Exemple #1
0
def checkCertificate(cert,keyPublic=crypto.loadPublicKey("TIS")):
    
    if cert.__len__()!=3:
       logging.error("Invalid certificate, (Data,PublicKey,Signature)")
       return False
    if not (crypto.verify_sign(keyPublic,(cert[0]+cert[1]),cert[2])):
        logging.error("Signature into certificate not verified")# check this!!!!!
        return False#check this!!!!

    return True
Exemple #2
0
    def getCertificate(self):

        logging.debug("Inside getCertificate")                        
            #try to create a socket
        logging.debug("Try to create socket")
        try:
            cli = socket.socket( socket.AF_INET,socket.SOCK_STREAM)  
        except:
            logging.error("Unable to open socket: ")
            cli.close()
            sys.exit(1)#check this!!!!!
        
        logging.debug("Try to connect at "+str(self.tisHost)+" port "+str(self.tisPort)) 
        try:
            cli.connect((self.tisHost, self.tisPort))
        except :
            logging.error("Unable to establish a connection")
            print traceback.print_exc()
            cli.close()
            sys.exit(1)#check this!!!!!
            #TIS+
        logging.debug("Try to retrive TIS public key")

        try:
            tis_public_key=crypto.loadPublicKey('TIS')
        except:
            logging.error("TIS public Key not found")
            cli.close()
            sys.exit(1)#check this!!!!!
            
        name=self.txt[0]+self.txt[1]
        logging.debug("Creation of keys u and n")
        #self.createKeys(name)    
        
        #create key pair   
        user=crypto.generateKeyPair()
        crypto.saveKeyPairs(user,name+"_U_")
        node=crypto.generateKeyPair()
        crypto.saveKeyPairs(node,name+"_N_")
            
            #U-
        logging.debug("Try to retrive U-")
        
        try:
            user_private_key=crypto.loadKeyPrivate(name+"_U_")
        except:
            logging.error("User private key not found")
            cli.close()
            sys.exit(1)#check this!!!!!
            
            #U+
        logging.debug("Try to retrive U+")
        try:
            user_public_key=crypto.loadPublicKey(name+"_U_")
        except:
            logging.error("User public key non found")
            cli.close()
            sys.exit(1)#check this!!!!!
            #N+ 
        logging.debug("Try to retrive N+")
        
        try:
            node_public_key=crypto.loadPublicKey(name+"_N_")
        except:
            logging.error("Node public key non found")
            cli.close()
            sys.exit(1)#check this!!!!!
        try:
            node_private_key=crypto.loadKeyPrivate(name+"_N_")
        except:
            logging.error("Node private key not found")
            cli.close()
            sys.exit(1)#check this!!!!!
  
        logging.debug("Try to retrive K")
        logging.debug("Try to send first pkt")
        try:
            temp=self.send_data_signed_encrypted(cli,(self.txt,user_public_key,node_public_key,self.pwd), tis_public_key,user_private_key ,node_private_key)
            if (temp==False):
                logging.error("Unable to send data")# check this!!!!!
                cli.close()
                sys.exit(1)
        except:
            logging.error("Unable to send data")# check this!!!!!
            cli.close()
            sys.exit(1)  
        
        logging.debug("Try to receive first packet")
        try:
            nonce=self.rcv_data_unsigned_decrypted(cli, tis_public_key,user_private_key )
            if not nonce:
                logging.error("Unable to receive data")
                cli.close()
                sys.exit(1)
        except:
            logging.error("Nonce not valid")
            cli.close()
            sys.exit(1)
        
        logging.debug("Try crypt nonce")   
        nonce_c=crypto.encrypt_AES(pickle.dumps(nonce, protocol=1),self.K,'00000000000000000000000000000000') 
        try:
            nonce_c=crypto.encrypt_AES(pickle.dumps(nonce, protocol=1),self.K,'00000000000000000000000000000000')
        except:
            logging.error("Unable to encrypt under K")
            cli.close()
            sys.exit()
        
        logging.debug("Try to send nonce")
        try:
            temp=self.send_data_signed_encrypted(cli,nonce_c, tis_public_key,user_private_key)
            if temp==False:
                logging.error("Unable to send data")# check this!!!!!
                cli.close()
                sys.exit(1)
        except:
            logging.error("Unable to send data")# check this!!!!!
            cli.close()
            sys.exit(1)   
            #  receiving credentiality
            #data_received = cli.recv(BUFSIZE)
        #self.BUFSIZE=10240
        logging.debug("Try to receive certificate")    
        cert=self.rcv_data_unsigned_decrypted(cli, tis_public_key, user_private_key)
        logging.debug("Saving certificate")
        (uidcert,nidcert, DHTLcert)=cert
        #self.BUFSIZE=1024
        #
        #logging.debug("Try to receive certificate")    
        #cert=self.rcv_data_unsigned_decrypted(cli, tis_public_key, user_private_key)
        #logging.debug("Saving certificate")
        
        logging.debug("Try to receive data of Core Node")
        #try:
        #Receiving core node data for the first friendship in one hope
        
        self.CN=self.rcv_data_unsigned_decrypted(cli, tis_public_key,user_private_key )
        pkeyBoot = self.CN[1][1] #esko: Receive nodeid,node public key from TIS 
        nidBoot = self.CN[1][0].encode('hex')
        tis_cert = self.CN[1][2]
        uidBoot = self.CN[0][0].encode('hex')
        bootAddress = self.CN[2]
        
        f=open('conf'+sep+'nodes.dat',"w")
        f.write(bootAddress + " 5000 4000 1 " + nidBoot)
        f.close()
        f=open('mypem/'+nidBoot+'_N_PKey.pem',"w")
        f.write(pkeyBoot)
        f.close() #esko end
        
        if not self.CN:
            logging.error("Unable to receive CN")
            cli.close()
            sys.exit(1)
        #I need cert of user and cert of node
        if self.CN.__len__()!=3:
           logging.error("Invalid data, i need two certificate of core node, user and node ")
           cli.close()
           sys.exit(1)
        if not functions.checkCertificate(self.CN[0],tis_public_key):
            logging.error("Invalid data, User certificate not valid ")
            cli.close()
            sys.exit(1)
        if not functions.checkCertificate(self.CN[1],tis_public_key):
            logging.error("Invalid data, Node certificate not valid ")
            cli.close()
            sys.exit(1)
        try:
            socket.inet_aton(self.CN[2])
            #TONY
            #print"cn[2] = "
            #print self.CN[2]
        except socket.error:
            logging.error("Invalid data, IP adress of core node not valid ")
            cli.close()
            sys.exit(1)
    
        f=open(constants.uid_filename,"w")
        f.write(uidcert[0].encode('hex'))
        f.close()
        
        f=open(constants.nid_filename,"w")
        f.write(nidcert[0].encode('hex'))
        f.close()
        
        #if not os.path.exists(constants.dhtfolder):
         #   os.makedirs(constants.dhtfolder)
        f2=open(constants.dhtfolder+os.sep+'DATA_'+uidcert[0].encode('hex'),"wb")
        
        lookUpData, cert_user, cert_node, friend_badge, online, ip_addr, trust = self.txt,uidcert,nidcert,None,False,'',1
        users = FRE(lookUpData, cert_user, cert_node, friend_badge, online, ip_addr, trust, "FRIENDSHIP_ESTABLISHED",[])
        
        certs_this_user = DHTLcert
        certs_this_user += [uidcert]
        cert_dhtlkeys = []
        cert_dhtlkeys += certs_this_user
        
        #saving the property list into a list into a structure ofa log calss
        names = ['name', 'surname', 'birth year', 'birth place', 'nationality']
        #[self.proplist.append((self.txt[i],DHTLcert[i])) for i in xrange(0,(names.__len__()))]
        #proplist=proplist[:3]+(male,)+proplist[3:]
        c=DHTLcert
        self.proplist=[]
        j=0
        for i in range(0,len(self.txt)):
            if i != 2:
                self.proplist.append([self.txt[i],c[j]])
                j+=1
            else:
                self.proplist.append([self.txt[i],None])
        
        #Adding empty property for ( mail, fixedtel, mobiletel, company, department, role, companymail, companytel, companymobiletel)
        for i in range(7,16):
            self.proplist.append(["",None])
            
        #adding the avatar
        f_avatar = open(self.avatar_name, 'rb' )
        binaryObject = f_avatar.read()
        f_avatar.close()
    
        self.proplist.append([b64encode(binaryObject),None])
        cta_box = {}
        d={}
        f2.write(str(b64encode(pickle.dumps(d, 2)))+"#")
        f2.write(str(b64encode(pickle.dumps(users, 2)))+"#")
        f2.write(str(b64encode(pickle.dumps(cert_dhtlkeys, 2)))+"#")
        f2.write(str(b64encode(pickle.dumps(cta_box, 2)))+"#")
#        pickle.dump(d, f2, 2) 
#        pickle.dump(users, f2, 2)
#        pickle.dump(cert_dhtlkeys, f2, 2)
#        pickle.dump(cta_box, f2, 2)
        f2.close()
        datamanager.createDatabase(uidcert[0].encode('hex'))
        datamanager.addPPIEntry(uidcert[0].encode('hex'), self.txt, self.avatar_name)
        db_filename = databaseNamePrefix +uidcert[0].encode('hex') + databaseNameExtension
        db_filename2 = databaseNamePrefix + uidcert[0].encode('hex') + databaseNameExtension
        conn = sqlite3.connect(db_filename)
        conn2 = sqlite3.connect(db_filename2)
        conn.isolation_level = None
        conn2.isolation_level = None
        c = conn.cursor()
        c2 = conn2.cursor()
        #c.execute(ppiInsertionQuery)
        #conn.commit()
        FDR = {}
        DDR = {}
        signedObject = [1]+[uidcert]+self.proplist + [crypto.sign(user_private_key, pickle.dumps([uidcert[0],uidcert]+self.proplist, pickle.HIGHEST_PROTOCOL))]
#        randomID = random.randint(0, 100000)
#        FDR[uidcert[0].encode('hex')] = [FDE(1, 0, 1, signedObject)]
#        DDR[randomID] = DDE(uidcert[0].encode('hex'), 0, 0)
#        c.execute("INSERT INTO BBB (id, data) VALUES (1, ?)", (str(b64encode(pickle.dumps(FDR, pickle.HIGHEST_PROTOCOL))),))
        c.execute('INSERT INTO FDR(UIDOWNER,Key_ID,DID,FCOUNT,Fr_ESDT) VALUES (?, ?,?, ?,?)', (uidcert[0].encode('hex'),0,1,1,b64encode(pickle.dumps(['PPI',1,0,signedObject]))))
#        c2.execute("INSERT INTO AAA (id, data) VALUES (1, ?)", (str(b64encode(pickle.dumps(DDR, pickle.HIGHEST_PROTOCOL))),))
    
        conn.commit()
        c.close()
        conn.close()
    
        conn2.commit()
        c2.close()
        conn2.close()

        crypto.saveKeyPairs(user, uidcert[0].encode('hex')+'_U_')
        crypto.saveKeyPairs(node, nidcert[0].encode('hex')+'_N_')
        
        f3=open(constants.bor_file,"wb")
        print self.CN[2]
        pickle.dump([self.CN[0],self.CN[1],self.CN[2],self.proplist],f3,pickle.HIGHEST_PROTOCOL)
        #pickle.dump([self.CN[0],self.CN[1],self.ipmap.get(self.CN[2]),self.proplist],f3,pickle.HIGHEST_PROTOCOL)
        f3.close()
        
        logging.debug("Removing old keys")
        os.remove('mypem'+os.sep+name+'_U_Keys.pem')
        os.remove('mypem'+os.sep+name+'_U_PKey.pem')
        os.remove('mypem'+os.sep+name+'_N_Keys.pem')
        os.remove('mypem'+os.sep+name+'_N_PKey.pem')

        cli.close()
        return cert