def encrypt(self, message_body, encrypt_session_func=None):
if _Debug:
lg.args(_DebugLevel, encrypt_session_func=encrypt_session_func, recipient=self.recipient)
new_sessionkey = key.NewSessionKey(session_key_type=key.SessionKeyType())
if not encrypt_session_func:
if my_keys.is_key_registered(self.recipient):
if _Debug:
lg.dbg(_DebugLevel, 'with registered key %r' % self.recipient)
encrypt_session_func = lambda inp: my_keys.encrypt(self.recipient, inp)
if not encrypt_session_func:
glob_id = global_id.NormalizeGlobalID(self.recipient)
if glob_id['key_alias'] == 'master':
if glob_id['idurl'] == my_id.getIDURL():
lg.warn('making encrypted message addressed to me ?')
encrypt_session_func = lambda inp: my_keys.encrypt('master', inp)
else:
remote_identity = identitycache.FromCache(glob_id['idurl'])
if not remote_identity:
raise Exception('remote identity is not cached yet, not able to encrypt the message')
if _Debug:
lg.dbg(_DebugLevel, 'with remote identity public key %r' % glob_id['idurl'])
encrypt_session_func = remote_identity.encrypt
else:
own_key = global_id.MakeGlobalID(idurl=my_id.getIDURL(), key_alias=glob_id['key_alias'])
if my_keys.is_key_registered(own_key):
if _Debug:
lg.dbg(_DebugLevel, 'with registered key (found by alias) %r' % own_key)
encrypt_session_func = lambda inp: my_keys.encrypt(own_key, inp)
if not encrypt_session_func:
raise Exception('can not find key for given recipient')
self.encrypted_session = encrypt_session_func(new_sessionkey)
self.encrypted_body = key.EncryptWithSessionKey(new_sessionkey, message_body, session_key_type=key.SessionKeyType())
return self.encrypted_session, self.encrypted_body
def cache_message(data, message_id, sender_id, recipient_id, message_type=None, direction=None):
if _Debug:
lg.args(_DebugLevel, message_id=message_id, sender_id=sender_id, recipient_id=recipient_id, message_type=message_type)
if message_type == 'private_message':
if not my_keys.is_key_registered(sender_id):
sender_idurl = global_id.glob2idurl(sender_id)
known_ident = identitycache.FromCache(sender_idurl)
if not known_ident:
lg.warn('sender identity %r was not cached, not possible to store message locally' % sender_idurl)
return False
if not my_keys.register_key(sender_id, known_ident.getPublicKey()):
lg.err('failed to register known public key of the sender: %r' % sender_id)
return False
if not my_keys.is_key_registered(recipient_id):
recipient_idurl = global_id.glob2idurl(recipient_id)
known_ident = identitycache.FromCache(recipient_idurl)
if not known_ident:
lg.warn('recipient identity %r was not cached, not possible to store message locally' % recipient_idurl)
return False
if not my_keys.register_key(recipient_id, known_ident.getPublicKey()):
lg.err('failed to register known public key of the recipient: %r' % recipient_id)
return False
return store_message(data, message_id, sender_id, recipient_id, message_type, direction)
if message_type == 'group_message' or message_type == 'personal_message':
if not my_keys.is_key_registered(recipient_id):
lg.err('failed to cache %r because recipient key %r was not registered' % (message_type, recipient_id, ))
return False
return store_message(data, message_id, sender_id, recipient_id, message_type, direction)
raise Exception('unexpected message type: %r' % message_type)
def encrypt(self, message_body, encrypt_session_func=None):
new_sessionkey = key.NewSessionKey()
if not encrypt_session_func:
if my_keys.is_key_registered(self.recipient):
if _Debug:
lg.out(_DebugLevel, 'message.PrivateMessage.encrypt with "%s" key' % self.recipient)
encrypt_session_func = lambda inp: my_keys.encrypt(self.recipient, inp)
if not encrypt_session_func:
glob_id = global_id.ParseGlobalID(self.recipient)
if glob_id['key_alias'] == 'master':
if glob_id['idurl'] == my_id.getLocalID():
lg.warn('making private message addressed to me ???')
if _Debug:
lg.out(_DebugLevel, 'message.PrivateMessage.encrypt with "master" key')
encrypt_session_func = lambda inp: my_keys.encrypt('master', inp)
else:
remote_identity = identitycache.FromCache(glob_id['idurl'])
if not remote_identity:
raise Exception('remote identity is not cached yet, not able to encrypt the message')
if _Debug:
lg.out(_DebugLevel, 'message.PrivateMessage.encrypt with remote identity public key')
encrypt_session_func = remote_identity.encrypt
else:
own_key = global_id.MakeGlobalID(idurl=my_id.getLocalID(), key_alias=glob_id['key_alias'])
if my_keys.is_key_registered(own_key):
if _Debug:
lg.out(_DebugLevel, 'message.PrivateMessage.encrypt with "%s" key' % own_key)
encrypt_session_func = lambda inp: my_keys.encrypt(own_key, inp)
if not encrypt_session_func:
raise Exception('can not find key for given recipient')
self.encrypted_session = encrypt_session_func(new_sessionkey)
self.encrypted_body = key.EncryptWithSessionKey(new_sessionkey, message_body)
return self.encrypted_session, self.encrypted_body
def doRestoreKeys(self, *args, **kwargs):
"""
Action method.
"""
is_any_private_key_unreliable = bool(True in self.unreliable_keys.values())
if is_any_private_key_unreliable and not self.stored_keys:
if _Debug:
lg.args(_DebugLevel, unreliable_keys=self.unreliable_keys)
lg.err('not possible to restore any keys, all backup copies unreliable stored_keys=%d not_stored_keys=%d unreliable_keys=%d' % (
len(self.stored_keys), len(self.not_stored_keys), len(self.unreliable_keys), ))
self.automat('error', Exception('not possible to restore any keys, all backup copies unreliable'))
return
keys_to_be_restored = []
for key_id, is_private in self.stored_keys.items():
latest_key_id = my_keys.latest_key_id(key_id)
if latest_key_id != key_id:
self.keys_to_rename[key_id] = (latest_key_id, is_private, )
if my_keys.is_key_registered(key_id):
if _Debug:
lg.out(_DebugLevel, ' skip restoring already known key_id=%r' % key_id)
continue
if my_keys.is_key_registered(latest_key_id):
if _Debug:
lg.out(_DebugLevel, ' skip restoring already known latest key_id=%r' % latest_key_id)
continue
keys_to_be_restored.append((key_id, is_private, ))
if _Debug:
lg.args(_DebugLevel, keys_to_be_restored=len(keys_to_be_restored))
def _on_restored_one(res, pos, key_id):
self.restored_count += 1
_do_restore_one(pos+1)
return None
def _on_failed_one(err, pos, key_id):
lg.err('failed to restore key %r : %r' % (key_id, err, ))
_do_restore_one(pos+1)
return None
def _do_restore_one(pos):
if pos >= len(keys_to_be_restored):
self.automat('restore-ok', True)
return
key_id, is_private = keys_to_be_restored[pos]
res = key_ring.do_restore_key(key_id, is_private, wait_result=True)
res.addCallback(_on_restored_one, pos, key_id)
res.addErrback(_on_failed_one, pos, key_id)
_do_restore_one(0)
def backup_outgoing_message(private_message_object, message_id):
"""
"""
if not driver.is_on('service_backups'):
lg.warn('service_backups is not started')
return False
if not my_keys.is_key_registered(messages_key_id()):
lg.warn('key to store messages was not found')
return False
serialized_message = private_message_object.serialize()
local_msg_folder = os.path.join(settings.ChatChannelsDir(), private_message_object.recipient, 'out')
if not bpio._dir_exist(local_msg_folder):
bpio._dirs_make(local_msg_folder)
local_msg_filename = os.path.join(local_msg_folder, message_id)
if not bpio.WriteBinaryFile(local_msg_filename, serialized_message):
lg.warn('failed writing outgoing message locally')
return False
remote_path_for_message = os.path.join('.messages', 'out', private_message_object.recipient, message_id)
global_message_path = global_id.MakeGlobalID(customer=messages_key_id(), path=remote_path_for_message)
res = api.file_create(global_message_path)
if res['status'] != 'OK':
lg.warn('failed to create path "%s" in the catalog: %r' % (global_message_path, res))
return False
res = api.file_upload_start(local_msg_filename, global_message_path, wait_result=False)
if res['status'] != 'OK':
lg.warn('failed to upload message "%s": %r' % (global_message_path, res))
return False
return True
def decrypt(self, decrypt_session_func=None):
if _Debug:
lg.args(_DebugLevel,
decrypt_session_func=decrypt_session_func,
recipient=self.recipient)
if not decrypt_session_func:
if my_keys.is_key_registered(self.recipient):
if _Debug:
lg.dbg(_DebugLevel,
'decrypt with registered key %r' % self.recipient)
decrypt_session_func = lambda inp: my_keys.decrypt(
self.recipient, inp)
if not decrypt_session_func:
glob_id = global_id.ParseGlobalID(self.recipient)
if glob_id['idurl'] == my_id.getIDURL():
if glob_id['key_alias'] == 'master':
if _Debug:
lg.dbg(
_DebugLevel,
'decrypt with my master key %r' % self.recipient)
decrypt_session_func = lambda inp: my_keys.decrypt(
'master', inp)
if not decrypt_session_func:
raise Exception('can not find key for given recipient: %s' %
self.recipient)
decrypted_sessionkey = decrypt_session_func(self.encrypted_session)
return key.DecryptWithSessionKey(decrypted_sessionkey,
self.encrypted_body,
session_key_type=key.SessionKeyType())
def doRequestService(self, *args, **kwargs):
"""
Action method.
"""
service_info = {
'needed_bytes': self.needed_bytes,
'customer_id': global_id.UrlToGlobalID(self.customer_idurl),
}
my_customer_key_id = my_id.getGlobalID(key_alias='customer')
if my_keys.is_key_registered(my_customer_key_id):
service_info['customer_public_key'] = my_keys.get_key_info(
key_id=my_customer_key_id,
include_private=False,
)
if self.key_id:
service_info['key_id'] = self.key_id
self._last_known_ecc_map = kwargs.get('ecc_map')
if self._last_known_ecc_map is not None:
service_info['ecc_map'] = self._last_known_ecc_map
self._last_known_family_position = kwargs.get('family_position')
if self._last_known_family_position is not None:
service_info['position'] = self._last_known_family_position
self._last_known_family_snapshot = kwargs.get('family_snapshot')
if self._last_known_family_snapshot is not None:
service_info['family_snapshot'] = self._last_known_family_snapshot
request = p2p_service.SendRequestService(
remote_idurl=self.supplier_idurl,
service_name='service_supplier',
json_payload=service_info,
callbacks={
commands.Ack(): self._supplier_acked,
commands.Fail(): self._supplier_failed,
},
)
self.request_packet_id = request.PacketID
def register_customer_key(customer_public_key_id, customer_public_key):
"""
Check/refresh/store customer public key locally.
"""
if not customer_public_key_id or not customer_public_key:
lg.warn('customer public key was not provided in the request')
return False
customer_public_key_id = my_keys.latest_key_id(customer_public_key_id)
if my_keys.is_key_registered(customer_public_key_id):
known_customer_public_key = my_keys.get_public_key_raw(
customer_public_key_id)
if known_customer_public_key == customer_public_key:
lg.info(
'customer public key %r already known and public key is matching'
% customer_public_key_id)
else:
lg.warn('rewriting customer public key %r' %
customer_public_key_id)
my_keys.erase_key(customer_public_key_id)
key_id, key_object = my_keys.read_key_info(customer_public_key)
if not my_keys.register_key(key_id, key_object):
lg.err('failed to register customer public key: %r' %
customer_public_key_id)
return False
lg.info('new customer public key registered: %r' % customer_public_key_id)
return True
def doCancelService(self, *args, **kwargs):
"""
Action method.
"""
service_info = {}
my_customer_key_id = my_id.getGlobalID(key_alias='customer')
if my_keys.is_key_registered(my_customer_key_id):
service_info['customer_public_key'] = my_keys.get_key_info(
key_id=my_customer_key_id,
include_private=False,
include_signature=False,
generate_signature=False,
)
ecc_map = kwargs.get('ecc_map')
if ecc_map:
service_info['ecc_map'] = ecc_map
request = p2p_service.SendCancelService(
remote_idurl=self.supplier_idurl,
service_name='service_supplier',
json_payload=service_info,
callbacks={
commands.Ack(): self._supplier_service_acked,
commands.Fail(): self._supplier_service_failed,
},
)
self.request_packet_id = request.PacketID
def doRequestService(self, arg):
"""
Action method.
"""
service_info = {
'needed_bytes': self.needed_bytes,
'customer_id': global_id.UrlToGlobalID(self.customer_idurl),
}
my_customer_key_id = my_id.getGlobalID(key_alias='customer')
if my_keys.is_key_registered(my_customer_key_id):
service_info['customer_public_key'] = my_keys.get_key_info(
key_id=my_customer_key_id,
include_private=False,
)
if self.key_id:
service_info['key_id'] = self.key_id
if self.customer_idurl == my_id.getLocalIDURL():
service_info['ecc_map'] = eccmap.Current().name
request = p2p_service.SendRequestService(
remote_idurl=self.supplier_idurl,
service_name='service_supplier',
json_payload=service_info,
callbacks={
commands.Ack(): self._supplier_acked,
commands.Fail(): self._supplier_failed,
},
)
self.request_packet_id = request.PacketID
def doSendHisFiles(self, *args, **kwargs):
"""
Action method.
"""
customer_key_id = my_keys.make_key_id(
alias='customer', creator_idurl=self.customer_idurl)
if my_keys.is_key_registered(customer_key_id):
list_files.send(
customer_idurl=self.customer_idurl,
packet_id='%s:%s' % (
customer_key_id,
packetid.UniqueID(),
),
format_type=settings.ListFilesFormat(),
key_id=customer_key_id,
remote_idurl=self.customer_idurl, # send to the customer
)
else:
# if "customer" key is not delivered to me yet, use his "master" key
list_files.send(
customer_idurl=self.customer_idurl,
packet_id='%s:%s' % (
customer_key_id,
packetid.UniqueID(),
),
format_type=settings.ListFilesFormat(),
key_id=my_keys.make_key_id(alias='master',
creator_idurl=self.customer_idurl),
remote_idurl=self.customer_idurl, # send to the customer
)
lg.err('key %s is not registered, not able to send his files' %
customer_key_id)
def audit_private_key(key_id, untrusted_idurl, timeout=10):
"""
Be sure remote user posses given private key.
I need to posses the public key to be able to audit.
I will generate a random string, encrypt it with given key public key and send encrypted string to him.
He will decrypt and send me back original string.
Returns Deferred object.
"""
if _Debug:
lg.out(_DebugLevel, 'key_ring.audit_private_key testing %s from %s' % (key_id, untrusted_idurl))
result = Deferred()
recipient_id_obj = identitycache.FromCache(untrusted_idurl)
if not recipient_id_obj:
lg.warn('not found "%s" in identity cache' % untrusted_idurl)
result.errback(Exception('not found "%s" in identity cache' % untrusted_idurl))
return result
key_alias, creator_idurl = my_keys.split_key_id(key_id)
if not key_alias or not creator_idurl:
lg.warn('wrong key_id')
result.errback(Exception('wrong key_id'))
return result
private_test_sample = key.NewSessionKey()
if untrusted_idurl == creator_idurl and key_alias == 'master':
lg.warn('doing audit of master key (private part) of remote user')
private_test_encrypted_sample = recipient_id_obj.encrypt(private_test_sample)
else:
if not my_keys.is_key_registered(key_id):
lg.warn('unknown key: "%s"' % key_id)
result.errback(Exception('unknown key: "%s"' % key_id))
return result
private_test_encrypted_sample = my_keys.encrypt(key_id, private_test_sample)
json_payload = {
'key_id': key_id,
'audit': {
'public_sample': '',
'private_sample': base64.b64encode(private_test_encrypted_sample),
}
}
raw_payload = serialization.DictToBytes(json_payload, values_to_text=True)
block = encrypted.Block(
BackupID=key_id,
Data=raw_payload,
SessionKey=key.NewSessionKey(),
# encrypt data using public key of recipient
EncryptKey=lambda inp: recipient_id_obj.encrypt(inp),
)
encrypted_payload = block.Serialize()
p2p_service.SendAuditKey(
remote_idurl=recipient_id_obj.getIDURL(),
encrypted_payload=encrypted_payload,
packet_id=key_id,
timeout=timeout,
callbacks={
commands.Ack(): lambda response, info:
_on_audit_private_key_response(response, info, key_id, untrusted_idurl, private_test_sample, result),
commands.Fail(): lambda response, info: result.errback(Exception(response)),
None: lambda pkt_out: result.errback(Exception('timeout')), # timeout
},
)
return result
def on_private_key_received(newpacket, info, status, error_message):
block = encrypted.Unserialize(newpacket.Payload)
if block is None:
lg.out(
2, 'key_ring.received_private_key ERROR reading data from %s' %
newpacket.RemoteID)
return False
try:
key_data = block.Data()
key_json = json.loads(key_data)
key_id = str(key_json['key_id'])
# key_alias = key_json['alias']
# key_creator = key_json['creator']
# key_owner = key_json['owner']
private_key_string = str(key_json['private'])
except:
lg.exc()
return False
if my_keys.is_key_registered(key_id):
lg.warn('key "%s" already registered' % key_id)
return True
key_object = my_keys.register_key(key_id, private_key_string)
if not key_object:
return False
p2p_service.SendAck(newpacket)
return True
def decrypt(self, decrypt_session_func=None):
if not decrypt_session_func:
if my_keys.is_key_registered(self.recipient):
if _Debug:
lg.out(
_DebugLevel,
'message.PrivateMessage.decrypt with "%s" key' %
self.recipient)
decrypt_session_func = lambda inp: my_keys.decrypt(
self.recipient, inp)
if not decrypt_session_func:
glob_id = global_id.ParseGlobalID(self.recipient)
if glob_id['idurl'] == my_id.getLocalID():
if glob_id['key_alias'] == 'master':
if _Debug:
lg.out(
_DebugLevel,
'message.PrivateMessage.decrypt with "master" key')
decrypt_session_func = lambda inp: my_keys.decrypt(
'master', inp)
if not decrypt_session_func:
raise Exception('can not find key for given recipient: %s' %
self.recipient)
decrypted_sessionkey = decrypt_session_func(self.encrypted_session)
return key.DecryptWithSessionKey(decrypted_sessionkey,
self.encrypted_body)
def do_restore_key(key_id, is_private, keys_folder=None, wait_result=False):
"""
Restore given key from my suppliers if I do not have it locally.
"""
if _Debug:
lg.out(_DebugLevel, 'key_ring.do_restore_key key_id=%r is_private=%r' % (key_id, is_private, ))
if my_keys.is_key_registered(key_id):
lg.err('local key already exist: "%s"' % key_id)
if wait_result:
return fail(Exception('local key already exist: "%s"' % key_id))
return False
if not keys_folder:
keys_folder = settings.KeyStoreDir()
if is_private:
remote_path_for_key = '.keys/%s.private' % key_id
else:
remote_path_for_key = '.keys/%s.public' % key_id
global_key_path = global_id.MakeGlobalID(
key_alias='master', customer=my_id.getGlobalID(), path=remote_path_for_key)
ret = api.file_download_start(
remote_path=global_key_path,
destination_path=keys_folder,
wait_result=True,
open_share=False,
)
if not isinstance(ret, Deferred):
lg.err('failed to download key "%s": %s' % (key_id, ret))
if wait_result:
return fail(Exception('failed to download key "%s": %s' % (key_id, ret)))
return False
result = Deferred()
def _on_result(res):
if not isinstance(res, dict):
lg.err('failed to download key "%s": %s' % (key_id, res))
if wait_result:
result.errback(Exception('failed to download key "%s": %s' % (key_id, res)))
return None
if res['status'] != 'OK':
lg.err('failed to download key "%s": %r' % (key_id, res))
if wait_result:
result.errback(Exception('failed to download key "%s": %r' % (key_id, res)))
return None
if not my_keys.load_key(key_id, keys_folder):
lg.err('failed to read key "%s" from local folder "%s"' % (key_id, keys_folder))
if wait_result:
result.errback(Exception('failed to read key "%s" from local folder "%s"' % (key_id, keys_folder)))
return None
if _Debug:
lg.out(_DebugLevel, 'key_ring.do_restore_key._on_result key_id=%s is_private=%r : %r' % (key_id, is_private, res))
if wait_result:
result.callback(res)
return None
ret.addBoth(_on_result)
if not wait_result:
return True
return result
def init():
lg.out(4, "message_keeper.init")
message.AddIncomingMessageCallback(on_incoming_message)
message.AddOutgoingMessageCallback(on_outgoing_message)
if not my_keys.is_key_registered(messages_key_id()):
my_keys.generate_key(messages_key_id(),
key_size=settings.getPrivateKeySize())
def transfer_key(key_id, trusted_idurl, include_private=False, include_signature=False, timeout=10, result=None):
"""
Actually sending given key to remote user.
"""
if _Debug:
lg.out(_DebugLevel, 'key_ring.transfer_key %s -> %s' % (key_id, trusted_idurl))
if not result:
result = Deferred()
recipient_id_obj = identitycache.FromCache(trusted_idurl)
if not recipient_id_obj:
lg.warn('not found "%s" in identity cache' % trusted_idurl)
result.errback(Exception('not found "%s" in identity cache' % trusted_idurl))
return result
key_alias, creator_idurl = my_keys.split_key_id(key_id)
if not key_alias or not creator_idurl:
lg.warn('wrong key_id')
result.errback(Exception('wrong key_id'))
return result
if not my_keys.is_key_registered(key_id):
lg.warn('unknown key: "%s"' % key_id)
result.errback(Exception('unknown key: "%s"' % key_id))
return result
key_object = my_keys.key_obj(key_id)
try:
key_json = my_keys.make_key_info(
key_object,
key_id=key_id,
include_private=include_private,
include_signature=include_signature,
)
except Exception as exc:
lg.exc()
result.errback(exc)
return result
key_data = serialization.DictToBytes(key_json, values_to_text=True)
block = encrypted.Block(
BackupID=key_id,
Data=key_data,
SessionKey=key.NewSessionKey(session_key_type=key.SessionKeyType()),
SessionKeyType=key.SessionKeyType(),
# encrypt data using public key of recipient
EncryptKey=lambda inp: recipient_id_obj.encrypt(inp),
)
encrypted_key_data = block.Serialize()
p2p_service.SendKey(
remote_idurl=recipient_id_obj.getIDURL(),
encrypted_key_data=encrypted_key_data,
packet_id=key_id,
callbacks={
commands.Ack(): lambda response, info: _on_transfer_key_response(response, info, key_id, result),
commands.Fail(): lambda response, info: _on_transfer_key_response(response, info, key_id, result),
None: lambda pkt_out: _on_transfer_key_response(None, None, key_id, result),
},
timeout=timeout,
)
return result
def doPrepare(self, *args, **kwargs):
"""
Action method.
"""
self.restored_count = 0
self.saved_count = 0
self.deleted_count = 0
self.stored_keys = {}
self.not_stored_keys = {}
self.unreliable_keys = {}
self.keys_to_upload = set()
self.keys_to_erase = {}
self.keys_to_rename = {}
lookup = backup_fs.ListChildsByPath(
path='.keys',
recursive=False,
)
if isinstance(lookup, list):
minimum_reliable_percent = eccmap.GetCorrectablePercent(
eccmap.Current().suppliers_number)
for i in lookup:
if i['path'].endswith('.public'):
stored_key_id = i['path'].replace('.public', '').replace(
'.keys/', '')
is_private = False
else:
stored_key_id = i['path'].replace('.private', '').replace(
'.keys/', '')
is_private = True
stored_key_id = my_keys.latest_key_id(stored_key_id)
is_reliable = False
for v in i['versions']:
try:
reliable = float(v['reliable'].replace('%', ''))
except:
lg.exc()
reliable = 0.0
if reliable >= minimum_reliable_percent:
is_reliable = True
break
if is_reliable:
self.stored_keys[stored_key_id] = is_private
else:
if is_private and my_keys.is_key_private(stored_key_id):
self.not_stored_keys[stored_key_id] = is_private
elif not is_private and my_keys.is_key_registered(
stored_key_id):
self.not_stored_keys[stored_key_id] = is_private
else:
self.unreliable_keys[stored_key_id] = is_private
if _Debug:
lg.args(_DebugLevel,
stored_keys=len(self.stored_keys),
not_stored_keys=list(self.not_stored_keys.keys()),
unreliable_keys=len(self.unreliable_keys))
def generate_group_key(creator_id=None, label=None, key_size=4096, group_alias=None):
group_key_id = None
if group_alias:
group_key_id = my_keys.make_key_id(alias=group_alias, creator_glob_id=creator_id)
if my_keys.is_key_registered(group_key_id):
return my_keys.latest_key_id(group_key_id)
else:
while True:
random_sample = os.urandom(24)
group_alias = 'group_%s' % strng.to_text(key.HashMD5(random_sample, hexdigest=True))
group_key_id = my_keys.make_key_id(alias=group_alias, creator_glob_id=creator_id)
if my_keys.is_key_registered(group_key_id):
continue
break
if not label:
label = 'group%s' % utime.make_timestamp()
my_keys.generate_key(key_id=group_key_id, label=label, key_size=key_size)
my_keys.sign_key(key_id=group_key_id, save=True)
if _Debug:
lg.args(_DebugLevel, group_key_id=group_key_id, group_alias=group_alias, creator_id=creator_id, label=label)
return group_key_id
def on_audit_key_received(newpacket, info, status, error_message):
"""
Callback will be executed when remote user would like to check if I poses given key locally.
"""
block = encrypted.Unserialize(newpacket.Payload)
if block is None:
lg.out(
2, 'key_ring.on_audit_key_received ERROR reading data from %s' %
newpacket.RemoteID)
return False
try:
raw_payload = block.Data()
json_payload = serialization.BytesToDict(raw_payload,
keys_to_text=True,
values_to_text=True)
key_id = json_payload['key_id']
json_payload['audit']
public_sample = base64.b64decode(
json_payload['audit']['public_sample'])
private_sample = base64.b64decode(
json_payload['audit']['private_sample'])
except Exception as exc:
lg.exc()
p2p_service.SendFail(newpacket, str(exc))
return False
if not my_keys.is_valid_key_id(key_id):
p2p_service.SendFail(newpacket, 'invalid key id')
return False
if not my_keys.is_key_registered(key_id, include_master=True):
p2p_service.SendFail(newpacket, 'key not registered')
return False
if public_sample:
response_payload = base64.b64encode(
my_keys.encrypt(key_id, public_sample))
p2p_service.SendAck(newpacket, response_payload)
if _Debug:
lg.info('remote user %s requested audit of public key %s' %
(newpacket.OwnerID, key_id))
return True
if private_sample:
if not my_keys.is_key_private(key_id):
p2p_service.SendFail(newpacket, 'private key not registered')
return False
response_payload = base64.b64encode(
my_keys.decrypt(key_id, private_sample))
p2p_service.SendAck(newpacket, response_payload)
if _Debug:
lg.info('remote user %s requested audit of private key %s' %
(newpacket.OwnerID, key_id))
return True
p2p_service.SendFail(newpacket, 'wrong audit request')
return False
def open_queue(queue_id):
global _ActiveQueues
if not valid_queue_id(queue_id):
raise Exception('invalid queue id')
if queue_id in queue():
raise Exception('queue already exist')
queue_info = global_id.ParseGlobalQueueID(queue_id)
customer_key_id = global_id.MakeGlobalID(customer=queue_info['owner_id'], key_alias='customer')
if not my_keys.is_key_registered(customer_key_id):
raise Exception('customer key for given queue not found')
_ActiveQueues[queue_id] = OrderedDict()
lg.info('new queue opened %s based on key %s' % (queue_id, customer_key_id))
return True
def doSendPubKeyToSuppliers(self, *args, **kwargs):
"""
Action method.
"""
if not my_keys.is_key_registered(self.key_id):
self.automat('fail', Exception('key not found'))
return
self.suppliers_acks = 0
for supplier_idurl in contactsdb.suppliers():
d = key_ring.share_key(self.key_id, supplier_idurl, include_private=False)
d.addCallback(self._on_supplier_pub_key_shared, supplier_idurl)
d.addErrback(self._on_supplier_pub_key_failed, supplier_idurl)
self.suppliers_responses[supplier_idurl] = d
def _on_my_keys_synchronized(self, evt):
from logs import lg
from main import settings
from storage import keys_synchronizer
from crypt import my_keys
from chat import message_keeper
if not my_keys.is_key_registered(message_keeper.messages_key_id(
)) and keys_synchronizer.is_synchronized():
lg.info(
'key to store messages was not found but we know that all my keys are in sync, generate a new key: %s'
% message_keeper.messages_key_id())
my_keys.generate_key(message_keeper.messages_key_id(),
key_size=settings.getPrivateKeySize())
def _do_request_supplier_service(self, ecc_map, family_position,
family_snapshot):
if _Debug:
lg.args(_DebugLevel,
supplier_idurl=self.supplier_idurl,
ecc_map=ecc_map,
family_position=family_position,
family_snapshot=family_snapshot)
if not self.supplier_idurl:
lg.warn(
'supplier idurl is empty, SKIP sending supplier_service request'
)
return
service_info = {
'needed_bytes': self.needed_bytes,
'customer_id': global_id.UrlToGlobalID(self.customer_idurl),
}
my_customer_key_id = my_id.getGlobalID(key_alias='customer')
if my_keys.is_key_registered(my_customer_key_id):
service_info['customer_public_key'] = my_keys.get_key_info(
key_id=my_customer_key_id,
include_private=False,
include_signature=True,
generate_signature=True,
)
else:
lg.warn('my own customer key is not registered: %r' %
my_customer_key_id)
if self.key_id:
service_info['key_id'] = self.key_id
self._last_known_ecc_map = ecc_map
if self._last_known_ecc_map is not None:
service_info['ecc_map'] = self._last_known_ecc_map
self._last_known_family_position = family_position
if self._last_known_family_position is not None:
service_info['position'] = self._last_known_family_position
self._last_known_family_snapshot = family_snapshot
if self._last_known_family_snapshot is not None:
service_info['family_snapshot'] = id_url.to_bin_list(
self._last_known_family_snapshot)
request = p2p_service.SendRequestService(
remote_idurl=self.supplier_idurl,
service_name='service_supplier',
json_payload=service_info,
callbacks={
commands.Ack(): self._supplier_service_acked,
commands.Fail(): self._supplier_service_failed,
},
)
self.request_packet_id = request.PacketID
def _on_my_keys_synchronized(self, evt):
from logs import lg
from main import settings
from storage import keys_synchronizer
from crypt import my_keys
from userid import my_id
customer_key_id = my_id.getGlobalID(key_alias='customer')
if not my_keys.is_key_registered(
customer_key_id) and keys_synchronizer.is_synchronized():
lg.info(
'customer key was not found but we know that all keys are in sync, generate new key: %s'
% customer_key_id)
my_keys.generate_key(customer_key_id,
key_size=settings.getPrivateKeySize())
def send(customer_idurl, packet_id, format_type, key_id, remote_idurl):
if not my_keys.is_key_registered(key_id):
lg.warn(
'not able to return Files() for customer %s, key %s not registered'
% (
customer_idurl,
key_id,
))
return p2p_service.SendFailNoRequest(customer_idurl, packet_id)
if _Debug:
lg.out(
_DebugLevel,
"list_files.send to %s, customer_idurl=%s, key_id=%s" % (
remote_idurl,
customer_idurl,
key_id,
))
ownerdir = settings.getCustomerFilesDir(customer_idurl)
plaintext = ''
if os.path.isdir(ownerdir):
for key_alias in os.listdir(ownerdir):
if not misc.ValidKeyAlias(str(key_alias)):
continue
key_alias_dir = os.path.join(ownerdir, key_alias)
plaintext += TreeSummary(key_alias_dir, key_alias)
else:
lg.warn('did not found customer dir: %s' % ownerdir)
if _Debug:
lg.out(_DebugLevel + 8, '\n%s' % plaintext)
raw_list_files = PackListFiles(plaintext, format_type)
block = encrypted.Block(
CreatorID=my_id.getLocalID(),
BackupID=key_id,
Data=raw_list_files,
SessionKey=key.NewSessionKey(),
EncryptKey=key_id,
)
encrypted_list_files = block.Serialize()
newpacket = p2p_service.SendFiles(
idurl=remote_idurl,
raw_list_files_info=encrypted_list_files,
packet_id=packet_id,
callbacks={
commands.Ack(): on_acked,
commands.Fail(): on_failed,
None: on_timeout,
},
)
return newpacket
def doCleanKeys(self, *args, **kwargs):
"""
Action method.
"""
keys_deleted = []
for key_id, is_private in self.stored_keys.items():
if not my_keys.is_key_registered(key_id):
self.keys_to_erase[key_id] = is_private
for key_id, is_private in self.keys_to_erase.items():
res = key_ring.do_delete_key(key_id, is_private)
keys_deleted.append(res)
self.deleted_count += 1
if _Debug:
lg.args(_DebugLevel, restored=self.restored_count, saved=self.saved_count, deleted=self.deleted_count)
self.automat('clean-ok')
def start(self):
from contacts import contactsdb
from crypt import my_keys
from customer import supplier_connector
from userid import my_id
from logs import lg
customer_key_id = my_id.getGlobalID(key_alias='customer')
if not my_keys.is_key_registered(customer_key_id):
lg.warn('customer key was not found, generate new key: %s' % customer_key_id)
my_keys.generate_key(customer_key_id)
for supplier_idurl in contactsdb.suppliers():
if supplier_idurl and not supplier_connector.by_idurl(supplier_idurl, customer_idurl=my_id.getLocalID()):
supplier_connector.create(supplier_idurl, customer_idurl=my_id.getLocalID())
# TODO: read from dht and connect to other suppliers - from other customers who shared data to me
return True
def doSendHisFiles(self, arg):
"""
Action method.
"""
customer_key_id = my_keys.make_key_id(alias='customer', creator_idurl=self.customer_idurl)
if my_keys.is_key_registered(customer_key_id):
list_files.send(
customer_idurl=self.customer_idurl,
packet_id='%s:%s' % (customer_key_id, packetid.UniqueID(), ),
format_type=settings.ListFilesFormat(),
key_id=customer_key_id,
remote_idurl=self.customer_idurl, # send to the customer
)
else:
lg.warn('key %s is not registered, not able to send his files' % customer_key_id)
def doDeactivate(self, event, *args, **kwargs):
"""
Action method.
"""
if event == 'leave':
groups.set_group_active(self.group_key_id, False)
groups.save_group_info(self.group_key_id)
if kwargs.get('erase_key', False):
if my_keys.is_key_registered(self.group_key_id):
my_keys.erase_key(self.group_key_id)
else:
lg.warn('key %r not registered, can not be erased' %
self.group_key_id)
else:
groups.save_group_info(self.group_key_id)
