def PrepareMessage(self,message,alt_pgpkey=None, signmessage=True): # Send a message object. First serialize, then sign, then encrypt (if recipients are named), finally send. # First set the send time - ALWAYS USE UTC! Never use any local system timezone information self.recipient = message.recipient message.datetime_sent = current_time() serialized_message = json.dumps(message,default=jdefault,sort_keys=True) # Now PGP clearsign if enabled #print serialized_message serialized_message = textwrap.fill(serialized_message, 80, drop_whitespace=False) #print serialized_message if signmessage: final_clear_message = str(self.gpg.sign(serialized_message, keyid=self.mypgpkeyid,passphrase=self.pgp_passphrase )) else: final_clear_message = serialized_message # Now always encrypt if this is a directed message if self.recipient: # TODO: encrypt to alternate pgp key if ephemeral pgp message keys are enabled and we have one for this recipient print "PrepareMessage: calling recv keys" self.gpg.recv_keys('hkp://127.0.0.1:5000',self.recipient) # We don't really want to do this every time but it will do for now print "PrepareMessage: calling encrypt" final_message_raw = self.gpg.encrypt(final_clear_message,self.recipient,passphrase=self.pgp_passphrase, always_trust=True) if final_message_raw == False: # Encryption did not succeed - stop now print ("Encryption failed") return False else: final_message = str(final_message_raw) else: # This will be an unencrypted message (only for "posted" broadcast messages such as listings and open chat channels) final_message = final_clear_message # OK, ready to send return final_message
def GetMessage(self,rawmessage,alt_pgpkey=None,allow_unsigned=True): # Decode and return a message object. First decrypt if encrypted, then check outer signature if signed, the parse # json, then attempt to safely deserialize into a message object, then set received time, finally return message or error input_message_encrypted = False input_message_signed = False lrawmessage = str(rawmessage) # First set the send time - ALWAYS USE UTC! Never use any local system timezone information #### Step 1 - Is it encrypted? if lrawmessage.startswith('-----BEGIN PGP MESSAGE-----'): decrypt_msg = self.gpg.decrypt(lrawmessage, passphrase=self.pgp_passphrase ) if not str(decrypt_msg): print "Unable to decrypt received message, dropping message" return False else: clear_lrawmessage = str(decrypt_msg) input_message_encrypted = True else: clear_lrawmessage = lrawmessage #### Step 2 - Is it signed? # TODO - FIND OUT WHAT KEY WE NEED - IF WE DON'T HAVE IT THEN DEFER THIS MESSAGE WHILE THE KEY IS RETRIEVED if clear_lrawmessage.startswith('-----BEGIN PGP SIGNED MESSAGE-----'): verify_signature = self.gpg.verify(clear_lrawmessage) # if verify_signature.pubkey_fingerprint: # Proper signature check, full fp only returned if key present if verify_signature.key_id: # Weak signature check - TODO: TESTING ONLY! input_message_signed = True try: clear_strippedlrawmessage = clear_lrawmessage[clear_lrawmessage.index('{'):clear_lrawmessage.rindex('}')+1] except: return False else: return False else: print "WARNING: Unsigned message block identified..." if allow_unsigned: clear_strippedlrawmessage = clear_lrawmessage else: return False #### Step 3 - Is it a valid JSON message? clear_strippedlrawmessage = clear_strippedlrawmessage.replace('\n', '') # strip out all those newlines we added pre-signing message = Message() if message.loadjson(clear_strippedlrawmessage) == False: print "Could not decode JSON, dropping message. Message was " + clear_strippedlrawmessage return False else: # Finally make sure the sender keyid matches the signing keyid if not verify_signature.key_id == message.sender: print "WARNING! Apparent spoofed message - claiming to be from " + message.sender return False if input_message_encrypted: message.encrypted = True if input_message_signed: message.signed = True message.datetime_received = current_time() return message
def PrepareMessage(self, message, alt_pgpkey=None, signmessage=True): # Send a message object. First serialize, then sign, then encrypt (if recipients are named), finally send. # First set the send time - ALWAYS USE UTC! Never use any local system # timezone information self.recipient = message.recipient message.datetime_sent = current_time() serialized_message = json.dumps(message, default=jdefault, sort_keys=True) # Now PGP clearsign if enabled # print serialized_message serialized_message = textwrap.fill(serialized_message, 80, drop_whitespace=False) # print serialized_message if signmessage: final_clear_message = str( self.gpg.sign(serialized_message, keyid=self.mypgpkeyid, passphrase=self.pgp_passphrase)) else: final_clear_message = serialized_message # Now always encrypt if this is a directed message if self.recipient: # TODO: encrypt to alternate pgp key if ephemeral pgp message keys # are enabled and we have one for this recipient print "PrepareMessage: calling recv keys" # We don't really want to do this every time but it will do for now self.gpg.recv_keys('hkp://127.0.0.1:5000', self.recipient) print "PrepareMessage: calling encrypt" final_message_raw = self.gpg.encrypt( final_clear_message, self.recipient, passphrase=self.pgp_passphrase, always_trust=True) if final_message_raw == False: # Encryption did not succeed - stop now print("Encryption failed") return False else: final_message = str(final_message_raw) else: # This will be an unencrypted message (only for "posted" broadcast # messages such as listings and open chat channels) final_message = final_clear_message # OK, ready to send return final_message
def rebuild(self): print "Info: Rebuilding front end in-memory cache db" session = self.DBSession() session.query(self.cacheFullDirectory).delete() # full rebuild so clear the table session.commit() main_session = self.main_db.DBSession() # 1st copy over the current cacheDirectory as is cache_dir_res = main_session.query(self.main_db.cacheDirectory).all() for row in cache_dir_res: cache_dir_entry = self.cacheFullDirectory(key_id=row.key_id, updated=row.updated, display_name=row.display_name, is_active_user = True, # Since this is from the directory it must be an active user is_seller = row.is_seller, is_upl = row.is_upl, is_notary = row.is_notary, is_arbiter = row.is_arbiter, is_looking_glass = row.is_looking_glass) # aggregate_transactions = # TODO caclulate based on available cached UPL's # aggregate_feedback = # TODO caclulate based on available cached UPL's session.add(cache_dir_entry) session.commit() # our own key should go in now if it hasn't already come from the directory (this is usually only needed for the very first run following installation) my_entry = session.query(self.cacheFullDirectory).filter_by(key_id=self.my_key).first() if my_entry: pass # our key is already present else: my_dir_entry = self.cacheFullDirectory(key_id=self.my_key, updated=datetime.strptime(current_time(), "%Y-%m-%d %H:%M:%S"), is_contact=True, is_active_user=True, display_name = self.my_display_name) session.add(my_dir_entry) session.commit() # Now read in keyids from the users contacts, add these and update where necessary (usually the contact will also be in teh directory but not always) contacts_res = main_session.query(self.main_db.Contacts).all() for row in contacts_res: qry_res = session.query(self.cacheFullDirectory).filter_by(key_id=row.contact_key).first() if qry_res: qry_res.is_contact = True else: contact = self.cacheFullDirectory(key_id=row.contact_key, updated=datetime.strptime(current_time(), "%Y-%m-%d %H:%M:%S"),is_contact = True, display_name = row.display_name) session.add(contact) session.commit() # Now read in keyids from UPLs including notary lists, add these and update where necessary pass
def GetMessage(self, rawmessage, client_instance, topic, alt_pgpkey=None, allow_unsigned=True): # Decode and return a message object. First decrypt if encrypted, then check outer signature if signed, the parse # json, then attempt to safely deserialize into a message object, then # set received time, finally return message or error input_message_encrypted = False input_message_signed = False lrawmessage = str(rawmessage) # First set the send time - ALWAYS USE UTC! Never use any local system timezone information # Step 1 - Is it encrypted? if lrawmessage.startswith('-----BEGIN PGP MESSAGE-----'): decrypt_msg = self.gpg.decrypt(lrawmessage, passphrase=self.pgp_passphrase) if not str(decrypt_msg): print "Unable to decrypt received message, dropping message" return False else: clear_lrawmessage = str(decrypt_msg) input_message_encrypted = True else: clear_lrawmessage = lrawmessage # print clear_lrawmessage # Step 2 - Is it signed? if clear_lrawmessage.startswith('-----BEGIN PGP SIGNED MESSAGE-----'): tmp_key = False try: tmp_stripped_msg = clear_lrawmessage[clear_lrawmessage.index( '{'):clear_lrawmessage.rindex('}') + 1] # strip out all those newlines we added pre-signing tmp_stripped_msg = tmp_stripped_msg.replace('\n', '') tmp_message = Message() tmp_message.loadjson(tmp_stripped_msg) tmp_key = tmp_message.sender # we will need this when we finally get the key tmp_message.raw_message = rawmessage tmp_message.topic = topic except: print "Failed to parse json response and extract sender key id" return False if tmp_key: # check if this key needs to be retreived if got_pgpkey(client_instance.storageDB, tmp_key): print "Already have the necessary key " + tmp_key # we already have the key else: print "Need key " + tmp_key # defer message processing until key is retrieved # assign a temporary random id random_id = random.randrange(1, stop=999999999, step=1) client_instance.task_state_pgpkeys[tmp_key][ 'state'] = KEY_LOOKUP_STATE_INITIAL # create task request for a lookup client_instance.task_state_messages[random_id][ 'state'] = MSG_STATE_KEY_REQUESTED client_instance.task_state_messages[random_id][ 'message'] = tmp_message return MSG_STATE_KEY_REQUESTED else: print "Sending keyid could not be extracted from message - unable to verify sender key - dropping message..." # print clear_lrawmessage return False # print clear_lrawmessage if clear_lrawmessage.startswith('-----BEGIN PGP SIGNED MESSAGE-----'): signed = True verify_signature = self.gpg.verify(clear_lrawmessage) # if verify_signature.pubkey_fingerprint: # Proper signature check, # full fp only returned if key present if verify_signature.key_id: # Weak signature check - TODO: TESTING ONLY! input_message_signed = True try: clear_strippedlrawmessage = clear_lrawmessage[ clear_lrawmessage. index('{'):clear_lrawmessage.rindex('}') + 1] except: return False else: return False else: print "WARNING: Unsigned message block identified..." if allow_unsigned: clear_strippedlrawmessage = clear_lrawmessage signed = False else: return False # Step 3 - Is it a valid JSON message? clear_strippedlrawmessage = clear_strippedlrawmessage.replace( '\n', '') # strip out all those newlines we added pre-signing message = Message() if message.loadjson(clear_strippedlrawmessage) == False: print "Could not decode JSON, dropping message. Message was " + clear_strippedlrawmessage return False else: # Finally make sure the sender keyid matches the signing keyid if signed and not (verify_signature.key_id == message.sender): print "WARNING! Apparent spoofed message - claiming to be from " + message.sender return False if input_message_encrypted: message.encrypted = True if input_message_signed: message.signed = True message.datetime_received = current_time() message.topic = topic return message
def GetMessage(self, rawmessage, client_instance, topic, alt_pgpkey=None, allow_unsigned=True): # Decode and return a message object. First decrypt if encrypted, then check outer signature if signed, the parse # json, then attempt to safely deserialize into a message object, then # set received time, finally return message or error input_message_encrypted = False input_message_signed = False lrawmessage = str(rawmessage) # First set the send time - ALWAYS USE UTC! Never use any local system timezone information # Step 1 - Is it encrypted? if lrawmessage.startswith('-----BEGIN PGP MESSAGE-----'): decrypt_msg = self.gpg.decrypt( lrawmessage, passphrase=self.pgp_passphrase) if not str(decrypt_msg): print "Unable to decrypt received message, dropping message" return False else: clear_lrawmessage = str(decrypt_msg) input_message_encrypted = True else: clear_lrawmessage = lrawmessage # print clear_lrawmessage # Step 2 - Is it signed? if clear_lrawmessage.startswith('-----BEGIN PGP SIGNED MESSAGE-----'): tmp_key = False try: tmp_stripped_msg = clear_lrawmessage[ clear_lrawmessage.index('{'):clear_lrawmessage.rindex('}') + 1] # strip out all those newlines we added pre-signing tmp_stripped_msg = tmp_stripped_msg.replace('\n', '') tmp_message = Message() tmp_message.loadjson(tmp_stripped_msg) tmp_key = tmp_message.sender # we will need this when we finally get the key tmp_message.raw_message = rawmessage tmp_message.topic = topic except: print "Failed to parse json response and extract sender key id" return False if tmp_key: # check if this key needs to be retreived if got_pgpkey(client_instance.storageDB, tmp_key): print "Already have the necessary key " + tmp_key # we already have the key else: print "Need key " + tmp_key # defer message processing until key is retrieved # assign a temporary random id random_id = random.randrange(1, stop=999999999, step=1) client_instance.task_state_pgpkeys[tmp_key][ 'state'] = KEY_LOOKUP_STATE_INITIAL # create task request for a lookup client_instance.task_state_messages[random_id][ 'state'] = MSG_STATE_KEY_REQUESTED client_instance.task_state_messages[ random_id]['message'] = tmp_message return MSG_STATE_KEY_REQUESTED else: print "Sending keyid could not be extracted from message - unable to verify sender key - dropping message..." # print clear_lrawmessage return False # print clear_lrawmessage if clear_lrawmessage.startswith('-----BEGIN PGP SIGNED MESSAGE-----'): signed = True verify_signature = self.gpg.verify(clear_lrawmessage) # if verify_signature.pubkey_fingerprint: # Proper signature check, # full fp only returned if key present if verify_signature.key_id: # Weak signature check - TODO: TESTING ONLY! input_message_signed = True try: clear_strippedlrawmessage = clear_lrawmessage[ clear_lrawmessage.index('{'):clear_lrawmessage.rindex('}') + 1] except: return False else: return False else: print "WARNING: Unsigned message block identified..." if allow_unsigned: clear_strippedlrawmessage = clear_lrawmessage signed = False else: return False # Step 3 - Is it a valid JSON message? clear_strippedlrawmessage = clear_strippedlrawmessage.replace( '\n', '') # strip out all those newlines we added pre-signing message = Message() if message.loadjson(clear_strippedlrawmessage) == False: print "Could not decode JSON, dropping message. Message was " + clear_strippedlrawmessage return False else: # Finally make sure the sender keyid matches the signing keyid if signed and not (verify_signature.key_id == message.sender): print "WARNING! Apparent spoofed message - claiming to be from " + message.sender return False if input_message_encrypted: message.encrypted = True if input_message_signed: message.signed = True message.datetime_received = current_time() message.topic = topic return message