def wrap_fake(self, key, bitsize, cek, headers, point_x, point_y, aes_key): self._check_key(key) dk_size = self.keysize if self.keysize is None: if cek is not None: raise InvalidJWEOperation('ECDH-ES cannot use an existing CEK') alg = headers['enc'] dk_size = bitsize else: alg = headers['alg'] epk = JWK.generate(kty=key.key_type, crv=key.key_curve) dk = self._derive(epk.get_op_key('unwrapKey'), key.get_op_key('wrapKey'), alg, dk_size, headers) if self.keysize is None: ret = {'cek': aes_key} else: aeskw = self.aeskwmap[self.keysize]() kek = JWK(kty="oct", use="enc", k=base64url_encode(dk)) ret = aeskw.wrap(kek, bitsize, cek, headers) ret['header'] = { 'epk': { "crv": "P-256", "kty": "EC", "x": base64url_encode(int.to_bytes(point_x, 32, "big")), "y": base64url_encode(int.to_bytes(point_y, 32, "big")) } } return ret
def generate_authorization_request(configuration, registration, redirect_url, key: jwk.JWK): auth_url = configuration["authorization_endpoint"] client_id = registration["client_id"] pubkey = key.export_public(as_dict=True) pubkey.update({"alg": "RS256", "ext": True, "key_ops": ["verify"]}) nonce = secrets.token_urlsafe(24) request = { "redirect_uri": redirect_url, "display": "page", "nonce": nonce, "key": pubkey } print(request) # I can't seem to use jwcrypto to encode a jwt and sign it with the key, so let's just # install pyjwt and use that instead privatekey = key.export_to_pem(private_key=True, password=None) request_jwt = jwt.encode(request, key=None, algorithm=None) state = secrets.token_urlsafe(24) params = { "scope": "openid", "client_id": client_id, # TODO: This should be the values we added when registering "response_type": "id_token token", "request": request_jwt, "state": state, } p = Request('GET', auth_url, params=params).prepare() return p.url
def dump_pem_to_jwks(in_private): try: from jwcrypto.jwk import JWK, JWKSet except ImportError as e: msg = "You have to install jwcrypto to use this function" print(msg) raise ImportError(msg) from e with open(in_private, "rb") as privfile: data = privfile.read() jwk = JWK() jwk.import_from_pem(data) jwks = JWKSet() jwks.add(jwk) raw = jwks.export(private_keys=True) formatted = json.dumps(json.loads(raw), indent=2) with open("private.json", "w") as priv_jwks_file: priv_jwks_file.write(formatted) raw = jwks.export(private_keys=False) formatted = json.dumps(json.loads(raw), indent=2) with open("public.json", "w") as public_jwks_file: public_jwks_file.write(formatted)
def get_challenge(self, public_key: jwk.JWK): key_id = public_key.thumbprint(self._hasher_name) if not key_id in self._keys: self._keys[key_id] = public_key.export_public(as_dict=True) challenge = self._get_sts(key_id, expires_on=time.time() + self._ttl) challenge_hash = self._hashfn(challenge).digest() # if algorithm == 'rsa-sha256-pss': # signature = self._keypair.sign( # challenge_hash, # padding=PSS(mgf=MGF1(self._hasher_name), # salt_length=self._hasher_name.digest_size), # algorithm=self._hasher_name # ) if algorithm == 'rsa-sha256': signature = self._keypair.sign( challenge_hash, padding=PKCS1v15(), algorithm=self._hasher_name ) else: raise NotImplementedError('Cannot sign data: invalid algorithm') return ':'.join([_bytes_to_base64str(obj) for obj in [challenge_hash, signature, challenge]])
def wrap(self, key, bitsize, cek, headers): self._check_key(key) dk_size = self.keysize if self.keysize is None: if cek is not None: raise InvalidJWEOperation('ECDH-ES cannot use an existing CEK') alg = headers['enc'] dk_size = bitsize else: alg = headers['alg'] epk = JWK.generate(kty=key.key_type, crv=key.key_curve) dk = self._derive(epk.get_op_key('unwrapKey'), key.get_op_key('wrapKey'), alg, dk_size, headers) if self.keysize is None: ret = {'cek': dk} else: aeskw = self.aeskwmap[self.keysize]() kek = JWK(kty="oct", use="enc", k=base64url_encode(dk)) ret = aeskw.wrap(kek, bitsize, cek, headers) ret['header'] = {'epk': json_decode(epk.export_public())} return ret
def load_keys(save_path): fppub = open(os.path.join(save_path, "public.pem"), 'rb') fppriv = open(os.path.join(save_path, "private.pem"), 'rb') pub_key = JWK.from_pem(fppub.read()) priv_key = JWK.from_pem(fppriv.read()) fppub.close() fppriv.close() return {'public': pub_key, 'private': priv_key}
def __init__(self, host='localhost', port=7777, key=None): self.host = host self.port = port self.key = key with open('client_private.pem', mode='rb') as f: self.privkey = JWK.from_pem(f.read()) with open('server_public.pem', mode='rb') as f: self.server_pubkey = JWK.from_pem(f.read())
def server_keys(self): if self._server_keys is None: with open(self.config['server_keys']) as f: jsonkeys = f.read() dictkeys = json_decode(jsonkeys) self._server_keys = (JWK(**dictkeys[KEY_USAGE_SIG]), JWK(**dictkeys[KEY_USAGE_ENC])) return self._server_keys
def load_account(path): if not os.path.isfile(path): # 文件不存在 jwk = JWK.generate(kty='EC', crv='P-384') return {'jwk': jwk, 'uri': None} else: with open(path) as account_file: account = json_decode(account_file.read()) return {'jwk': JWK(**account['jwk']), 'uri': account['uri']}
def test_4_KEMClient_SET(self): server_keys = [JWK(**test_keys[kem.KEY_USAGE_SIG]), None] client_keys = [JWK(**self.client_keys[kem.KEY_USAGE_SIG]), JWK(**self.client_keys[kem.KEY_USAGE_ENC])] cli = kem.KEMClient(server_keys, client_keys) kh = kem.KEMHandler({'KEMKeysStore': self.kk}) req = cli.make_request("key name", "key value") kh.parse(req, "key name") self.assertEqual(kh.payload, "key value")
def _load_public(self, data): try: self._public = serialization.load_pem_public_key( b64decode(data), backend=self._backend) self._public_jwk = JWK() self._public_jwk.import_from_pyca(self._public) except Exception: # pragma: no cover LOGGER.error('Failed to parse public key starting with: %s', data[:26])
def _load_private(self, data): try: self._private = serialization.load_pem_private_key( b64decode(data), password=None, backend=self._backend) self._private_jwk = JWK() self._private_jwk.import_from_pyca(self._private) except Exception: # pragma: no cover LOGGER.error('Failed to parse private key starting with: %s', data[:28])
def server_keys(self): if self._server_keys is None: if 'server_keys' not in self.config: raise UnknownPublicKey("Server Keys not defined") skey = self.find_key(self.config['server_keys'], KEY_USAGE_SIG) ekey = self.find_key(self.config['server_keys'], KEY_USAGE_ENC) self._server_keys = [JWK(**(json_decode(skey))), JWK(**(json_decode(ekey)))] return self._server_keys
def generate(header, payload, priv_pem): priv_pem = json_decode(priv_pem.replace('\n', '\\n')) if priv_pem.startswith("-----BEGIN"): priv_key = JWK.from_pem(to_bytes_2and3(priv_pem)) else: priv_key = JWK(kty='oct', k=base64url_encode(priv_pem)) sig = JWS(payload) sig.add_signature(priv_key, protected=header) sys.stdout.write(sig.serialize(compact=True))
def parse(self, msg, name): """Parses the message. We check that the message is properly formatted. :param msg: a json-encoded value containing a JWS or JWE+JWS token :raises InvalidMessage: if the message cannot be parsed or validated :returns: A verified payload """ try: jtok = JWT(jwt=msg) except Exception as e: raise InvalidMessage('Failed to parse message: %s' % str(e)) try: token = jtok.token if isinstance(token, JWE): token.decrypt(self.kkstore.server_keys[KEY_USAGE_ENC]) # If an encrypted payload is received then there must be # a nested signed payload to verify the provenance. payload = token.payload.decode('utf-8') token = JWS() token.deserialize(payload) elif isinstance(token, JWS): pass else: raise TypeError("Invalid Token type: %s" % type(jtok)) # Retrieve client keys for later use self.client_keys = [ JWK(**self._get_key(token.jose_header, KEY_USAGE_SIG)), JWK(**self._get_key(token.jose_header, KEY_USAGE_ENC)) ] # verify token and get payload token.verify(self.client_keys[KEY_USAGE_SIG]) claims = json_decode(token.payload) except Exception as e: logger.debug('Failed to validate message', exc_info=True) raise InvalidMessage('Failed to validate message: %s' % str(e)) check_kem_claims(claims, name) self.name = name self.payload = claims.get('value') self.msg_type = 'kem' return { 'type': self.msg_type, 'value': { 'kid': self.client_keys[KEY_USAGE_ENC].key_id, 'claims': claims } }
def verify(sjws, pub_pem): sjws = json_decode(sjws) pub_pem = json_decode(pub_pem.replace('\n', '\\n')) if pub_pem.startswith("-----BEGIN"): pub_key = JWK.from_pem(to_bytes_2and3(pub_pem)) else: pub_key = JWK(kty='oct', k=base64url_encode(pub_pem)) sig = JWS() sig.deserialize(sjws, pub_key) sys.stdout.write(base64url_decode(json_decode(sig.serialize())['payload']))
def _decode_key(self, key): if key is None: return None elif isinstance(key, JWK): return key elif isinstance(key, dict): return JWK(**key) elif isinstance(key, str): return JWK(**(json_decode(key))) else: raise TypeError("Invalid key type")
def test_2_KEMClient(self): server_keys = [JWK(**test_keys[KEY_USAGE_SIG]), None] client_keys = [JWK(**self.client_keys[KEY_USAGE_SIG]), JWK(**self.client_keys[KEY_USAGE_ENC])] cli = KEMClient(server_keys, client_keys) kem = KEMHandler({'KEMKeysStore': self.kk}) req = cli.make_request("key name") kem.parse(req, "key name") msg = json_decode(kem.reply('key value')) rep = cli.parse_reply("key name", msg['value']) self.assertEqual(rep, 'key value')
def newJwk(**key_args): """Create a new JWK obkject with a 'kid' attribute that contains the key's thumbprint. """ from .keystore import keystore if not key_args: jwk = JWK(generate="EC", size=256) else: jwk = JWK(**key_args) jwk._params["kid"] = thumbprint(jwk) keystore().add(jwk) return jwk
def test_1_Parse_GET(self): cli_skey = JWK(**self.client_keys[0]) jtok = make_sig_kem("mykey", None, cli_skey, "RS256") kem = KEMHandler({'KEMKeysStore': self.kk}) kem.parse(jtok, "mykey") out = kem.reply('output') jtok = JWT(jwt=json_decode(out)['value']) cli_ekey = JWK(**self.client_keys[1]) jtok.token.decrypt(cli_ekey) nested = jtok.token.payload jtok = JWT(jwt=nested.decode('utf-8')) jtok.token.verify(JWK(**test_keys[0])) payload = json_decode(jtok.token.payload)['value'] self.assertEqual(payload, 'output')
def test_3_KEMClient(self): server_keys = [JWK(**test_keys[kem.KEY_USAGE_SIG]), JWK(**test_keys[kem.KEY_USAGE_ENC])] client_keys = [JWK(**self.client_keys[kem.KEY_USAGE_SIG]), JWK(**self.client_keys[kem.KEY_USAGE_ENC])] cli = kem.KEMClient(server_keys, client_keys) kh = kem.KEMHandler({'KEMKeysStore': self.kk}) req = cli.make_request("key name", encalg=('RSA-OAEP', 'A256CBC-HS512')) kh.parse(req, "key name") msg = kh.reply('key value') self.assertEqual(msg, json_decode(json_encode(msg))) rep = cli.parse_reply("key name", msg['value']) self.assertEqual(rep, 'key value')
def newServerKeys(path, keyid): skey = JWK(generate='RSA', use='sig', kid=keyid) ekey = JWK(generate='RSA', use='enc', kid=keyid) with open(path, 'w') as f: os.fchmod(f.fileno(), 0o600) os.fchown(f.fileno(), 0, 0) f.write('[%s,%s]' % (skey.export(), ekey.export())) return [skey.get_op_key('verify'), ekey.get_op_key('encrypt')]
def verify_certificate(jwt: JWT) -> JWK: """Get (and verify) the signing key from JWT.""" # First element in the header is our actual key try: decoding_key = JWK.from_pem( PEM_CERT_TEMPLATE.format(jwt.token.jose_header['x5c'][0]).encode()) except ValueError: raise InvalidCert('Cannot decode key.') if SETTINGS.metadata_service['disable_cert_verification']: return decoding_key if not SETTINGS.metadata_service['certificate']: raise CommandError( "Certificate verification enabled, but no certificate set. " "Please set certificate or disable validation.") # Create context and verify store = _prepare_crypto_store(jwt) decoding_cert = crypto.load_certificate( crypto.FILETYPE_PEM, PEM_CERT_TEMPLATE.format(jwt.token.jose_header['x5c'][0]).encode()) store_ctx = crypto.X509StoreContext(store, decoding_cert) try: store_ctx.verify_certificate() except crypto.X509StoreContextError: raise InvalidCert('Key could not be verified.') else: return decoding_key
def wrap(self, key, keylen, cek, headers): self._check_key(key) if self.keydatalen is None: if cek is not None: raise InvalidJWEOperation('ECDH-ES cannot use an existing CEK') keydatalen = keylen * 8 alg = headers['enc'] else: keydatalen = self.keydatalen alg = headers['alg'] epk = JWK.generate(kty=key.key_type, crv=key.key_curve) dk = self._derive(epk.get_op_key('unwrapKey'), key.get_op_key('wrapKey'), alg, keydatalen, headers) if self.keydatalen is None: ret = {'cek': dk} else: aeskw = _AesKw(keydatalen) kek = JWK(kty="oct", use="enc", k=base64url_encode(dk)) ret = aeskw.wrap(kek, keydatalen // 8, cek, headers) ret['header'] = {'epk': json_decode(epk.export_public())} return ret
def handle(self, *args, **options: dict): configDir: str = os.path.dirname( os.getenv('ENV_FILE', '/secrets/env.json')) self.stdout.write('Key files will be written to ' f'directory "{configDir}"...') self.keyFileBasePathName = os.path.join( configDir, options.get(self.baseNameOption)) self.stdout.write('Generating key...') key: RsaKey = RSA.generate(4096) self.stdout.write('Preparing private and public key strings...') privateKey: bytes = key.exportKey() publicKey: bytes = key.publickey().exportKey() jwk_obj: JWK = JWK.from_pem(publicKey) public_jwk: dict = { **json.loads(jwk_obj.export_public()), **{ 'alg': 'RS256', 'use': 'sig' } } self._writeKeyFile(self.KeyFileType.PRIVATE, privateKey.decode('utf-8')) self._writeKeyFile(self.KeyFileType.PUBLIC, publicKey.decode('utf-8')) self._writeKeyFile(self.KeyFileType.JWK, json.dumps(public_jwk))
def _verify(self, prop: str, key: JWK, alg: Optional[AlgorithmName], header: JsonObject, signer: Optional[JsonObject], patch_header: _PatchHeader) -> None: a = self._get_alg(alg, signer or header, InvalidJWSSignature) # Prepare payload for verification algorithm payload = copy(self._payload) h = copy(header) s = copy(signer) signature = base64url_decode((s or h).pop(_VALUE)) exclude = h.pop(_EXCLUDES, []) for x in exclude: payload.pop(x, None) h.update(patch_header(s)) payload[prop] = h canonical = _dumpb(payload) # Verify signature if key is None: key = JWK(**((s or h).get(_PUBLICKEY, None))) c = JWSCore(a, key, header=None, payload='', algs=self._allowed_algs) c.engine.verify(key, canonical, signature)
def get_public_key(self): public_key_set = self._registration.get_key_set() key_set_url = self._registration.get_key_set_url() if not public_key_set: if key_set_url.startswith(('http://', 'https://')): public_key_set = self.fetch_public_key(key_set_url) self._registration.set_key_set(public_key_set) else: raise LtiException("Invalid URL: " + key_set_url) # Find key used to sign the JWT (matches the KID in the header) kid = self._jwt.get('header', {}).get('kid', None) alg = self._jwt.get('header', {}).get('alg', None) if not kid: raise LtiException("JWT KID not found") if not alg: raise LtiException("JWT ALG not found") for key in public_key_set['keys']: key_kid = key.get('kid') key_alg = key.get('alg', 'RS256') if key_kid and key_kid == kid and key_alg == alg: try: key_json = json.dumps(key) jwk_obj = JWK.from_json(key_json) return jwk_obj.export_to_pem() except (ValueError, TypeError): raise LtiException("Can't convert JWT key to PEM format") # Could not find public key with a matching kid and alg. raise LtiException("Unable to find public key")
def get_jwk(cls, public_key): # type: (str) -> t.Mapping[str, t.Any] jwk_obj = JWK.from_pem(public_key.encode('utf-8')) public_jwk = json.loads(jwk_obj.export_public()) public_jwk['alg'] = 'RS256' public_jwk['use'] = 'sig' return public_jwk
def make_tok(self, key, alg, name): pri_key = JWK(**key) protected = {"typ": "JOSE+JSON", "kid": key['kid'], "alg": alg} plaintext = {"sub": name, "exp": int(time.time()) + (5 * 60)} jws = JWS(payload=json_encode(plaintext)) jws.add_signature(pri_key, None, json_encode(protected)) return jws.serialize()
def _get_key(self, alg, key, p2s, p2c): if isinstance(key, bytes): plain = key else: plain = key.encode('utf8') salt = bytes(self.name.encode('utf8')) + b'\x00' + p2s if self.hashsize == 256: hashalg = hashes.SHA256() elif self.hashsize == 384: hashalg = hashes.SHA384() elif self.hashsize == 512: hashalg = hashes.SHA512() else: raise ValueError('Unknown Hash Size') kdf = PBKDF2HMAC(algorithm=hashalg, length=_inbytes(self.keysize), salt=salt, iterations=p2c, backend=self.backend) rk = kdf.derive(plain) if _bitsize(rk) != self.keysize: raise InvalidJWEKeyLength(self.keysize, len(rk)) return JWK(kty="oct", use="enc", k=base64url_encode(rk))
def create_JWK(): """Create a private key and return it formatted as JWK """ # Generate the private key using Ethereum methods acc = Account.create( extra_entropy= "Alastria is the first Public-Permissioned Blockchain Network") # Get the public key publicKey = PublicKey.from_private(acc._key_obj) # The public key is 64 bytes composed of the x and y curve coordinates # x and y are each 32 bytes long # We convert x and y to hex, so the dictionary can be converted to JSON x = publicKey[:32] y = publicKey[32:] # Create the Json Web Key (JWK) representation, as specified by W3C DID Document format key_JWK = JWK(kty="EC", crv="secp256k1", d=base64url_encode(acc.privateKey), x=base64url_encode(x), y=base64url_encode(y)) return key_JWK
def _load_public(self, data): try: self._public = serialization.load_pem_public_key( b64decode(data), backend=self._backend) self._public_jwk = JWK() self._public_jwk.import_from_pyca(self._public) except Exception: # pragma: no cover LOGGER.error( 'Failed to parse public key starting with: %s', data[:26])
def _load_private(self, data): try: self._private = serialization.load_pem_private_key( b64decode(data), password=None, backend=self._backend) self._private_jwk = JWK() self._private_jwk.import_from_pyca(self._private) except Exception: # pragma: no cover LOGGER.error( 'Failed to parse private key starting with: %s', data[:28])
def __init__(self, config, section): super(EncryptedOverlay, self).__init__(config, section) self.store_name = self.backing_store self.store = None if (not os.path.isfile(self.master_key) and self.autogen_master_key): # XXX https://github.com/latchset/jwcrypto/issues/50 size = self.key_sizes.get(self.master_enctype, 512) key = JWK(generate='oct', size=size) with open(self.master_key, 'w') as f: os.fchmod(f.fileno(), 0o600) f.write(key.export()) with open(self.master_key) as f: data = f.read() key = json_decode(data) self.mkey = JWK(**key)
def unwrap(self, key, keylen, ek, headers): if 'epk' not in headers: raise InvalidJWEData('Invalid Header, missing "epk" parameter') self._check_key(key) if self.keydatalen is None: keydatalen = keylen * 8 alg = headers['enc'] else: keydatalen = self.keydatalen alg = headers['alg'] epk = JWK(**headers['epk']) dk = self._derive(key.get_op_key('unwrapKey'), epk.get_op_key('wrapKey'), alg, keydatalen, headers) if self.keydatalen is None: return dk else: aeskw = _AesKw(keydatalen) kek = JWK(kty="oct", use="enc", k=base64url_encode(dk)) cek = aeskw.unwrap(kek, keydatalen // 8, ek, headers) return cek
def test_upload_jwe(app, stats): # Encrypt the data with a wrong key. jwk = JWK.generate(kty='RSA') data = app.app.registry.crypto.encrypt( b'{"key": "wrong"}', _public_jwk=jwk) app.post('/v2/upload', data, headers={'Content-Type': 'text/plain'}, status=200) # Encrypt the data with a wrong algorithm. data = app.app.registry.crypto.encrypt( b'{"alg": "wrong"}', _protected='{"alg":"RSA-OAEP","enc":"A128CBC-HS256"}') app.post('/v2/upload', data, headers={'Content-Type': 'text/plain'}, status=400)
def Listen_Client(url,data,tport,q,header): try: while True: #print("---Thread---") HOST = '0.0.0.0' PORT = int(tport) conn = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) try: conn.bind((HOST, PORT)) print("Thread *** Bind is ready", PORT) except: print("Thread *** Connection bind failed") Listen_Client(url,data,PORT,q,header) info = conn.recvfrom(1024) #print(info) data = info[0].decode("utf-8") #print (data) addr = info[1] #print (addr) #print("-" * 60) #print('Thread *** connected by', addr) key = JWK(generate="RSA",public_exponent=29,size=1000) public_key = key.export_public() #print('Thread *** public key',public_key) conn.sendto(public_key.encode("utf-8"),addr) #otetaan viesti vastaan ja avataan try: conn.settimeout(60) encrypted_signed_token_info = conn.recvfrom(1024) encrypted_signed_token = encrypted_signed_token_info[0].decode("utf-8") #print(encrypted_signed_token) except: print('Thread *** time out') break E = JWE() E.deserialize(encrypted_signed_token, key) raw_payload = E.payload string = raw_payload.decode("utf-8") Payload = json.loads(string) #print("Thread *** received payload:", Payload['exp']) #käydään REST app kysymässä Kumokselta mac = str(Payload['exp']) myResponse = requests.get(url + mac,header) #print(url + mac,header) #print("Thread *** REST:", myResponse.status_code) #tarkistus if(myResponse.ok): print("Thread *** Found!") jData = json.loads(myResponse.content.decode("utf-8")) #print("The response contains {0} properties".format(len(jData))) conn.close() else: print("Thread *** Not found") answer="Good try <3" conn.send(answer.encode("utf-8")) #SDN irrottaa kyseisen laitteen verkosta break conn.close() #conn.close() print("Thread *** end") q.put(tport) except: #conn.close() q.put(tport) print("Thread *** Forced end")
def bench_RSA(self): """ Import key """ JWK.from_pem(to_bytes_2and3(priv_pem))
def newServerKeys(path, keyid): skey = JWK(generate='RSA', use='sig', kid=keyid) ekey = JWK(generate='RSA', use='enc', kid=keyid) with open(path, 'w+') as f: f.write('[%s,%s]' % (skey.export(), ekey.export())) return [skey.get_op_key('verify'), ekey.get_op_key('encrypt')]
def Listen_Client(url,data,tport,q,header): try: while True: HOST = '0.0.0.0' PORT = tport s = None for res in socket.getaddrinfo(HOST, PORT, socket.AF_UNSPEC, socket.SOCK_STREAM, 0, socket.AI_PASSIVE): af, socktype, proto, canonname, sa = res try: s = socket.socket(af, socktype, proto) s.setsockopt(socket.SOL_SOCKET,socket.SO_REUSEADDR,1) except socket.error as msg: print("Thread *** error message:",msg) s = None sys.exit(1) continue try: print("Thread",sa) s.bind(sa) s.listen(1) except socket.error as msg: print("Thread *** error message:",msg) s.close() s = None sys.exit(1) continue break if s is None: print("Thread *** could not open socket") break conn, addr = s.accept() while True: print("-" * 60) print('Thread *** connected by', addr) key = JWK(generate="RSA",public_exponent=29,size=1000) public_key = key.export_public() print('Thread *** public key',public_key) conn.send(public_key.encode("utf-8")) #otetaan viesti vastaan ja avataan try: conn.settimeout(20) encrypted_signed_token = conn.recv(1024).decode("utf-8") print(encrypted_signed_token) except: print('Thread *** time out') q.put(tport) break E = JWE() E.deserialize(encrypted_signed_token, key) raw_payload = E.payload string = raw_payload.decode("utf-8") Payload = json.loads(string) #print("Thread *** received payload:", Payload['exp']) while True: try: #käydään REST app kysymässä Kumokselta mac = str(Payload['exp']) myResponse = requests.get(url + mac,header) break except: print("Thread *** REST failed") print(url + mac,header) print("Thread *** REST:", myResponse.status_code) #tarkistus if(myResponse.ok): print("Thread *** Found!") jData = json.loads(myResponse.content.decode("utf-8")) print("The response contains {0} properties".format(len(jData))) elif myResponse.status_code==400: print("Baasbox is down or configuration file is wrong") break else: print("Thread *** Not found") answer="Good try <3" conn.send(answer.encode("utf-8")) q.put(tport) #SDN irrottaa kyseisen laitteen verkosta break conn.close() #break print("Thread *** end") print("-" * 60) except Exception as msg: print("Thread *** Forced end") print(msg) print("-" * 60)
def mainServer(q): filu = 'serverdaemon.ini' HOST = '0.0.0.0' #change to None if wanted listen from IPv6 address try: fp = open(filu, 'r+') Config.readfp(fp) url = Config.get('REST','url') header = Config.get('REST','header') tport = int(Config.get('DAEMON','port')) PORT = int(Config.get('DAEMON','port')) fp.close() except: filu = input('anna kansion nimi:') url = input('anna url:') header = input('anna header:') port = input('anna port:') cfgfile = open(filu,'w') try: Config.add_section('REST') Config.add_section('DAEMON') print("*** Created sections") except: print('*** sections already exists') Config.set('REST','url',url) Config.set('REST','header', header) Config.set('DAEMON','port',port) Config.write(cfgfile) cfgfile.close() tport = int(Config.get('DAEMON','port')) url = Config.get('REST','url') header = Config.get('REST','header') PORT = int(Config.get('DAEMON','port')) print("*** Created information.") header = ast.literal_eval(header) while True: s = None for res in socket.getaddrinfo(HOST, PORT, socket.AF_UNSPEC, socket.SOCK_STREAM, 0, socket.AI_PASSIVE): af, socktype, proto, canonname, sa = res try: s = socket.socket(af, socktype, proto) s.setsockopt(socket.SOL_SOCKET,socket.SO_REUSEADDR,1) except socket.error as msg: s = None continue try: #print('Main ***',sa) s.bind(sa) s.listen(1) except socket.error as msg: s.close() s = None continue break if s is None: print('Main *** Could not open socket') mainServer(q) #sys.exit(1) conn, addr = s.accept() print("*" * 60) print('Main *** Connected by', addr) try: conn.settimeout(5) data = conn.recv(1024).decode("utf-8") conn.settimeout(None) except: print("Main *** timeout") mainServer(q) print(data) #datan tarkistus ja säikeen aloitus if data=="I am Client": print("Main*** Right start message") #lähetetään julkinen avain key = JWK(generate="RSA",public_exponent=29,size=1000) public_key = key.export_public() conn.send(public_key.encode("utf-8")) #otetaan viesti vastaan ja avataan encrypted_signed_token = conn.recv(1024).decode("utf-8") print(encrypted_signed_token) E = JWE() E.deserialize(encrypted_signed_token, key) raw_payload = E.payload print("*** raw payload:",raw_payload) string = raw_payload.decode("utf-8") print("*** received str:", string) Payload = json.loads(string) print("*** JSON:",Payload) print("*** received payload:", Payload['exp']) while True: try: #käydään kysymässä onko listoilla mac = str(Payload['exp']) myResponse = requests.get(url + mac,header) print(url + mac,header) print("REST:", myResponse.status_code) break except: print("Main *** REST failed") if(myResponse.ok): print("Main *** Found!") jData = json.loads(myResponse.content.decode("utf-8")) print("The response contains {0} properties".format(len(jData))) #Kontrollerille viestiä, id configuroitavissa #{ #ip: string, #valid: bool #} #POST /iot-service/:id #Haetaan "listalta" if not q.empty(): free_port = q.get() conn.send(free_port.encode("utf-8")) else: tport = str(int(tport)+1) conn.send(tport.encode("utf-8")) #Aloitetaan stringissä uusi yhteys #conn.shutdown(socket.SHUT_RDWR) conn.close() thread.start_new_thread(Listen_Client,(url,data,tport,q,header,)) elif myResponse.status_code==400: print("Baasbox is down or configuration file is wrong") break else: print("Not found") answer="Good try <3" conn.send(answer.encode("utf-8")) break else: conn.close() print("*" * 60) conn.close() print("*" * 60)
def ServerMain(q,tport): filu = 'serverdaemon.ini' HOST = '0.0.0.0' #change to None if wanted listen from IPv6 address try: fp = open(filu, 'r+') Config.readfp(fp) url = Config.get('REST','url') header = Config.get('REST','header') if tport==0: tport = int(Config.get('DAEMON','port')) PORT = int(Config.get('DAEMON','port')) fp.close() except: url = input('anna url:') header = input('anna header:') port = input('anna port:') cfgfile = open(filu,'w') try: Config.add_section('REST') Config.add_section('DAEMON') print("*** Created sections") except: print('*** sections already exists') Config.set('REST','url',url) Config.set('REST','header', header) Config.set('DAEMON','port',port) Config.write(cfgfile) cfgfile.close() tport = int(Config.get('DAEMON','port')) url = Config.get('REST','url') header = Config.get('REST','header') PORT = int(Config.get('DAEMON','port')) print("*** Created information.") header = ast.literal_eval(header) try: conn = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) while True: print("*** Main ***") #print("*" * 60) conn = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) try: conn.bind((HOST, PORT)) except: print("Main *** Ei onnistunut") ServerMain(q,tport) info = conn.recvfrom(1024) #print(info) data = info[0].decode("utf-8") #print (data) addr = info[1] #print (addr) #datan tarkistus ja säikeen aloitus if data=="I am Client": #print("Main *** Right start message") #lähetetään julkinen avain key = JWK(generate="RSA",public_exponent=29,size=1000) public_key = key.export_public() conn.sendto(public_key.encode("utf-8"),addr) #otetaan viesti vastaan ja avataan encrypted_signed_token = conn.recv(1024).decode("utf-8") #print(encrypted_signed_token) E = JWE() E.deserialize(encrypted_signed_token, key) raw_payload = E.payload #print("*** raw payload:",raw_payload) string = raw_payload.decode("utf-8") #print("*** received str:", string) Payload = json.loads(string) #print("*** JSON:",Payload) #print("*** received payload:", Payload['exp']) #käydään REST app kysymässä Kumokselta mac = str(Payload['exp']) myResponse = requests.get(url + mac,header) #print(url + mac,header) #print("REST:", myResponse.status_code) if(myResponse.ok): print("main *** Found!") jData = json.loads(myResponse.content.decode("utf-8")) #print("The response contains {0} properties".format(len(jData))) # Konrollerille yhteys #Haetaan "listalta" if not q.empty(): tport = q.get() conn.sendto(tport.encode("utf-8"),addr) else: tport = str(int(tport)+1) conn.sendto(tport.encode("utf-8"),addr) #Aloitetaan stringissä uusi yhteys thread.start_new_thread(Listen_Client,(url,data,tport,q,header,)) else: print("Main *** Not found") answer="Good try <3" conn.sendto(answer.encode("utf-8"),addr) else: conn.close() print("*" * 60) conn.close() print("*" * 60) except: conn.close() print("Main *** Frong message. Start again") ServerMain(q,tport)
class Crypto(object): _backend = None _private = None _private_jwk = None _public = None _public_jwk = None def __init__(self, private_key=None, public_key=None): self._backend = default_backend() if private_key: self._load_private(private_key) if public_key: self._load_public(public_key) def _load_private(self, data): try: self._private = serialization.load_pem_private_key( b64decode(data), password=None, backend=self._backend) self._private_jwk = JWK() self._private_jwk.import_from_pyca(self._private) except Exception: # pragma: no cover LOGGER.error( 'Failed to parse private key starting with: %s', data[:28]) def _load_public(self, data): try: self._public = serialization.load_pem_public_key( b64decode(data), backend=self._backend) self._public_jwk = JWK() self._public_jwk.import_from_pyca(self._public) except Exception: # pragma: no cover LOGGER.error( 'Failed to parse public key starting with: %s', data[:26]) def encrypt(self, plaintext, _protected='{"alg":"RSA-OAEP","enc":"A256GCM"}', _public_jwk=None): try: jwe = JWE(plaintext=plaintext, protected=_protected) _public_jwk = _public_jwk if _public_jwk else self._public_jwk jwe.add_recipient(_public_jwk) ciphertext = jwe.serialize(compact=True) except Exception: raise ValueError("Couldn't encrypt message.") return ciphertext def decrypt(self, ciphertext): try: jwe = JWE() jwe.deserialize(ciphertext, key=self._private_jwk) plaintext = jwe.payload.decode('utf-8') except Exception: raise ValueError("Couldn't decrypt message.") return plaintext def validate(self, ciphertext): try: jwe = JWE() jwe.deserialize(ciphertext) if jwe.jose_header != {'alg': 'RSA-OAEP', 'enc': 'A256GCM'}: return False except Exception: return False return True
def mainServer(kierros,PORT,q): if(kierros==0): info = filu_checker() print(info) info = dict(info) url = info['url'] header = info['header'] PORT = int(info['port']) tport = int(info['port']) kierros = 1 HOST = '0.0.0.0' #change to None if wanted listen from IPv6 address while True: s = None for res in socket.getaddrinfo(HOST, PORT, socket.AF_UNSPEC, socket.SOCK_STREAM, 0, socket.AI_PASSIVE): af, socktype, proto, canonname, sa = res try: s = socket.socket(af, socktype, proto) s.setsockopt(socket.SOL_SOCKET,socket.SO_REUSEADDR,1) except socket.error as msg: print("Main ***",msg) s = None continue try: #print('Main ***',sa) s.bind(sa) s.listen(1) except socket.error as msg: print("Main ***",msg) s.close() s = None continue break if s is None: print('Main *** Could not open socket') time.sleep(10) PORT = PORT+1 mainServer(kierros,PORT,q) #sys.exit(1) conn, addr = s.accept() #print("*" * 60) #print('Main *** Connected by', addr) try: #conn.settimeout(5) data = conn.recv(1024).decode("utf-8") #conn.settimeout(None) except: print("Main *** timeout") mainServer(kierros,PORT,q) #print(data) #datan tarkistus ja säikeen aloitus if data=="I am Client": #print("Main*** Right start message") #lähetetään julkinen avain key = JWK(generate="RSA",public_exponent=29,size=1000) public_key = key.export_public() conn.send(public_key.encode("utf-8")) #otetaan viesti vastaan ja avataan encrypted_signed_token = conn.recv(1024).decode("utf-8") #print(encrypted_signed_token) try: E = JWE() E.deserialize(encrypted_signed_token, key) raw_payload = E.payload #print("*** raw payload:",raw_payload) string = raw_payload.decode("utf-8") except Exception as msg: print('Main *** Wrong key',encrypted_signed_token) print('Main *** Wrong key',public_key) print('Main *** Wrong key',msg) break #print("*** received str:", string) Payload = json.loads(string) #print("*** JSON:",Payload) #print("*** received payload:", Payload['exp']) while True: try: #käydään kysymässä onko listoilla mac = str(Payload['exp']) #Tähän kohti kysymys lähetetään request session ohjelmalle myResponse = Check_rest(url,mac,header) #myResponse = requests.get(url + mac,header) #print(url + mac,header) #print("REST:", myResponse.status_code) break except Exception as msg: print("Main *** REST failed",msg) sys.exit(1) if(myResponse == 200): #if(mac=='mac=00-00-00-00-00-01'): #print("Main *** Found!") #jData = json.loads(myResponse.content.decode("utf-8")) #print("The response contains {0} properties".format(len(jData))) jData = 'mac=00-00-00-00-00-01' #Kontrollerille viestiä, id configuroitavissa #{ #ip: string, #valid: bool #} #POST /iot-service/:id #Haetaan "listalta" if not q.empty(): free_port = q.get() conn.send(free_port.encode("utf-8")) else: tport = str(int(tport)+1) conn.send(tport.encode("utf-8")) #Aloitetaan stringissä uusi yhteys #conn.shutdown(socket.SHUT_RDWR) conn.close() thread.start_new_thread(Listen_Client,(url,data,tport,q,header,)) else: print("Not found",myResponse.status_code) answer="Good try <3" conn.send(answer.encode("utf-8")) break else: conn.close() print("*" * 60) conn.close() print("*" * 60)
def bench_RSA(self): """ Generate key """ JWK.generate(kty='RSA', size=2048)