def register_customer_key(customer_public_key_id, customer_public_key): """ Check/refresh/store customer public key locally. """ if not customer_public_key_id or not customer_public_key: lg.warn('customer public key was not provided in the request') return False customer_public_key_id = my_keys.latest_key_id(customer_public_key_id) if my_keys.is_key_registered(customer_public_key_id): known_customer_public_key = my_keys.get_public_key_raw( customer_public_key_id) if known_customer_public_key == customer_public_key: lg.info( 'customer public key %r already known and public key is matching' % customer_public_key_id) else: lg.warn('rewriting customer public key %r' % customer_public_key_id) my_keys.erase_key(customer_public_key_id) key_id, key_object = my_keys.read_key_info(customer_public_key) if not my_keys.register_key(key_id, key_object): lg.err('failed to register customer public key: %r' % customer_public_key_id) return False lg.info('new customer public key registered: %r' % customer_public_key_id) return True
def do_check_create_rename_key(self, new_key_id): from logs import lg from crypt import my_keys from chat import message_database try: new_public_key = my_keys.get_public_key_raw(new_key_id) except: lg.exc() return try: new_local_key_id = my_keys.get_local_key_id(new_key_id) except: lg.exc() return if new_local_key_id is None: lg.err('did not found local_key_id for %r' % new_key_id) return message_database.check_create_rename_key( new_public_key=new_public_key, new_key_id=new_key_id, new_local_key_id=new_local_key_id, )
def on_key_received(newpacket, info, status, error_message): block = encrypted.Unserialize(newpacket.Payload) if block is None: lg.out( 2, 'key_ring.on_key_received ERROR reading data from %s' % newpacket.RemoteID) return False try: key_data = block.Data() key_json = json.loads(key_data) key_id = key_json['key_id'] key_id, key_object = my_keys.read_key_info(key_json) if key_object.isPublic(): # received key is a public key if my_keys.is_key_registered(key_id): # but we already have a key with that ID if my_keys.is_key_private(key_id): # we should not overwrite existing private key raise Exception('private key already registered') if my_keys.get_public_key_raw( key_id, 'openssh') != key_object.toString('openssh'): # and we should not overwrite existing public key as well raise Exception( 'another key already registered with that ID') p2p_service.SendAck(newpacket) lg.warn('received existing public key: %s, skip' % key_id) return True if not my_keys.register_key(key_id, key_object): raise Exception('key register failed') else: lg.info('added new key %s, is_public=%s' % (key_id, key_object.isPublic())) p2p_service.SendAck(newpacket) if _Debug: lg.info( 'received and stored locally a new key %s, include_private=%s' % (key_id, key_json.get('include_private'))) return True # received key is a private key if my_keys.is_key_registered(key_id): # check if we already have that key if my_keys.is_key_private(key_id): # we have already private key with same ID!!! if my_keys.get_private_key_raw( key_id, 'openssh') != key_object.toString('openssh'): # and this is a new private key : we should not overwrite! raise Exception('private key already registered') # this is the same private key p2p_service.SendAck(newpacket) lg.warn('received existing private key: %s, skip' % key_id) return True # but we have a public key with same ID if my_keys.get_public_key_raw( key_id, 'openssh') != key_object.public().toString('openssh'): # and we should not overwrite existing public key as well raise Exception('another key already registered with that ID') lg.info('erasing public key %s' % key_id) my_keys.erase_key(key_id) if not my_keys.register_key(key_id, key_object): raise Exception('key register failed') lg.info('added new key %s, is_public=%s' % (key_id, key_object.isPublic())) p2p_service.SendAck(newpacket) return True # no private key with given ID was registered if not my_keys.register_key(key_id, key_object): raise Exception('key register failed') lg.info('added new key %s, is_public=%s' % (key_id, key_object.isPublic())) p2p_service.SendAck(newpacket) return True except Exception as exc: lg.exc() p2p_service.SendFail(newpacket, str(exc)) return False
def on_key_received(newpacket, info, status, error_message): """ Callback will be executed when I receive a new key from one remote user. """ block = encrypted.Unserialize(newpacket.Payload) if block is None: lg.err('failed reading key info from %s' % newpacket.RemoteID) return False try: key_data = block.Data() key_json = serialization.BytesToDict(key_data, keys_to_text=True, values_to_text=True) key_id = key_json['key_id'] key_label = key_json.get('label', '') key_id, key_object = my_keys.read_key_info(key_json) if key_object.isSigned(): if not my_keys.verify_key_info_signature(key_json): raise Exception('key signature verification failed') if key_object.isPublic(): # received key is a public key if my_keys.is_key_registered(key_id): # but we already have a key with that ID if my_keys.is_key_private(key_id): # we should not overwrite existing private key raise Exception('private key already registered') if my_keys.get_public_key_raw(key_id) != key_object.toPublicString(): # and we should not overwrite existing public key as well raise Exception('another public key already registered with that ID and it is not matching') p2p_service.SendAck(newpacket) lg.warn('received existing public key: %s, skip' % key_id) return True if not my_keys.register_key(key_id, key_object, label=key_label): raise Exception('key register failed') else: lg.info('added new key %s, is_public=%s' % (key_id, key_object.isPublic())) p2p_service.SendAck(newpacket) if _Debug: lg.info('received and stored locally a new key %s, include_private=%s' % (key_id, key_json.get('include_private'))) return True # received key is a private key if my_keys.is_key_registered(key_id): # check if we already have that key if my_keys.is_key_private(key_id): # we have already private key with same ID!!! if my_keys.get_private_key_raw(key_id) != key_object.toPrivateString(): # and this is a new private key : we should not overwrite! raise Exception('private key already registered and it is not matching') # this is the same private key p2p_service.SendAck(newpacket) lg.warn('received existing private key: %s, skip' % key_id) return True # but we have a public key with same ID already if my_keys.get_public_key_raw(key_id) != key_object.toPublicString(): # and we should not overwrite existing public key as well raise Exception('another public key already registered with that ID and it is not matching with private key') lg.info('erasing public key %s' % key_id) my_keys.erase_key(key_id) if not my_keys.register_key(key_id, key_object, label=key_label): raise Exception('key register failed') lg.info('added new key %s, is_public=%s' % (key_id, key_object.isPublic())) p2p_service.SendAck(newpacket) return True # no private key with given ID was registered if not my_keys.register_key(key_id, key_object, label=key_label): raise Exception('key register failed') lg.info('added new key %s, is_public=%s' % (key_id, key_object.isPublic())) p2p_service.SendAck(newpacket) return True except Exception as exc: lg.exc() p2p_service.SendFail(newpacket, strng.to_text(exc)) return False
def on_key_received(newpacket, info, status, error_message): """ Callback will be executed when I receive a new key from one remote user. """ block = encrypted.Unserialize(newpacket.Payload) if block is None: lg.err('failed reading key info from %s' % newpacket.RemoteID) return False try: key_data = block.Data() key_json = serialization.BytesToDict(key_data, keys_to_text=True, values_to_text=True) # key_id = strng.to_text(key_json['key_id']) key_label = strng.to_text(key_json.get('label', '')) key_id, key_object = my_keys.read_key_info(key_json) if key_object.isSigned(): if not my_keys.verify_key_info_signature(key_json): raise Exception('received key signature verification failed: %r' % key_json) # TODO: must also compare "signature_pubkey" with pub key of the creator of the key! if key_object.isPublic(): # received key is a public key if my_keys.is_key_registered(key_id): # but we already have a key with that ID if my_keys.is_key_private(key_id): # we should not overwrite existing private key # TODO: check other scenarios raise Exception('private key already registered with %r' % key_id) if my_keys.get_public_key_raw(key_id) != key_object.toPublicString(): my_keys.erase_key(key_id) if not my_keys.register_key(key_id, key_object, label=key_label): raise Exception('key register failed') else: lg.info('replaced existing key %s, is_public=%s' % (key_id, key_object.isPublic())) # normally should not overwrite existing public key # TODO: look more if need to add some extra checks # for example need to be able to overwrite or erase remotely some keys to cleanup # raise Exception('another public key already registered with %r and new key is not matching' % key_id) p2p_service.SendAck(newpacket) lg.warn('received existing public key: %s, skip' % key_id) return True if not my_keys.register_key(key_id, key_object, label=key_label): raise Exception('key register failed') else: lg.info('added new key %s, is_public=%s' % (key_id, key_object.isPublic())) p2p_service.SendAck(newpacket) if _Debug: lg.info('received and stored locally a new key %s, include_private=%s' % (key_id, key_json.get('include_private'))) return True # received key is a private key if my_keys.is_key_registered(key_id): # check if we already have that key if my_keys.is_key_private(key_id): # we have already private key with same ID!!! if my_keys.get_private_key_raw(key_id) != key_object.toPrivateString(): # and this is a new private key : we should not overwrite! raise Exception('private key already registered and it is not matching with received copy') # this is the same private key p2p_service.SendAck(newpacket) lg.warn('received again an exact copy of already existing private key: %s, skip' % key_id) return True # but we have a public key with same ID already # if my_keys.get_public_key_raw(key_id) != key_object.toPublicString(): # # and we should not overwrite existing public key as well # raise Exception('another public key already registered with that ID and it is not matching with private key') lg.info('erasing public key %s' % key_id) my_keys.erase_key(key_id) if not my_keys.register_key(key_id, key_object, label=key_label): raise Exception('key register failed') lg.info('added new key %s, is_public=%s' % (key_id, key_object.isPublic())) p2p_service.SendAck(newpacket) return True # no private key with given ID was registered if not my_keys.register_key(key_id, key_object, label=key_label): raise Exception('key register failed') lg.info('added new key %s, is_public=%s' % (key_id, key_object.isPublic())) p2p_service.SendAck(newpacket) return True except Exception as exc: lg.exc() p2p_service.SendFail(newpacket, strng.to_text(exc)) return False