def process_bdoc(self, bdocfile):
config = bdocconfig.BDocConfig()
config.load(Election().get_bdoc_conf())
self.__bdoc = bdocpythonutils.BDocContainer()
self.__bdoc.load(bdocfile)
profile = bdocpythonutils.ManifestProfile('TM', \
'application/octet-stream')
self.__bdoc.validate(profile)
if len(self.__bdoc.signatures) != 1:
return False, "BDoc sisaldab rohkem kui ühte allkirja"
verifier = bdocpython.BDocVerifier()
config.populate(verifier)
for el in self.__bdoc.documents:
verifier.setDocument(self.__bdoc.documents[el], el)
_, sig_content = self.__bdoc.signatures.popitem()
res = verifier.verifyTMOffline(sig_content)
if res.result:
return True, res.subject
return False, res.error
def check_bdoc_conf(conf_dir):
tmpdir = None
try:
conf = bdocconfig.BDocConfig()
conf.load(conf_dir)
dirname = tempfile.mkdtemp()
conf.save(dirname)
cacerts1 = set()
cadir = "%s/ca" % dirname
for root, dirs, files in os.walk(cadir):
for el in files:
cacerts1.add(el)
processed = subprocess.check_output(['c_rehash', cadir])
lines = processed.split('\n')
cacerts2 = set()
for line in lines:
m = re.match(r"(.*) => (.*)", line)
if m:
cacerts2.add(m.group(1))
return cacerts1.difference(cacerts2)
finally:
if tmpdir:
shutil.rmtree(tmpdir)
def check_ocsp():
log = evlog.Logger()
log.set_format(evlog.AppLogFormat('OCSPWD'))
log.set_logs(Election().get_path(evcommon.OCSP_LOG_FILE))
try:
_conf = bdocconfig.BDocConfig()
_conf.load(Election().get_bdoc_conf())
_ocsp = _conf.get_ocsp_responders()
for el in _ocsp:
app = ('openssl ocsp -issuer "%s" -serial 123 -url "%s" -noverify'
% (_ocsp[el], el))
pp = subprocess.Popen(app, shell=True, stdin=subprocess.PIPE,
stdout=subprocess.PIPE, close_fds=True)
is_ok = 0
start = time.time()
while True:
line = pp.stdout.readline()
if not line:
break
if line.strip().find('This Update:') != -1:
is_ok = 1
end = time.time()
if is_ok:
log.log_info(message='OCSP päringu tegemiseks kulus %5.2f sekundit' % (end - start))
else:
log.log_info(message='OCSP ei vasta')
except:
log.log_err(message=exception_msg.trace())
def verify_vote(self, votedata):
import regrights
self.user_msg = EV_ERRORS.TEHNILINE_VIGA
conf = bdocconfig.BDocConfig()
conf.load(Election().get_bdoc_conf())
self.bdoc = bdocpythonutils.BDocContainer()
self.bdoc.load_bytes(votedata)
self.bdoc.validateflex()
res = self.__check_incoming_vote(conf)
if not res.result:
self.log_msg = res.error
if self.user_msg == '':
self.user_msg = EV_ERRORS.TEHNILINE_VIGA
if not res.ocsp_is_good:
self.user_msg = EV_ERRORS.SERTIFIKAAT_ON_TYHISTATUD_VOI_PEATATUD
raise HTSStoreException, evcommon.EVOTE_CERT_ERROR
raise HTSStoreException, evcommon.EVOTE_ERROR
self.signercode = regrights.get_personal_code(res.subject)
self.ocsp_time = res.ocsp_time
self.signed_vote = self.bdoc.get_bytes()
def __init__(self):
self.elid = None
self._ed = None
self._ch = None
self.reg = None
self.quest = None
self.root = None
self.backup_dir = None
self.conf = bdocconfig.BDocConfig()
self.conf.load(Election().get_bdoc_conf())
def __init__(self):
self.elid = None
self._vl = None
self._ed = None
self._ch = None
self.reg = None
self.quest = None
self.root = None
self.jaosk_f = None
self.voter_f = None
self.valik_f = None
self.voter_public_key_f = None
self.conf = bdocconfig.BDocConfig()
self.conf.load(Election().get_bdoc_conf())
def status_verify(self):
import bdocconfig
tic = ticker.Counter('Hääli:', '\tKorras: %d\tVigaseid: %d')
tic.start('Hääletuse \"%s\" olekuanalüüs' % self._elid)
conf = bdocconfig.BDocConfig()
conf.load(Election().get_bdoc_conf())
for path in os.walk(self._reg.path(['hts', 'votes'])):
root = path[0]
code = root.split('/').pop()
if not formatutil.is_isikukood(code):
continue
user_revoked = False
valid_files = []
for vote_file in path[2]:
if htscommon.REVOKE_REASON_PATTERN.match(vote_file):
user_revoked = True
continue
if htscommon.VOTE_VERIFICATION_ID_FILENAME == vote_file:
continue
if htscommon.PARTIAL_VOTE_PATTERN.match(vote_file):
continue
if not htscommon.VALID_VOTE_PATTERN.match(vote_file):
self.__sti.unknown_file(
1, '\tTundmatu fail: ' + code + '/' + vote_file)
continue
valid_files.append(vote_file)
if len(valid_files) > 0:
valid_files.sort()
latest = valid_files.pop()
res, msg = self.do_verify(root, latest, conf, code)
if not user_revoked:
self.__sti.valid_vote(1, msg, res)
else:
self.__sti.userrevoked_vote(1, msg, res)
self.__sti.autorevoked_vote(len(valid_files), None, True)
else:
self.__sti.unknown_file(1, '\tHäälteta kaust: ' + code)
tic.tick(1, self.__sti.ok_count(), self.__sti.bad_count())
tic.finish()
def check_vote(self, mobid):
try:
bdocpython.initialize()
conf = bdocconfig.BDocConfig()
conf.load(Election().get_bdoc_conf())
alines = []
elines = []
if mobid:
alines, elines = \
regrights.analyze_signature_for_log(self._decoded_vote)
else:
alines, elines = \
regrights.analyze_vote_for_log(self._decoded_vote)
for el in alines:
evlog.log(el)
for el in elines:
evlog.log_error(el)
res = None
if mobid:
res = regrights.check_vote_hes_mobid(self._decoded_vote, conf)
else:
res = regrights.check_vote_hes(self._decoded_vote, conf)
if not res.result:
self.error.log_msg = res.error
if self.error.user_msg == '':
self.error.user_msg = evmessage.EV_ERRORS.TEHNILINE_VIGA
self.error.user_code = evcommon.EVOTE_ERROR
if not res.cert_is_valid:
self.error.user_msg =\
evmessage.EV_ERRORS.SERTIFIKAAT_ON_AEGUNUD
self.error.user_code = evcommon.EVOTE_CERT_ERROR
return False
ik_ver = regrights.get_personal_code(res.subject)
if self._ik != ik_ver:
self.error.log_msg = \
'Autentija (%s) ja allkirjastaja (%s) erinevad' % \
(self._ik, ik_ver)
self.error.user_msg = \
evmessage.EV_ERRORS.TEHNILINE_VIGA
self.error.user_code = evcommon.EVOTE_ERROR
return False
return True
except:
self.error.user_msg = evmessage.EV_ERRORS.TEHNILINE_VIGA
self.error.user_code = evcommon.EVOTE_ERROR
self.error.log_msg = exception_msg.trace()
finally:
bdocpython.terminate()
return False
def set_bdoc_conf(conf_dir):
conf = bdocconfig.BDocConfig()
conf.load(conf_dir)
conf.save(Election().get_bdoc_conf())
subprocess.check_call(['c_rehash', Election().get_bdoc_ca()])
elid = sys.argv[1]
infile = sys.argv[2]
p_time = "00:00:00"
evlog.AppLog().set_app('HTS', elid)
tmp_f = None
try:
try:
s_time = time.time()
evlog.AppLog().log(
'Tühistus-/ennistusnimekirja laadimine: ALGUS')
bdocpython.initialize()
bconf = bdocconfig.BDocConfig()
bconf.load(election.Election().get_bdoc_conf())
result = regrights.kontrolli_volitusi(elid, infile, 'TYHIS', bconf)
if not result[0]:
errmsg = 'Tühistus-/ennistusnimekirja volituste ' \
'kontroll andis negatiivse tulemuse: '
errmsg += result[1]
raise Exception(errmsg)
_signercode = result[2]
tmp_f = bdocpythonutils.get_doc_content_file(infile)
all_, res_a, res_u = restore_revoke(elid, tmp_f, _signercode)
p_time = time.strftime("%H:%M:%S",
time.gmtime(long(time.time() - s_time)))
if len(sys.argv) == 3:
contentType = 'application/octet-stream'
elif len(sys.argv) == 4:
contentType = sys.argv[3]
else:
print "bdoctool mode file [content-type]"
exit(1)
print 'Expecting content type:', contentType
with file(sys.argv[2]) as f:
zipbytes = f.read()
bdocpython.initialize()
config = bdocconfig.BDocConfig()
bdoc = bdocpythonutils.BDocContainer()
bdoc.load_bytes(zipbytes)
profile_type = 'TM' if method == 'tm' else 'BES'
bdoc.validate(
bdocpythonutils.ManifestProfile(profile_type, datatype=contentType))
sigfiles = bdoc.signatures.keys()
if len(sigfiles) == 0:
raise Exception, "BDoc ei sisalda ühtegi allkirja"
sigfiles = bdoc.signatures.keys()
if len(sigfiles) != 1:
raise Exception, "BDoc sisaldab rohkem kui ühte allkirja"