def _handleSigningAndEncryption(self, message, endpoint): """ Helper function for supporting the encryption of a message. The algorithm name is gained for the given algorithm id (from the AlgorithmManager inside the securitymanager module) and the message is encrypted using the SecurityController class in the securitycontroller module (of course using the given algorithm name). Afterwards, the message is passed on to the L{messagewrapper.MessageWrapper.wrapForEncryption} to make it a valid piece of encrypted information. @param message: Message to be encrypted and wrapped @type message: C{String} @param endpoint: Endpoint instance holding all information required about the destination @type endpoint: L{communicationmanager.Endpoint} """ from securitymanager import getCredentialManager credential = getCredentialManager().getCredential(endpoint.getCredentialId()) algName = getAlgorithmManager().getAlgorithm(credential.getAlgorithmId()).getName() from config import memberid communityid = endpoint.getCommunityId() signature = getSecurityController().signMessage(message, algName) # let's just use the same algorithm as we used for encryption sigXmlString, doc, node = getMessageWrapper().wrapForSigning(message, signature, algName, memberid, communityid) ciphered = getSecurityController().encrypt(sigXmlString, credential.getKey(), algName) xmlString = getMessageWrapper().wrapForEncryption(ciphered, algName) return xmlString
def installEndPoints(i, localMemberId, tcId): """ Add the local endpoints as defined in the config file in the protocols folder. """ _printAction (i, "Initialise protocols and their endpoints", 1) from protocolcontroller import getProtocolController from communicationmanager import getProtocolManager from communicationmanager import Protocol from communicationmanager import getEndpointManager from communicationmanager import Endpoint from protocols.config import endpoints # these are actually addesses, not really endpoints from securitymanager import getCredentialManager from securitymanager import getAlgorithmManager for protocolName in getProtocolController().getOpenProtocols(): _printAction (i+1, "Add Protocol '" + protocolName + "'") ## protocol = Protocol(None, protocolName) ## getProtocolManager().addProtocol(protocol) protocol = getProtocolManager().getProtocolByNameAndInsert(protocolName) _finishActionLine() _printAction (i+1, "Add Endpoints for protocol '" + protocolName + "'", 1) address = endpoints[protocolName] for credential in getCredentialManager().getCredentialsForMember(localMemberId): algName = getAlgorithmManager().getAlgorithm(credential.getAlgorithmId()).getName() _printAction (i+2, "Add Endpoint for protocol '" + protocolName + "' and Algorithm '" + algName + "'") endpoint = Endpoint (None, localMemberId, tcId, protocol.getId(), address, credential.getId()) getEndpointManager().addEndpoint(endpoint) _finishActionLine() _printAction (i, "Finished protocols and endpoints") _finishActionLine()
def loadKeys(self): """ Loads the required keys for the algorithms. """ from securitymanager import getAlgorithmManager from securitymanager import getPersonalCredentialManager for alg in getAlgorithmManager().getAlgorithms(): if alg.getName() in self.getOpenAlgorithms(): for cred in getPersonalCredentialManager().getPersonalCredentials(): if cred.getAlgorithmId() == alg.getId(): self.getAlgorithm(alg.getName()).setKeyPair(cred.getPrivateKey())
def _handleDecryptionAndValidation(self, message, protocolname): """ Helper function for supporting the decryption of the message. The passed message is passed to the L{messagewrapper.MessageWrapper.unwrapForDecryption} for removing the encryption "header" and gaining the name of the algorithm and the cipher text. Afterwards, the function decrypt in the securitycontroller is invoked and the result is returned. @return: Result of the L{securitycontroller.SecurityController.decrypt} @rtype: C{String} """ alg, data = getMessageWrapper().unwrapForDecryption(message) data = getSecurityController().decrypt(data, alg) algName, memberid, communityid, data, signature = getMessageWrapper().unwrapForValidation(data) from communicationmanager import getEndpointManager from errorhandling import G4dsDependencyException, G4dsCommunicationException from g4dslogging import getDefaultLogger, COMMUNICATION_INCOMING_NO_ENDPOINT from securitymanager import getCredentialManager, getAlgorithmManager try: endpoint = getEndpointManager().findEndpoint(memberid, communityid, protocolname, algName) credential = getCredentialManager().getCredential(endpoint.getCredentialId()) if not credential: getDefaultLogger().newMessage(COMMUNICATION_INCOMING_NO_ENDPOINT, 'No credential found for the sender of the incoming message - validation aborted.') raise G4dsCommunicationException('No credential found for the sender of the incoming message - validation aborted.') key = credential.getKey() if not getSecurityController().validate(data, signature, key, algName): raise G4dsCommunicationException('Signature not valid for this message.') return data, memberid, communityid except G4dsDependencyException, msg: getDefaultLogger().newMessage(COMMUNICATION_INCOMING_NO_ENDPOINT, 'Src Enpoint Detemination: %s - attempt key determination' %(msg)) # we have to carry on here - if the message is routed; the end-to-end message integrity must still be ensured; however - both members are not in the # same community; hence - the receiver might not know about the endpoints of the sender; however, for this approach it's compulsary, that the public # key is known creds = getCredentialManager().getCredentialsForMember(memberid) for cred in creds: # well, problem here - the sender might have several keys of the same algorithm - no chance to get around checking them all here if getAlgorithmManager().getAlgorithm(cred.getAlgorithmId()).getName() == algName: key = cred.getKey() if getSecurityController().validate(data, signature, key, algName): return data, memberid, communityid # ohoh - looks like this message is not valied :( getDefaultLogger().newMessage(COMMUNICATION_INCOMING_NO_ENDPOINT, 'Src Enpoint Detemination: manual key search not sucessful.') raise G4dsCommunicationException('Signature not valid for the incoming message.')
def testUpdatingAndDeletingOnManager(): from communitymanager import getMemberManager, Member from communicationmanager import getEndpointManager, Endpoint, getProtocolManager from securitymanager import getCredentialManager, Credential, getAlgorithmManager m = Member('123','kk test', '<mdl/>','1.0.0.0','2005-07-08') #m.addCommunity('C760394') getMemberManager().updateMember(m, 1) alg = getAlgorithmManager().getAlgorithmByNameAndInsert('nikos alg') getEndpointManager().removeEndpointsForMember(m.getId()) c = Credential(None, alg.getId(),'','key5','123') getCredentialManager().removeCredentialsForMember(m.getId()) getCredentialManager().addCredential(c) protocol = getProtocolManager().getProtocolByNameAndInsert('soap') e = Endpoint(None, '123', 'C426009', protocol.getId(), 'http://localhost', c.getId()) getEndpointManager().addEndpoint(e)
def testCommunityManager(): cm = communitymanager.getCommunityManager() mm = communitymanager.getMemberManager() ## c = communitymanager.Community(None,"Community F","pas de comment","<tcdl/>","0.9.9","2005-06-28") ## m = communitymanager.Member(None, "Member F", "<mdl>Member F description file</mdl>","0.9.9", "2005-06-28") ## ## cm.addCommunity(c) ## mm.addMember(m) ## ## c2 = cm.getCommunity('C10001') ## ## c.addMember(m.getId()) ## m.addCommunity(c.getId()) ## c2.addMember(m.getId()) ## m.addCommunity(c2.getId()) ## c2.addAuthority(m.getId()) ## m.addAuthorityRole(c2.getId()) ## c.addAuthority(m.getId()) ## m.addAuthorityRole(c.getId()) ## communitymanager.CommunityGateway(m.getId(), c.getId(), c2.getId(), 1, 1) ## print cm, "\n", mm ## printCommunities() ## printMembers() ## print "" ## from communitymanager_db import CM_DB ## db = CM_DB() ## db.addProtocolToCommunity('C001', 'P906688') ## print db.getProtocolsForCommunity('C001') community = cm.getCommunity('C001') from communicationmanager import getProtocolManager ## prot = getProtocolManager().getProtocolByNameAndInsert('soap') ## community.addProtocol(prot.getId()) print community.getProtocols() from securitymanager import getAlgorithmManager alg = getAlgorithmManager().getAlgorithmByNameAndInsert('rsa') community.addAlgorithm(alg.getId()) print community.getAlgorithms()
def testSecurityManager(): algMan = securitymanager.getAlgorithmManager() ## alg = securitymanager.Algorithm(None, "SSL") ## algMan.addAlgorithm(alg) alg = algMan.getAlgorithms()[0] print algMan print alg credMan = securitymanager.getCredentialManager() cred = credMan.getCredentials()[0] ## cred1 = securitymanager.Credential(None, alg.getId(), 'mpilgerm', 'key here', 'M10002') ## credMan.addCredential(cred1) print credMan print cred ## print cred1 persCredMan = securitymanager.getPersonalCredentialManager() persCred = persCredMan.getPersonalCredentials()[0] ## persCred1 = securitymanager.PersonalCredential(None, 'Test SSL 510 bit', alg.getId(), "key private", "key public") ## persCredMan.addPersonalCredential(persCred1) print persCredMan print persCred
def installOneKey(algId, i, localMemberId): """ Install key for one algorithm """ from algorithmcontroller import getAlgorithmController from securitymanager import getAlgorithmManager algName = getAlgorithmManager().getAlgorithm(algId).getName() _printAction (i, "Personal Credential for algorithm '" + algName + "'") algImplementation = getAlgorithmController().getAlgorithm(algName) privateKey = algImplementation.createKeyPair() publicKey = algImplementation.getPublicKey(privateKey) from securitymanager import PersonalCredential credential = PersonalCredential(None, algName + " key pair", algId, privateKey, publicKey, "") from securitymanager import getPersonalCredentialManager getPersonalCredentialManager().addPersonalCredential(credential) _finishActionLine() _printAction (i, "Public Credential for algorithm '" + algName + "'") from securitymanager import Credential from securitymanager import getCredentialManager credential = Credential(None, algId, "", publicKey, localMemberId) getCredentialManager().addCredential(credential) _finishActionLine()
def installAlgorithms(i, localMemberId): """ Put all algorithms into the database. @return: list of algorithm ids. @rtype: C{List} of C{String} """ _printAction (i, "Initialise algorithms", 1) from algorithmcontroller import getAlgorithmController from securitymanager import getAlgorithmManager from securitymanager import Algorithm allOpen = getAlgorithmController().getOpenAlgorithms() returnList = [] for algName in allOpen: _printAction (i +1, "Algorithm '" + algName) ## alg = Algorithm(None, algName) ## getAlgorithmManager().addAlgorithm(alg) alg = getAlgorithmManager().getAlgorithmByNameAndInsert(algName) returnList.append(alg.getId()) _finishActionLine() _printAction (i, "Finished algorithms") _finishActionLine() return returnList