def register_customer_key(customer_public_key_id, customer_public_key):
"""
Check/refresh/store customer public key locally.
"""
if not customer_public_key_id or not customer_public_key:
lg.warn('customer public key was not provided in the request')
return False
customer_public_key_id = my_keys.latest_key_id(customer_public_key_id)
if my_keys.is_key_registered(customer_public_key_id):
known_customer_public_key = my_keys.get_public_key_raw(
customer_public_key_id)
if known_customer_public_key == customer_public_key:
lg.info(
'customer public key %r already known and public key is matching'
% customer_public_key_id)
else:
lg.warn('rewriting customer public key %r' %
customer_public_key_id)
my_keys.erase_key(customer_public_key_id)
key_id, key_object = my_keys.read_key_info(customer_public_key)
if not my_keys.register_key(key_id, key_object):
lg.err('failed to register customer public key: %r' %
customer_public_key_id)
return False
lg.info('new customer public key registered: %r' % customer_public_key_id)
return True
def do_check_create_rename_key(self, new_key_id):
from logs import lg
from crypt import my_keys
from chat import message_database
try:
new_public_key = my_keys.get_public_key_raw(new_key_id)
except:
lg.exc()
return
try:
new_local_key_id = my_keys.get_local_key_id(new_key_id)
except:
lg.exc()
return
if new_local_key_id is None:
lg.err('did not found local_key_id for %r' % new_key_id)
return
message_database.check_create_rename_key(
new_public_key=new_public_key,
new_key_id=new_key_id,
new_local_key_id=new_local_key_id,
)
def on_key_received(newpacket, info, status, error_message):
block = encrypted.Unserialize(newpacket.Payload)
if block is None:
lg.out(
2, 'key_ring.on_key_received ERROR reading data from %s' %
newpacket.RemoteID)
return False
try:
key_data = block.Data()
key_json = json.loads(key_data)
key_id = key_json['key_id']
key_id, key_object = my_keys.read_key_info(key_json)
if key_object.isPublic():
# received key is a public key
if my_keys.is_key_registered(key_id):
# but we already have a key with that ID
if my_keys.is_key_private(key_id):
# we should not overwrite existing private key
raise Exception('private key already registered')
if my_keys.get_public_key_raw(
key_id, 'openssh') != key_object.toString('openssh'):
# and we should not overwrite existing public key as well
raise Exception(
'another key already registered with that ID')
p2p_service.SendAck(newpacket)
lg.warn('received existing public key: %s, skip' % key_id)
return True
if not my_keys.register_key(key_id, key_object):
raise Exception('key register failed')
else:
lg.info('added new key %s, is_public=%s' %
(key_id, key_object.isPublic()))
p2p_service.SendAck(newpacket)
if _Debug:
lg.info(
'received and stored locally a new key %s, include_private=%s'
% (key_id, key_json.get('include_private')))
return True
# received key is a private key
if my_keys.is_key_registered(key_id):
# check if we already have that key
if my_keys.is_key_private(key_id):
# we have already private key with same ID!!!
if my_keys.get_private_key_raw(
key_id, 'openssh') != key_object.toString('openssh'):
# and this is a new private key : we should not overwrite!
raise Exception('private key already registered')
# this is the same private key
p2p_service.SendAck(newpacket)
lg.warn('received existing private key: %s, skip' % key_id)
return True
# but we have a public key with same ID
if my_keys.get_public_key_raw(
key_id,
'openssh') != key_object.public().toString('openssh'):
# and we should not overwrite existing public key as well
raise Exception('another key already registered with that ID')
lg.info('erasing public key %s' % key_id)
my_keys.erase_key(key_id)
if not my_keys.register_key(key_id, key_object):
raise Exception('key register failed')
lg.info('added new key %s, is_public=%s' %
(key_id, key_object.isPublic()))
p2p_service.SendAck(newpacket)
return True
# no private key with given ID was registered
if not my_keys.register_key(key_id, key_object):
raise Exception('key register failed')
lg.info('added new key %s, is_public=%s' %
(key_id, key_object.isPublic()))
p2p_service.SendAck(newpacket)
return True
except Exception as exc:
lg.exc()
p2p_service.SendFail(newpacket, str(exc))
return False
def on_key_received(newpacket, info, status, error_message):
"""
Callback will be executed when I receive a new key from one remote user.
"""
block = encrypted.Unserialize(newpacket.Payload)
if block is None:
lg.err('failed reading key info from %s' % newpacket.RemoteID)
return False
try:
key_data = block.Data()
key_json = serialization.BytesToDict(key_data, keys_to_text=True, values_to_text=True)
key_id = key_json['key_id']
key_label = key_json.get('label', '')
key_id, key_object = my_keys.read_key_info(key_json)
if key_object.isSigned():
if not my_keys.verify_key_info_signature(key_json):
raise Exception('key signature verification failed')
if key_object.isPublic():
# received key is a public key
if my_keys.is_key_registered(key_id):
# but we already have a key with that ID
if my_keys.is_key_private(key_id):
# we should not overwrite existing private key
raise Exception('private key already registered')
if my_keys.get_public_key_raw(key_id) != key_object.toPublicString():
# and we should not overwrite existing public key as well
raise Exception('another public key already registered with that ID and it is not matching')
p2p_service.SendAck(newpacket)
lg.warn('received existing public key: %s, skip' % key_id)
return True
if not my_keys.register_key(key_id, key_object, label=key_label):
raise Exception('key register failed')
else:
lg.info('added new key %s, is_public=%s' % (key_id, key_object.isPublic()))
p2p_service.SendAck(newpacket)
if _Debug:
lg.info('received and stored locally a new key %s, include_private=%s' % (key_id, key_json.get('include_private')))
return True
# received key is a private key
if my_keys.is_key_registered(key_id):
# check if we already have that key
if my_keys.is_key_private(key_id):
# we have already private key with same ID!!!
if my_keys.get_private_key_raw(key_id) != key_object.toPrivateString():
# and this is a new private key : we should not overwrite!
raise Exception('private key already registered and it is not matching')
# this is the same private key
p2p_service.SendAck(newpacket)
lg.warn('received existing private key: %s, skip' % key_id)
return True
# but we have a public key with same ID already
if my_keys.get_public_key_raw(key_id) != key_object.toPublicString():
# and we should not overwrite existing public key as well
raise Exception('another public key already registered with that ID and it is not matching with private key')
lg.info('erasing public key %s' % key_id)
my_keys.erase_key(key_id)
if not my_keys.register_key(key_id, key_object, label=key_label):
raise Exception('key register failed')
lg.info('added new key %s, is_public=%s' % (key_id, key_object.isPublic()))
p2p_service.SendAck(newpacket)
return True
# no private key with given ID was registered
if not my_keys.register_key(key_id, key_object, label=key_label):
raise Exception('key register failed')
lg.info('added new key %s, is_public=%s' % (key_id, key_object.isPublic()))
p2p_service.SendAck(newpacket)
return True
except Exception as exc:
lg.exc()
p2p_service.SendFail(newpacket, strng.to_text(exc))
return False
def on_key_received(newpacket, info, status, error_message):
"""
Callback will be executed when I receive a new key from one remote user.
"""
block = encrypted.Unserialize(newpacket.Payload)
if block is None:
lg.err('failed reading key info from %s' % newpacket.RemoteID)
return False
try:
key_data = block.Data()
key_json = serialization.BytesToDict(key_data, keys_to_text=True, values_to_text=True)
# key_id = strng.to_text(key_json['key_id'])
key_label = strng.to_text(key_json.get('label', ''))
key_id, key_object = my_keys.read_key_info(key_json)
if key_object.isSigned():
if not my_keys.verify_key_info_signature(key_json):
raise Exception('received key signature verification failed: %r' % key_json)
# TODO: must also compare "signature_pubkey" with pub key of the creator of the key!
if key_object.isPublic():
# received key is a public key
if my_keys.is_key_registered(key_id):
# but we already have a key with that ID
if my_keys.is_key_private(key_id):
# we should not overwrite existing private key
# TODO: check other scenarios
raise Exception('private key already registered with %r' % key_id)
if my_keys.get_public_key_raw(key_id) != key_object.toPublicString():
my_keys.erase_key(key_id)
if not my_keys.register_key(key_id, key_object, label=key_label):
raise Exception('key register failed')
else:
lg.info('replaced existing key %s, is_public=%s' % (key_id, key_object.isPublic()))
# normally should not overwrite existing public key
# TODO: look more if need to add some extra checks
# for example need to be able to overwrite or erase remotely some keys to cleanup
# raise Exception('another public key already registered with %r and new key is not matching' % key_id)
p2p_service.SendAck(newpacket)
lg.warn('received existing public key: %s, skip' % key_id)
return True
if not my_keys.register_key(key_id, key_object, label=key_label):
raise Exception('key register failed')
else:
lg.info('added new key %s, is_public=%s' % (key_id, key_object.isPublic()))
p2p_service.SendAck(newpacket)
if _Debug:
lg.info('received and stored locally a new key %s, include_private=%s' % (key_id, key_json.get('include_private')))
return True
# received key is a private key
if my_keys.is_key_registered(key_id):
# check if we already have that key
if my_keys.is_key_private(key_id):
# we have already private key with same ID!!!
if my_keys.get_private_key_raw(key_id) != key_object.toPrivateString():
# and this is a new private key : we should not overwrite!
raise Exception('private key already registered and it is not matching with received copy')
# this is the same private key
p2p_service.SendAck(newpacket)
lg.warn('received again an exact copy of already existing private key: %s, skip' % key_id)
return True
# but we have a public key with same ID already
# if my_keys.get_public_key_raw(key_id) != key_object.toPublicString():
# # and we should not overwrite existing public key as well
# raise Exception('another public key already registered with that ID and it is not matching with private key')
lg.info('erasing public key %s' % key_id)
my_keys.erase_key(key_id)
if not my_keys.register_key(key_id, key_object, label=key_label):
raise Exception('key register failed')
lg.info('added new key %s, is_public=%s' % (key_id, key_object.isPublic()))
p2p_service.SendAck(newpacket)
return True
# no private key with given ID was registered
if not my_keys.register_key(key_id, key_object, label=key_label):
raise Exception('key register failed')
lg.info('added new key %s, is_public=%s' % (key_id, key_object.isPublic()))
p2p_service.SendAck(newpacket)
return True
except Exception as exc:
lg.exc()
p2p_service.SendFail(newpacket, strng.to_text(exc))
return False
