def _registerPrefixHelper(self, registeredPrefixId, prefix, onInterest, onRegisterFailed, flags, wireFormat): """ Do the work of registerPrefix to register with NDNx once we have an ndndId_. :param int registeredPrefixId: The _RegisteredPrefix.getNextRegisteredPrefixId() which registerPrefix got so it could return it to the caller. If this is 0, then don't add to registeredPrefixTable_ (assuming it has already been done). """ # Create a ForwardingEntry. # Note: ndnd ignores any freshness that is larger than 3600 seconds and # sets 300 seconds instead. To register "forever", (=2000000000 sec), # the freshness period must be omitted. forwardingEntry = ForwardingEntry() forwardingEntry.setAction("selfreg") forwardingEntry.setPrefix(prefix) forwardingEntry.setForwardingFlags(flags) content = forwardingEntry.wireEncode(wireFormat) # Set the ForwardingEntry as the content of a Data packet and sign. data = Data() data.setContent(content) # Set the name to a random value so that each request is unique. nonce = bytearray(4) for i in range(len(nonce)): nonce[i] = _systemRandom.randint(0, 0xff) data.getName().append(nonce) # The ndnd ignores the signature, so set to blank values. data.getSignature().getKeyLocator().setType( KeyLocatorType.KEY_LOCATOR_DIGEST) data.getSignature().getKeyLocator().setKeyData( Blob(bytearray(32), False)) data.getSignature().setSignature(Blob(bytearray(128), False)) encodedData = data.wireEncode(wireFormat) # Create an interest where the name has the encoded Data packet. interestName = Name().append("ndnx").append( self._ndndId).append("selfreg").append(encodedData) interest = Interest(interestName) interest.setInterestLifetimeMilliseconds(4000.0) interest.setScope(1) encodedInterest = interest.wireEncode(wireFormat) if registeredPrefixId != 0: # Save the onInterest callback and send the registration interest. self._registeredPrefixTable.append( Node._RegisteredPrefix(registeredPrefixId, prefix, onInterest)) response = Node._RegisterResponse(self, prefix, onInterest, onRegisterFailed, flags, wireFormat, False) self.expressInterest(interest, response.onData, response.onTimeout, wireFormat)
def _registerPrefixHelper( self, registeredPrefixId, prefix, onInterest, onRegisterFailed, flags, wireFormat): """ Do the work of registerPrefix to register with NDNx once we have an _ndndId. :param int registeredPrefixId: The _RegisteredPrefix.getNextRegisteredPrefixId() which registerPrefix got so it could return it to the caller. If this is 0, then don't add to _registeredPrefixTable (assuming it has already been done). """ # Create a ForwardingEntry. # Note: ndnd ignores any freshness that is larger than 3600 seconds and # sets 300 seconds instead. To register "forever", (=2000000000 sec), # the freshness period must be omitted. forwardingEntry = ForwardingEntry() forwardingEntry.setAction("selfreg") forwardingEntry.setPrefix(prefix) forwardingEntry.setForwardingFlags(flags) content = forwardingEntry.wireEncode(wireFormat) # Set the ForwardingEntry as the content of a Data packet and sign. data = Data() data.setContent(content) # Set the name to a random value so that each request is unique. nonce = bytearray(4) for i in range(len(nonce)): nonce[i] = _systemRandom.randint(0, 0xff) data.getName().append(nonce) # The ndnd ignores the signature, so set to blank values. data.getSignature().getKeyLocator().setType( KeyLocatorType.KEY_LOCATOR_DIGEST) data.getSignature().getKeyLocator().setKeyData( Blob(bytearray(32), False)) data.getSignature().setSignature(Blob(bytearray(128), False)) encodedData = data.wireEncode(wireFormat) # Create an interest where the name has the encoded Data packet. interestName = Name().append("ndnx").append(self._ndndId).append( "selfreg").append(encodedData) interest = Interest(interestName) interest.setInterestLifetimeMilliseconds(4000.0) interest.setScope(1) encodedInterest = interest.wireEncode(wireFormat) if registeredPrefixId != 0: # Save the onInterest callback and send the registration interest. self._registeredPrefixTable.append(Node._RegisteredPrefix( registeredPrefixId, prefix, onInterest)) response = Node._RegisterResponse( self, prefix, onInterest, onRegisterFailed, flags, wireFormat, False) self.expressInterest( interest, response.onData, response.onTimeout, wireFormat)
def _broadcastSyncState(self, digest, syncMessage): """ Make a data packet with the syncMessage and with name applicationBroadcastPrefix_ + digest. Sign and send. :param str digest: The root digest as a hex string for the data packet name. :param sync_state_pb2.SyncState syncMessage: """ data = Data(self._applicationBroadcastPrefix) data.getName().append(digest) # TODO: Check if this works in Python 3. data.setContent(Blob(syncMessage.SerializeToString())) self._keyChain.sign(data, self._certificateName) self._contentCache.add(data)
def onReceivedElement(self, element): """ This is called by the transport's ElementReader to process an entire received Data or Interest element. :param element: The bytes of the incoming element. :type element: An array type with int elements """ # First, decode as Interest or Data. interest = None data = None decoder = TlvDecoder(element) if decoder.peekType(Tlv.Interest, len(element)): interest = Interest() interest.wireDecode(element, TlvWireFormat.get()) elif decoder.peekType(Tlv.Data, len(element)): data = Data() data.wireDecode(element, TlvWireFormat.get()) # Now process as Interest or Data. if interest != None: # Call all interest filter callbacks which match. for i in range(len(self._interestFilterTable)): entry = self._interestFilterTable[i] if entry.getFilter().doesMatch(interest.getName()): includeFilter = True # Use getcallargs to test if onInterest accepts 5 args. try: inspect.getcallargs(entry.getOnInterest(), None, None, None, None, None) except TypeError: # Assume onInterest is old-style with 4 arguments. includeFilter = False if includeFilter: try: entry.getOnInterest()( entry.getFilter().getPrefix(), interest, entry.getFace(), entry.getInterestFilterId(), entry.getFilter()) except: logging.exception("Error in onInterest") else: # Old-style onInterest without the filter argument. We # still pass a Face instead of Transport since Face also # has a send method. try: entry.getOnInterest()( entry.getFilter().getPrefix(), interest, entry.getFace(), entry.getInterestFilterId()) except: logging.exception("Error in onInterest") elif data != None: pendingInterests = self._extractEntriesForExpressedInterest( data.getName()) for pendingInterest in pendingInterests: try: pendingInterest.getOnData()(pendingInterest.getInterest(), data) except: logging.exception("Error in onData")
def _makeAndPublishCkData(self, onError): """ Make a CK Data packet for _ckName encrypted by the KEK in _kekData and insert it in the _storage. :param onError: On failure, this calls onError(errorCode, message) where errorCode is from EncryptError.ErrorCode, and message is an error string. :type onError: function object :return: True on success, else False. :rtype: bool """ try: kek = PublicKey(self._kekData.getContent()) content = EncryptedContent() content.setPayload( kek.encrypt(Blob(self._ckBits, False), EncryptAlgorithmType.RsaOaep)) ckData = Data( Name(self._ckName).append( EncryptorV2.NAME_COMPONENT_ENCRYPTED_BY).append( self._kekData.getName())) ckData.setContent(content.wireEncodeV2()) # FreshnessPeriod can serve as a soft access control for revoking access. ckData.getMetaInfo().setFreshnessPeriod( EncryptorV2.DEFAULT_CK_FRESHNESS_PERIOD_MS) self._keyChain.sign(ckData, self._ckDataSigningInfo) self._storage.insert(ckData) logging.getLogger(__name__).info("Publishing CK data: " + ckData.getName().toUri()) return True except Exception as ex: onError( EncryptError.ErrorCode.EncryptionFailure, "Failed to encrypt generated CK with KEK " + self._kekData.getName().toUri()) return False
def onReceivedElement(self, element): """ This is called by the transport's ElementReader to process an entire received Data or Interest element. :param element: The bytes of the incoming element. :type element: An array type with int elements """ # The type codes for TLV Interest and Data packets are chosen to not # conflict with the first byte of a binary XML packet, so we canjust # look at the first byte. if not (element[0] == Tlv.Interest or element[0] == Tlv.Data): # Ignore non-TLV elements. return # First, decode as Interest or Data. interest = None data = None decoder = TlvDecoder(element) if decoder.peekType(Tlv.Interest, len(element)): interest = Interest() interest.wireDecode(element, TlvWireFormat.get()) elif decoder.peekType(Tlv.Data, len(element)): data = Data() data.wireDecode(element, TlvWireFormat.get()) # Now process as Interest or Data. if interest != None: entry = self._getEntryForRegisteredPrefix(interest.getName()) if entry != None: entry.getOnInterest()(entry.getPrefix(), interest, self._transport, entry.getRegisteredPrefixId()) elif data != None: pendingInterests = self._extractEntriesForExpressedInterest( data.getName()) for pendingInterest in pendingInterests: pendingInterest.getOnData()(pendingInterest.getInterest(), data)
def onReceivedElement(self, element): """ This is called by the transport's ElementReader to process an entire received Data or Interest element. :param element: The bytes of the incoming element. :type element: An array type with int elements """ # The type codes for TLV Interest and Data packets are chosen to not # conflict with the first byte of a binary XML packet, so we canjust # look at the first byte. if not (element[0] == Tlv.Interest or element[0] == Tlv.Data): # Ignore non-TLV elements. return # First, decode as Interest or Data. interest = None data = None decoder = TlvDecoder(element) if decoder.peekType(Tlv.Interest, len(element)): interest = Interest() interest.wireDecode(element, TlvWireFormat.get()) elif decoder.peekType(Tlv.Data, len(element)): data = Data() data.wireDecode(element, TlvWireFormat.get()) # Now process as Interest or Data. if interest != None: entry = self._getEntryForRegisteredPrefix(interest.getName()) if entry != None: entry.getOnInterest()( entry.getPrefix(), interest, self._transport, entry.getRegisteredPrefixId()) elif data != None: pendingInterests = self._extractEntriesForExpressedInterest( data.getName()) for pendingInterest in pendingInterests: pendingInterest.getOnData()(pendingInterest.getInterest(), data)
def _makeAndPublishCkData(self, onError): """ Make a CK Data packet for _ckName encrypted by the KEK in _kekData and insert it in the _storage. :param onError: On failure, this calls onError(errorCode, message) where errorCode is from EncryptError.ErrorCode, and message is an error string. :type onError: function object :return: True on success, else False. :rtype: bool """ try: kek = PublicKey(self._kekData.getContent()) content = EncryptedContent() content.setPayload(kek.encrypt (Blob(self._ckBits, False), EncryptAlgorithmType.RsaOaep)) ckData = Data( Name(self._ckName).append(EncryptorV2.NAME_COMPONENT_ENCRYPTED_BY) .append(self._kekData.getName())) ckData.setContent(content.wireEncodeV2()) # FreshnessPeriod can serve as a soft access control for revoking access. ckData.getMetaInfo().setFreshnessPeriod( EncryptorV2.DEFAULT_CK_FRESHNESS_PERIOD_MS) self._keyChain.sign(ckData, self._ckDataSigningInfo) self._storage.insert(ckData) logging.getLogger(__name__).info("Publishing CK data: " + ckData.getName().toUri()) return True except Exception as ex: onError(EncryptError.ErrorCode.EncryptionFailure, "Failed to encrypt generated CK with KEK " + self._kekData.getName().toUri()) return False
class DataValidationState(ValidationState): """ Create a DataValidationState for the Data packet. The caller must ensure that the state instance is valid until the validation finishes (i.e., until validateCertificateChain() and validateOriginalPacket() have been called). :param Data data: The Date packet being validated, which is copied. :param successCallback: This calls successCallback(data) to report a successful Data validation. :type successCallback: function object :param failureCallback: This calls failureCallback(data, error) to report a failed Data validation, where error is a ValidationError. :type failureCallback: function object """ def __init__(self, data, successCallback, failureCallback): super(DataValidationState, self).__init__() # Make a copy. self._data = Data(data) self._successCallback = successCallback self._failureCallback = failureCallback if self._successCallback == None: raise ValueError("The successCallback is None") if self._failureCallback == None: raise ValueError("The failureCallback is None") def fail(self, error): """ Call the failure callback. :param ValidationError error: """ logging.getLogger(__name__).info("" + str(error)) try: self._failureCallback(self._data, error) except: logging.exception("Error in failureCallback") self.setOutcome(False) def getOriginalData(self): """ Get the original Data packet being validated which was given to the constructor. :return: The original Data packet. :rtype: Data """ return self._data def _verifyOriginalPacket(self, trustedCertificate): """ Verify the signature of the original packet. This is only called by the Validator class. :param CertificateV2 trustedCertificate: The certificate that signs the original packet. """ if VerificationHelpers.verifyDataSignature(self._data, trustedCertificate): logging.getLogger(__name__).info("OK signature for data `" + self._data.getName().toUri() + "`") try: self._successCallback(self._data) except: logging.exception("Error in successCallback") self.setOutcome(True) else: self.fail(ValidationError(ValidationError.INVALID_SIGNATURE, "Invalid signature of data `" + self._data.getName().toUri() + "`")) def _bypassValidation(self): """ Call the success callback of the original packet without signature validation. This is only called by the Validator class. """ logging.getLogger(__name__).info("Signature verification bypassed for data `" + self._data.getName().toUri() + "`") try: self._successCallback(self._data) except: logging.exception("Error in successCallback") self.setOutcome(True)
def _registerPrefixHelper( self, registeredPrefixId, prefix, onInterest, onRegisterFailed, flags, wireFormat, face): """ Do the work of registerPrefix to register with NDNx once we have an _ndndId. :param int registeredPrefixId: The getNextEntryId() which registerPrefix got so it could return it to the caller. If this is 0, then don't add to _registeredPrefixTable (assuming it has already been done). """ if not WireFormat.ENABLE_NDNX: # We can get here if the command signing info is set, but running NDNx. raise RuntimeError( "registerPrefix with NDNx is deprecated. To enable while you upgrade your code to use NFD, set WireFormat.ENABLE_NDNX = True") # Create a ForwardingEntry. # Note: ndnd ignores any freshness that is larger than 3600 seconds and # sets 300 seconds instead. To register "forever", (=2000000000 sec), # the freshness period must be omitted. forwardingEntry = ForwardingEntry() forwardingEntry.setAction("selfreg") forwardingEntry.setPrefix(prefix) forwardingEntry.setForwardingFlags(flags) content = forwardingEntry.wireEncode(wireFormat) # Set the ForwardingEntry as the content of a Data packet and sign. data = Data() data.setContent(content) # Set the name to a random value so that each request is unique. nonce = bytearray(4) for i in range(len(nonce)): nonce[i] = _systemRandom.randint(0, 0xff) data.getName().append(nonce) # The ndnd ignores the signature, so set to blank values. data.getSignature().getKeyLocator().setType( KeyLocatorType.KEY_LOCATOR_DIGEST) data.getSignature().getKeyLocator().setKeyData( Blob(bytearray(32), False)) data.getSignature().setSignature(Blob(bytearray(128), False)) encodedData = data.wireEncode(wireFormat) # Create an interest where the name has the encoded Data packet. interestName = Name().append("ndnx").append(self._ndndId).append( "selfreg").append(encodedData) interest = Interest(interestName) interest.setInterestLifetimeMilliseconds(4000.0) interest.setScope(1) if registeredPrefixId != 0: interestFilterId = 0 if onInterest != None: # registerPrefix was called with the "combined" form that includes # the callback, so add an InterestFilterEntry. interestFilterId = self.getNextEntryId() self.setInterestFilter( interestFilterId, InterestFilter(prefix), onInterest, face) self._registeredPrefixTable.append(Node._RegisteredPrefix( registeredPrefixId, prefix, interestFilterId)) # Send the registration interest. response = Node._RegisterResponse( self, prefix, onInterest, onRegisterFailed, flags, wireFormat, False, face) self.expressInterest( self.getNextEntryId(), interest, response.onData, response.onTimeout, wireFormat, face)
def onReceivedElement(self, element): """ This is called by the transport's ElementReader to process an entire received Data or Interest element. :param element: The bytes of the incoming element. :type element: An array type with int elements """ # The type codes for TLV Interest and Data packets are chosen to not # conflict with the first byte of a binary XML packet, so we canjust # look at the first byte. if not (element[0] == Tlv.Interest or element[0] == Tlv.Data): # Ignore non-TLV elements. # Assume it is Binary XML. if not WireFormat.ENABLE_NDNX: raise RuntimeError( "BinaryXmlWireFormat (NDNx) is deprecated. To enable while you upgrade your network to use NDN-TLV, set WireFormat.ENABLE_NDNX = True") return # First, decode as Interest or Data. interest = None data = None decoder = TlvDecoder(element) if decoder.peekType(Tlv.Interest, len(element)): interest = Interest() interest.wireDecode(element, TlvWireFormat.get()) elif decoder.peekType(Tlv.Data, len(element)): data = Data() data.wireDecode(element, TlvWireFormat.get()) # Now process as Interest or Data. if interest != None: # Call all interest filter callbacks which match. for i in range(len(self._interestFilterTable)): entry = self._interestFilterTable[i] if entry.getFilter().doesMatch(interest.getName()): includeFilter = True # Use getcallargs to test if onInterest accepts 5 args. try: inspect.getcallargs(entry.getOnInterest(), None, None, None, None, None) except TypeError: # Assume onInterest is old-style with 4 arguments. includeFilter = False if includeFilter: entry.getOnInterest()( entry.getFilter().getPrefix(), interest, entry.getFace(), entry.getInterestFilterId(), entry.getFilter()) else: # Old-style onInterest without the filter argument. We # still pass a Face instead of Transport since Face also # has a send method. entry.getOnInterest()( entry.getFilter().getPrefix(), interest, entry.getFace(), entry.getInterestFilterId()) elif data != None: pendingInterests = self._extractEntriesForExpressedInterest( data.getName()) for pendingInterest in pendingInterests: pendingInterest.getOnData()(pendingInterest.getInterest(), data)
class DataValidationState(ValidationState): """ Create a DataValidationState for the Data packet. The caller must ensure that the state instance is valid until the validation finishes (i.e., until validateCertificateChain() and validateOriginalPacket() have been called). :param Data data: The Date packet being validated, which is copied. :param successCallback: This calls successCallback(data) to report a successful Data validation. :type successCallback: function object :param failureCallback: This calls failureCallback(data, error) to report a failed Data validation, where error is a ValidationError. :type failureCallback: function object """ def __init__(self, data, successCallback, failureCallback): super(DataValidationState, self).__init__() # Make a copy. self._data = Data(data) self._successCallback = successCallback self._failureCallback = failureCallback if self._successCallback == None: raise ValueError("The successCallback is None") if self._failureCallback == None: raise ValueError("The failureCallback is None") def fail(self, error): """ Call the failure callback. :param ValidationError error: """ logging.getLogger(__name__).info("" + str(error)) try: self._failureCallback(self._data, error) except: logging.exception("Error in failureCallback") self.setOutcome(False) def getOriginalData(self): """ Get the original Data packet being validated which was given to the constructor. :return: The original Data packet. :rtype: Data """ return self._data def _verifyOriginalPacket(self, trustedCertificate): """ Verify the signature of the original packet. This is only called by the Validator class. :param CertificateV2 trustedCertificate: The certificate that signs the original packet. """ if VerificationHelpers.verifyDataSignature(self._data, trustedCertificate): logging.getLogger(__name__).info("OK signature for data `" + self._data.getName().toUri() + "`") try: self._successCallback(self._data) except: logging.exception("Error in successCallback") self.setOutcome(True) else: self.fail( ValidationError( ValidationError.INVALID_SIGNATURE, "Invalid signature of data `" + self._data.getName().toUri() + "`")) def _bypassValidation(self): """ Call the success callback of the original packet without signature validation. This is only called by the Validator class. """ logging.getLogger( __name__).info("Signature verification bypassed for data `" + self._data.getName().toUri() + "`") try: self._successCallback(self._data) except: logging.exception("Error in successCallback") self.setOutcome(True)