_error(r2)
except httplib.BadStatusLine, exc:
return self.__return_badstatusline_error(exc)
def init_sign(self, form):
try:
evlog.log('Signeerimispäring: ALGUS')
if not self.ctx().auth_succ():
raise Exception('Autentimata sessioon')
self.ctx().load_pre_sign()
service = MobileIDService()
for el in form:
if el == evcommon.POST_SESS_ID:
pass
elif el == evcommon.POST_EVOTE:
b64 = form.getvalue(el)
votes = mobid_vote_data(b64)
for el in votes:
vote = base64.b64decode(votes[el])
service.add_file(el, vote)
self.ctx().add_votefile(el, vote)
self.ctx().set_origvote(b64)
else:
raise Exception('Vigane päringuparameeter %s' % el)
if service.files() < 1:
raise Exception('Ei ole hääli, mida signeerida')
r1, r2, r3 = service.init_sign(self.ctx())
if r1:
self.ctx().save_post_sign(r2)
return protocol.msg_mobid_sign_init_ok(r3)
return self.__return_mid_error(r2)
except httplib.BadStatusLine, exc:
return self.__return_badstatusline_error(exc)
def init_auth(self, phone):
try:
evlog.log("Autentimispäring: ALGUS %s" % (phone))
if not ElectionState().election_on():
r1, r2 = ElectionState().election_off_msg()
evlog.log_error('Viga operatsioonil "cand", teade "%s"' % r2)
return protocol.msg_error(r1, r2)
self.ctx().set_phone(phone)
self.ctx().generate_challenge()
service = MobileIDService()
rsp = service.init_auth(self.ctx())
if rsp._Status == 'OK':
rsp._CertificateData = rsp._CertificateData.strip()
self.ctx().save_post_auth(rsp)
alog, elog = evlogdata.get_cert_data_log(
rsp._CertificateData, 'cand/auth', True)
evlog.log('Autentimispäring (%s, %s, %s, %s)' %
(rsp._UserIDCode, rsp._UserGivenname,
rsp._UserSurname, rsp._Challenge))
evlog.log(alog)
if elog:
evlog.log_error(elog)
return protocol.msg_mobid_auth_init_ok(self.ctx().sessid(),
rsp._ChallengeID)
return self.__return_mid_error(rsp._Status)
except httplib.BadStatusLine as exc:
return self.__return_badstatusline_error(exc)
except ZSI.FaultException as exc:
return self.__return_zsi_error(exc)
except:
return self.__return_exception()
finally:
evlog.log('Autentimispäring: LÕPP')
def init_auth(self, phone):
try:
evlog.log("Autentimispäring: ALGUS %s" % (phone))
if not ElectionState().election_on():
r1, r2 = ElectionState().election_off_msg()
evlog.log_error('Viga operatsioonil "cand", teade "%s"' % r2)
return protocol.msg_error(r1, r2)
self.ctx().set_phone(phone)
self.ctx().generate_challenge()
service = MobileIDService()
rsp = service.init_auth(self.ctx())
if rsp._Status == "OK":
rsp._CertificateData = rsp._CertificateData.strip()
self.ctx().save_post_auth(rsp)
alog, elog = evlogdata.get_cert_data_log(rsp._CertificateData, "cand/auth", True)
evlog.log(
"Autentimispäring (%s, %s, %s, %s)"
% (rsp._UserIDCode, rsp._UserGivenname, rsp._UserSurname, rsp._Challenge)
)
evlog.log(alog)
if elog:
evlog.log_error(elog)
return protocol.msg_mobid_auth_init_ok(self.ctx().sessid(), rsp._ChallengeID)
return self.__return_mid_error(rsp._Status)
except httplib.BadStatusLine as exc:
return self.__return_badstatusline_error(exc)
except ZSI.FaultException as exc:
return self.__return_zsi_error(exc)
except:
return self.__return_exception()
finally:
evlog.log("Autentimispäring: LÕPP")
def init_sign(self, form):
try:
evlog.log('Signeerimispäring: ALGUS')
if not self.ctx().check_session():
return self.__return_error(evcommon.EVOTE_ERROR,
evmessage.EV_ERRORS.SEANSS_PUUDUB)
self.ctx().load_pre_sign()
service = MobileIDService()
for el in form:
if el == evcommon.POST_SESS_ID:
pass
elif el == evcommon.POST_EVOTE:
b64 = form.getvalue(el)
votes = mobid_vote_data(b64)
for el in votes:
vote = votes[el]
service.add_file(el, vote)
self.ctx().add_votefile(el, vote)
self.ctx().set_origvote(b64)
else:
raise Exception('Vigane päringuparameeter %s' % el)
if service.files() < 1:
raise Exception('Ei ole hääli, mida signeerida')
r1, r2, r3 = service.init_sign(self.ctx())
if r1:
self.ctx().save_post_sign(r2)
evlog.log('Signeerimispäring (%s)' % r2)
return protocol.msg_mobid_sign_init_ok(r3)
return self.__return_mid_error(r2)
except httplib.BadStatusLine as exc:
return self.__return_badstatusline_error(exc)
except ZSI.FaultException as exc:
return self.__return_zsi_error(exc)
except:
return self.__return_exception()
finally:
evlog.log('Signeerimispäring: LÕPP')
def check_vote(self, mobid):
try:
bdocpython.initialize()
conf = bdocconfig.BDocConfig()
conf.load(Election().get_bdoc_conf())
alines = []
elines = []
if mobid:
alines, elines = \
regrights.analyze_signature_for_log(self._decoded_vote)
else:
alines, elines = \
regrights.analyze_vote_for_log(self._decoded_vote)
for el in alines:
evlog.log(el)
for el in elines:
evlog.log_error(el)
res = None
if mobid:
res = regrights.check_vote_hes_mobid(self._decoded_vote, conf)
else:
res = regrights.check_vote_hes(self._decoded_vote, conf)
if not res.result:
self.error.log_msg = res.error
if self.error.user_msg == '':
self.error.user_msg = evmessage.EV_ERRORS.TEHNILINE_VIGA
self.error.user_code = evcommon.EVOTE_ERROR
if not res.cert_is_valid:
self.error.user_msg =\
evmessage.EV_ERRORS.SERTIFIKAAT_ON_AEGUNUD
self.error.user_code = evcommon.EVOTE_CERT_ERROR
return False
ik_ver = regrights.get_personal_code(res.subject)
if self._ik != ik_ver:
self.error.log_msg = \
'Autentija (%s) ja allkirjastaja (%s) erinevad' % \
(self._ik, ik_ver)
self.error.user_msg = \
evmessage.EV_ERRORS.TEHNILINE_VIGA
self.error.user_code = evcommon.EVOTE_ERROR
return False
return True
except:
self.error.user_msg = evmessage.EV_ERRORS.TEHNILINE_VIGA
self.error.user_code = evcommon.EVOTE_ERROR
self.error.log_msg = exception_msg.trace()
finally:
bdocpython.terminate()
return False
def do_log(prefix):
alog, elog = get_loglines(prefix)
for el in alog:
evlog.log(el)
for el in elog:
evlog.log_error(el)
if r1:
self.ctx().save_post_sign(r2)
return protocol.msg_mobid_sign_init_ok(r3)
return self.__return_mid_error(r2)
except httplib.BadStatusLine, exc:
return self.__return_badstatusline_error(exc)
except ZSI.FaultException, exc:
return self.__return_zsi_error(exc)
except:
return self.__return_exception()
finally:
evlog.log('Signeerimispäring: LÕPP')
def init_auth(self, phone):
try:
evlog.log("Autentimispäring: ALGUS %s" % (phone))
if not ElectionState().election_on():
r1, r2 = ElectionState().election_off_msg()
return protocol.msg_error(r1, r2)
self.ctx().set_phone(phone)
self.ctx().generate_challenge()
service = MobileIDService()
rsp_cert = service.get_cert(self.ctx())
if not (rsp_cert._SignCertStatus == 'OK'):
