async def authenticate_message(request, message_tree, message_payload,
fingerprint_lookup):
if request.secure and 'ven_id' in message_payload:
print("Getting cert fingerprint from request")
connection_fingerprint = utils.get_cert_fingerprint_from_request(
request)
print("Checking cert fingerprint")
if connection_fingerprint is None:
msg = (
"Your request must use a client side SSL certificate, of which the "
"fingerprint must match the fingerprint that you have given to this VTN"
)
raise errors.NotRegisteredOrAuthorizedError(msg)
try:
ven_id = message_payload.get('ven_id')
expected_fingerprint = fingerprint_lookup(ven_id)
if iscoroutine(expected_fingerprint):
expected_fingerprint = await expected_fingerprint
except ValueError:
msg = (
f"Your venID {ven_id} is not known to this VTN. Make sure you use the venID "
"that you receive from this VTN during the registration step")
raise errors.NotRegisteredOrAuthorizedError(msg)
if expected_fingerprint is None:
msg = (
"This VTN server does not know what your certificate fingerprint is. Please "
"deliver your fingerprint to the VTN (outside of OpenADR). You used the "
"following fingerprint to make this request:")
raise errors.NotRegisteredOrAuthorizedError(msg)
print("Checking connection fingerprint")
if connection_fingerprint != expected_fingerprint:
msg = (
f"The fingerprint of your HTTPS certificate {connection_fingerprint} "
f"does not match the expected fingerprint {expected_fingerprint}"
)
raise errors.NotRegisteredOrAuthorizedError(msg)
print("Checking message fingerprint")
message_cert = utils.extract_pem_cert(message_tree)
message_fingerprint = utils.certificate_fingerprint(message_cert)
if message_fingerprint != expected_fingerprint:
msg = (
f"The fingerprint of the certificate used to sign the message "
f"{message_fingerprint} did not match the fingerprint that this "
f"VTN has for you {expected_fingerprint}. Make sure you use the correct "
"certificate to sign your messages.")
raise errors.NotRegisteredOrAuthorizedError(msg)
print("Validating XML signature")
try:
validate_xml_signature(message_tree)
except ValueError:
msg = (
"The message signature did not match the message contents. Please make sure "
"you are using the correct XMLDSig algorithm and C14n canonicalization."
)
raise errors.NotRegisteredOrAuthorizedError(msg)
def show_fingerprint():
parser = ArgumentParser()
parser.add_argument('certificate', type=str)
args = parser.parse_args()
if 'certificate' in args:
with open(args.certificate) as file:
cert_str = file.read()
print(certificate_fingerprint(cert_str))
def test_fingerprint_cmdline():
cert_path = os.path.join('certificates', 'dummy_ven.crt')
with open(cert_path) as file:
cert_str = file.read()
fingerprint = utils.certificate_fingerprint(cert_str)
if sys.platform.startswith('linux') or sys.platform.startswith('darwin'):
executable = os.path.join(sys.prefix, 'bin', 'fingerprint')
elif sys.platform.startswith('win'):
executable = os.path.join(sys.prefix, 'Scripts', 'fingerprint.exe')
result = subprocess.run([executable, cert_path], stdout=subprocess.PIPE)
assert fingerprint == result.stdout.decode('utf-8').strip()
def validate_xml_signature(xml_tree, cert_fingerprint=None):
"""
Validate the XMLDSIG signature and the ReplayProtect element.
"""
cert = utils.extract_pem_cert(xml_tree)
if cert_fingerprint:
fingerprint = utils.certificate_fingerprint(cert)
if fingerprint != cert_fingerprint:
raise errors.FingerprintMismatch("The certificate fingerprint was incorrect. "
f"Expected: {cert_fingerprint};"
f"Received: {fingerprint}")
VERIFIER.verify(xml_tree, x509_cert=utils.ensure_bytes(cert), expect_references=2)
_verify_replay_protect(xml_tree)
async def test_create_party_registration_with_signatures(
start_server_with_signatures):
with open(CERTFILE) as file:
cert = file.read()
client = OpenADRClient(
ven_name=VEN_NAME,
vtn_url=f"http://localhost:{SERVER_PORT}/OpenADR2/Simple/2.0b",
cert=CERTFILE,
key=KEYFILE,
vtn_fingerprint=certificate_fingerprint(cert))
response_type, response_payload = await client.create_party_registration()
assert response_type == 'oadrCreatedPartyRegistration'
assert response_payload['ven_id'] == VEN_ID
await client.stop()
def fingerprint_lookup(ven_id):
with open(CERTFILE) as file:
cert = file.read()
return certificate_fingerprint(cert)
from openleadr import OpenADRServer, OpenADRClient, enable_default_logging
from openleadr.utils import certificate_fingerprint
from openleadr import errors
from async_timeout import timeout
enable_default_logging()
CA_CERT = os.path.join(os.path.dirname(os.path.dirname(__file__)), 'certificates', 'dummy_ca.crt')
VTN_CERT = os.path.join(os.path.dirname(os.path.dirname(__file__)), 'certificates', 'dummy_vtn.crt')
VTN_KEY = os.path.join(os.path.dirname(os.path.dirname(__file__)), 'certificates', 'dummy_vtn.key')
VEN_CERT = os.path.join(os.path.dirname(os.path.dirname(__file__)), 'certificates', 'dummy_ven.crt')
VEN_KEY = os.path.join(os.path.dirname(os.path.dirname(__file__)), 'certificates', 'dummy_ven.key')
with open(VEN_CERT) as file:
ven_fingerprint = certificate_fingerprint(file.read())
with open(VTN_CERT) as file:
vtn_fingerprint = certificate_fingerprint(file.read())
async def lookup_fingerprint(ven_id):
return ven_fingerprint
async def on_create_party_registration(payload, future):
if payload['fingerprint'] != ven_fingerprint:
raise errors.FingerprintMismatch("The fingerprint of your TLS connection does not match the expected fingerprint. Your VEN is not allowed to register.")
else:
future.set_result(True)
return 'ven1234', 'reg5678'
@pytest.mark.asyncio
VEN_ID = '1234abcd'
VTN_ID = "TestVTN"
VEN_CERT = os.path.join(os.path.dirname(os.path.dirname(__file__)),
"certificates", "dummy_ven.crt")
VEN_KEY = os.path.join(os.path.dirname(os.path.dirname(__file__)),
"certificates", "dummy_ven.key")
VTN_CERT = os.path.join(os.path.dirname(os.path.dirname(__file__)),
"certificates", "dummy_vtn.crt")
VTN_KEY = os.path.join(os.path.dirname(os.path.dirname(__file__)),
"certificates", "dummy_vtn.key")
CA_FILE = os.path.join(os.path.dirname(os.path.dirname(__file__)),
"certificates", "dummy_ca.crt")
with open(VEN_CERT) as file:
VEN_FINGERPRINT = certificate_fingerprint(file.read())
with open(VTN_CERT) as file:
VTN_FINGERPRINT = certificate_fingerprint(file.read())
async def _on_create_party_registration(payload):
registration_id = generate_id()
payload = {
'response': {
'response_code': 200,
'response_description': 'OK',
'request_id': payload['request_id']
},
'ven_id':
VEN_ID,