def __proxy(self, vote=None, votebox=None): try: evlog.log(LOGSIG[self.__task] + ': ALGUS') if ElectionState().election_on(): security = CertAnalyzer() if security.work(): if self.__task == TASK_CAND: return \ self.__get_candidate_list(security.valid_person()) elif self.__task == TASK_VOTE: return self.__hts_vote(\ security.valid_person(), vote, votebox) else: r1, r2 = protocol.msg_error_technical() return self.__return_error(r1, r2) else: evlog.log_error('Viga: "%s"' % security.logmsg) return \ self.__return_error(security.errcode, security.errmsg) else: r1, r2 = ElectionState().election_off_msg() return self.__return_error(r1, r2) except: return self.__return_exception() finally: evlog.log(LOGSIG[self.__task] + ': LõPP')
def _check_vote(self, ringkond, district, haal, line_nr): ret = True if haal == CORRUPTED_VOTE: errstr = "Häält (rida=%d) ei õnnestunud dekrüptida" % line_nr evlog.log_error(errstr) ret = False else: lst = haal.split('\n') if ((len(lst) != 4) or \ (lst[0] != evcommon.VERSION) or \ (lst[1] != self._elid) or \ (lst[3] != "")): ret = False else: if not formatutil.is_valiku_kood(lst[2]): ret = False elif lst[2].split(".")[0] != ringkond[0]: ret = False if ret and self.__cnt.has_choice(ringkond, district, lst[2]): self.__cnt.add_vote(ringkond, district, lst[2]) else: ret = False self._add_kehtetu(ringkond, district) return ret
def __proxy(self, vote = None, votebox = None): try: evlog.log(LOGSIG[self.__task] + ': ALGUS') if ElectionState().election_on(): security = CertAnalyzer() if security.work(): if self.__task == TASK_CAND: return \ self.__get_candidate_list(security.valid_person()) elif self.__task == TASK_VOTE: return self.__hts_vote(\ security.valid_person(), vote, votebox) else: r1, r2 = protocol.msg_error_technical() return self.__return_error(r1, r2) else: evlog.log_error('Viga: "%s"' % security.logmsg) return \ self.__return_error(security.errcode, security.errmsg) else: r1, r2 = ElectionState().election_off_msg() return self.__return_error(r1, r2) except: return self.__return_exception() finally: evlog.log(LOGSIG[self.__task] + ': LõPP')
def _count_votes(self): dvl = DecodedVoteList(self, self.__cnt) dvl.attach_logger(evlog.AppLog()) dvl.attach_elid(self._elid) if not dvl.check_format(self.output_file, 'Loen hääli: '): evlog.log_error('Häälte lugemine ebaõnnestus') return False return True
def check_vote(self, mobid): try: bdocpython.initialize() conf = bdocconfig.BDocConfig() conf.load(Election().get_bdoc_conf()) alines = [] elines = [] if mobid: alines, elines = regrights.analyze_signature_for_log(self._decoded_vote) else: alines, elines = regrights.analyze_vote_for_log(self._decoded_vote) for el in alines: evlog.log(el) for el in elines: evlog.log_error(el) res = None if mobid: res = regrights.check_vote_hes_mobid(self._decoded_vote, conf) else: res = regrights.check_vote_hes(self._decoded_vote, conf) if not res.result: self.error.log_msg = res.error if self.error.user_msg == "": self.error.user_msg = evmessage.EV_ERRORS.TEHNILINE_VIGA self.error.user_code = evcommon.EVOTE_ERROR if not res.cert_is_valid: self.error.user_msg = evmessage.EV_ERRORS.SERTIFIKAAT_ON_AEGUNUD self.error.user_code = evcommon.EVOTE_CERT_ERROR return False ik_ver = regrights.get_personal_code(res.subject) if self._ik != ik_ver: self.error.log_msg = "Autentija (%s) ja allkirjastaja (%s) erinevad" % (self._ik, ik_ver) self.error.user_msg = evmessage.EV_ERRORS.TEHNILINE_VIGA self.error.user_code = evcommon.EVOTE_ERROR return False return True except: self.error.user_msg = evmessage.EV_ERRORS.TEHNILINE_VIGA self.error.user_code = evcommon.EVOTE_ERROR self.error.log_msg = exception_msg.trace() finally: bdocpython.terminate() return False
def __kylm_ennistamine(self, input_list, good_list, bad_list, action_list): for el in input_list: code = el[0] if not self.haaletanud(code): bad_list.append(el) evlog.log_error('Isik koodiga %s ei ole hääletanud' % code) continue user_key = htscommon.get_user_key(code) vc = htscommon.VoteCounter() revoked_key = '' for vote_file in self._reg.list_keys(user_key): if htscommon.VALID_VOTE_PATTERN.match(vote_file): vc.inc_valid() elif htscommon.USERREVOKED_VOTE_PATTERN.match(vote_file): vc.inc_userrevoked() revoked_key = vote_file elif htscommon.AUTOREVOKED_VOTE_PATTERN.match(vote_file): pass elif htscommon.REVOKE_REASON_PATTERN.match(vote_file): pass else: vc.inc_unknown() if ((vc.userrevoked() == 0) or (vc.valid() > 0)): bad_list.append(el) evlog.log_error(\ 'Isik koodiga %s ei ole oma häält tühistanud' % code) continue if (vc.userrevoked() > 1): self._errmsg = 'Serveri andmestruktuurid ei ole kooskõlalised' raise Exception(self._errmsg) if (vc.unknown() > 0): self._errmsg = 'Tundmatu viga häälte tühistamisel' raise Exception(self._errmsg) if (vc.userrevoked() == 1): valid_key = \ htscommon.change_votefile_name(\ revoked_key, htscommon.BVALID) act = ActionInfo() act.set_old_name(self._reg.path(user_key + [revoked_key])) act.set_new_name(self._reg.path(user_key + [valid_key])) act.set_reason_name(self._reg.path(user_key + ['reason'])) act.set_timestamp(htscommon.get_votefile_time(revoked_key)) act.set_code(el[0]) act.set_name(el[1]) act.set_reason(el[2]) good_list.append(el) action_list.append(act)
def __kylm_tyhistamine(self, input_list, good_list, bad_list, action_list): for el in input_list: code = el[0] if not self.haaletanud(code): bad_list.append(el) evlog.log_error('Isik koodiga %s ei ole hääletanud' % code) continue user_key = htscommon.get_user_key(code) vc = htscommon.VoteCounter() valid_key = '' for vote_file in self._reg.list_keys(user_key): if htscommon.VALID_VOTE_PATTERN.match(vote_file): vc.inc_valid() valid_key = vote_file elif htscommon.USERREVOKED_VOTE_PATTERN.match(vote_file): vc.inc_userrevoked() elif htscommon.AUTOREVOKED_VOTE_PATTERN.match(vote_file): pass elif htscommon.REVOKE_REASON_PATTERN.match(vote_file): pass else: vc.inc_unknown() if (vc.valid() > 1): self._errmsg = 'Serveri andmestruktuurid ei ole kooskõlalised' raise Exception(self._errmsg) if ((vc.valid() == 0) or (vc.userrevoked() > 0)): bad_list.append(el) evlog.log_error(\ 'Kasutaja isikukoodiga %s hääl on juba tühistatud' % \ code) if (vc.unknown() > 0): self._errmsg = 'Tundmatu viga häälte tühistamisel' raise Exception(self._errmsg) if (vc.valid() == 1): revoked_key = \ htscommon.change_votefile_name(\ valid_key, htscommon.BUSERREVOKED) act = ActionInfo() act.set_old_name(self._reg.path(user_key + [valid_key])) act.set_new_name(self._reg.path(user_key + [revoked_key])) act.set_reason_name(self._reg.path(user_key)) act.set_timestamp(htscommon.get_votefile_time(valid_key)) act.set_code(el[0]) act.set_name(el[1]) act.set_reason(el[2]) good_list.append(el) action_list.append(act)
def _check_logs(self): log_lines = 0 log_lines = log_lines + self._log4.lines_in_file() log_lines = log_lines + self._log5.lines_in_file() log_lines = log_lines - 6 if log_lines != self.__cnt.count(): errstr = \ "Log4 ja Log5 ridade arv (%d) "\ "ei klapi häälte arvuga (%d)" % \ (log_lines, self.__cnt.count()) evlog.log_error(errstr) return False return True
def _check_logs(self): log_lines = 0 log_lines = log_lines + self._log4.lines_in_file() log_lines = log_lines + self._log5.lines_in_file() # remove header log_lines = log_lines - 6 if log_lines != self.__cnt.count(): errstr = "Log4 ja Log5 ridade arv (%d) "\ "ei klapi häälte arvuga (%d)" % \ (log_lines, self.__cnt.count()) evlog.log_error(errstr) return False return True
def _write_atomic(self, filename, data): tmp_name = filename + '.partial' try: _f = open(tmp_name, 'w') fcntl.lockf(_f, fcntl.LOCK_EX) _f.write(data) _f.flush() os.fsync(_f.fileno()) _f.close() os.rename(tmp_name, filename) except Exception, (errno, errstr): evlog.log_error("Faili '%s' kirjutamine nurjus" % filename) raise Exception(errno, errstr)
def __kylm_tyhistamine(self, input_list, good_list, bad_list, action_list): for el in input_list: code = el[0] if not self.haaletanud(code): bad_list.append(el) evlog.log_error("Isik koodiga %s ei ole hääletanud" % code) continue user_key = htscommon.get_user_key(code) vc = htscommon.VoteCounter() valid_key = "" for vote_file in self._reg.list_keys(user_key): if htscommon.VALID_VOTE_PATTERN.match(vote_file): vc.inc_valid() valid_key = vote_file elif htscommon.USERREVOKED_VOTE_PATTERN.match(vote_file): vc.inc_userrevoked() elif htscommon.AUTOREVOKED_VOTE_PATTERN.match(vote_file): pass elif htscommon.REVOKE_REASON_PATTERN.match(vote_file): pass elif htscommon.VOTE_VERIFICATION_ID_FILENAME == vote_file: pass else: vc.inc_unknown() if vc.valid() > 1: self._errmsg = "Serveri andmestruktuurid ei ole kooskõlalised" raise Exception(self._errmsg) if (vc.valid() == 0) or (vc.userrevoked() > 0): bad_list.append(el) evlog.log_error("Kasutaja isikukoodiga %s hääl on juba tühistatud" % code) if vc.unknown() > 0: self._errmsg = "Tundmatu viga häälte tühistamisel" raise Exception(self._errmsg) if vc.valid() == 1: revoked_key = htscommon.change_votefile_name(valid_key, htscommon.BUSERREVOKED) act = ActionInfo() act.set_old_name(self._reg.path(user_key + [valid_key])) act.set_new_name(self._reg.path(user_key + [revoked_key])) act.set_reason_name(self._reg.path(user_key)) act.set_timestamp(htscommon.get_votefile_time(valid_key)) act.set_code(el[0]) act.set_name(el[1]) act.set_reason(el[2]) good_list.append(el) action_list.append(act)
def get_response(self): import binascii # load a random BDOC from the ones available otp_key = htscommon.get_verification_key(self._vote_id) elids = self._rreg.read_string_value(otp_key, "elids")\ .value.rstrip().split("\t") bdoc = self.__load_bdoc(random.choice(elids)) evlog.log("Sending BDOC %s with vote ID %s for verification" %\ (ksum.votehash(bdoc.get_bytes()), self._vote_id)) # check consistency bdoc_set = set([doc.split(".")[0] for doc in bdoc.documents]) elids_set = set(elids) if bdoc_set != elids_set: evlog.log_error("Votes in BDOC for vote ID %s are inconsistent " \ "with registry: %s, %s" % (self._vote_id, bdoc_set, elids_set)) raise HTSVerifyException, evcommon.VERIFY_ERROR # create question objects questions = [] for elid in elids: questions.append(question.Question(\ elid, "hts", Election().get_sub_reg(elid))) # start assembling the response ret = "" # append questions for quest in questions: ret += quest.qname() + ":" + str(quest.get_type()) + "\t" ret += "\n" # append election IDs and votes for votefile in bdoc.documents: elid = votefile.split(".")[0] ret += elid + "\t" + binascii.b2a_hex( bdoc.documents[votefile]) + "\n" ret += "\n" # append choices list for quest in questions: tv = quest.get_voter(self._voter_code) if tv: ret += quest.choices_to_voter(tv) else: evlog.log_error("Voter not found") self.__decrease_count() return ret
def check_session(self, cert): if not self.__reg.check(self.__key): return evcommon.EVOTE_ERROR, evmessage.EV_ERRORS.SEANSS_PUUDUB start = self.__reg.read_integer_value(self.__key, "start").value length = Election().get_session_length() * 60 if start + length < int(time.time()): return evcommon.EVOTE_ERROR, evmessage.EV_ERRORS.SEANSS_PUUDUB if self.__reg.read_value(self.__key, "cert").value != cert: evlog.log_error('Sertifikaat muutus') return evcommon.EVOTE_CERT_ERROR, evmessage.EV_ERRORS.TEHNILINE_VIGA return evcommon.EVOTE_OK, None
def _at(timestr, command): proc = subprocess.Popen(("at", timestr), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) _, err = proc.communicate(command) if proc.returncode != 0: evlog.log_error(LOG_ERROR_SUBPROCESS % ("at", err)) print UI_ERROR_SUBPROCESS % ("at", err) return None for line in err.splitlines(): if line.startswith("job "): _, job, _ = line.split(None, 2) return int(job)
def get_response(self): import binascii # load a random BDOC from the ones available otp_key = htscommon.get_verification_key(self._vote_id) elids = self._rreg.read_string_value(otp_key, "elids")\ .value.rstrip().split("\t") bdoc = self.__load_bdoc(random.choice(elids)) evlog.log("Sending BDOC %s with vote ID %s for verification" %\ (ksum.votehash(bdoc.get_bytes()), self._vote_id)) # check consistency bdoc_set = set([doc.split(".")[0] for doc in bdoc.documents]) elids_set = set(elids) if bdoc_set != elids_set: evlog.log_error("Votes in BDOC for vote ID %s are inconsistent " \ "with registry: %s, %s" % (self._vote_id, bdoc_set, elids_set)) raise HTSVerifyException, evcommon.VERIFY_ERROR # create question objects questions = [] for elid in elids: questions.append(question.Question(\ elid, "hts", Election().get_sub_reg(elid))) # start assembling the response ret = "" # append questions for quest in questions: ret += quest.qname() + ":" + str(quest.get_type()) + "\t" ret += "\n" # append election IDs and votes for votefile in bdoc.documents: elid = votefile.split(".")[0] ret += elid + "\t" + binascii.b2a_hex(bdoc.documents[votefile]) + "\n" ret += "\n" # append choices list for quest in questions: tv = quest.get_voter(self._voter_code) if tv: ret += quest.choices_to_voter(tv) else: evlog.log_error("Voter not found") self.__decrease_count() return ret
def __poll_auth(self): service = MobileIDService() rsp = service.poll_auth(self.ctx()) if rsp._Status == 'OUTSTANDING_TRANSACTION': return protocol.msg_mobid_poll() if rsp._Status == 'USER_AUTHENTICATED': c1, c2 = self.ctx().verify_challenge(rsp._Signature) if not c1: evlog.log_error(c2) return self.__return_mid_error('Autentimine ebaõnnestus') return self.__get_candidate_list() return self.__return_mid_error(rsp._Status)
def _main(expected, cmd): state = election.ElectionState().get() if state == int(expected): evlog.log(LOG_EXECUTING % cmd) if cmd == COMMAND_START: _execute_start() elif cmd == COMMAND_PREPARE_STOP: _execute_prepare_stop() elif cmd == COMMAND_STOP: _execute_stop() else: evlog.log_error(LOG_ERROR_UNKNOWN % cmd) raise Exception _signal_ui() else: evlog.log_error(LOG_ERROR_STATE % (cmd, state, expected)) _clean_reg(cmd)
def _sign_result(self, pin, input_file): token_name = Election().get_hsm_token_name() priv_key_label = Election().get_hsm_priv_key() pkcs11lib = Election().get_pkcs11_path() args = [input_file, _sig(input_file), \ token_name, priv_key_label, pin, pkcs11lib] exit_code = 0 try: exit_code = subprocess.call([self.sign_prog] + args) except OSError, oserr: errstr = "Tulemuste faili '%s' allkirjastamine nurjus: %s" % \ (input_file, oserr) evlog.log_error(errstr) return False
def init_auth(self, phone): try: evlog.log("Autentimispäring: ALGUS %s" % (phone)) if not ElectionState().election_on(): r1, r2 = ElectionState().election_off_msg() return protocol.msg_error(r1, r2) self.ctx().set_phone(phone) self.ctx().generate_challenge() service = MobileIDService() rsp_cert = service.get_cert(self.ctx()) if not (rsp_cert._SignCertStatus == 'OK'): return self.__return_mid_error(rsp_cert._SignCertStatus) if rsp_cert._AuthCertStatus == 'OK': res, err = cert_ok(rsp_cert._AuthCertData) if not res: evlog.log_error(err) return self.__return_mid_policy_error() else: return self.__return_mid_error(rsp_cert._AuthCertStatus) rsp = service.init_auth(self.ctx()) if rsp._Status == 'OK': self.ctx().save_post_auth(rsp) alog, elog = evlogdata.get_cert_data_log( rsp._CertificateData, 'cand/auth', True) evlog.log('Autentimispäring (%s, %s, %s, %s)' % \ (rsp._UserIDCode, rsp._UserGivenname, \ rsp._UserSurname, rsp._Challenge)) evlog.log(alog) if elog: evlog.log_error(elog) return protocol.msg_mobid_auth_init_ok(\ self.ctx().sessid(), rsp._ChallengeID) return self.__return_mid_error(rsp._Status) except httplib.BadStatusLine, exc: return self.__return_badstatusline_error(exc)
def _decrypt_votes(self, pin): input_file = self._reg.path(['hlr', 'input', 'votes']) token_name = Election().get_hsm_token_name() priv_key_label = Election().get_hsm_priv_key() pkcs11lib = Election().get_pkcs11_path() args = [input_file, self.output_file, \ token_name, priv_key_label, pin, pkcs11lib] exit_code = 0 try: exit_code = subprocess.call([self.decrypt_prog] + args) except OSError, oserr: errstr = "Häälte faili '%s' dekrüpteerimine nurjus: %s" % \ (input_file, oserr) evlog.log_error(errstr) return False
def _revoke_vote_id(voter_code): elec = Election() otps = set() for quest in elec.get_questions(): reg = elec.get_sub_reg(quest) key = htscommon.get_user_key(voter_code) if reg.check(key + [htscommon.VOTE_VERIFICATION_ID_FILENAME]): otp = reg.read_string_value(key, \ htscommon.VOTE_VERIFICATION_ID_FILENAME) otps.add(otp.value) evlog.log("Revoking vote ID %s" % otp) if not _delete_vote_id(otp.value): evlog.log_error("No such vote-ID: %s" % otp) otp.delete() if len(otps) > 1: evlog.log_error("The voter %s had multiple vote ID-s: %s" % \ (voter_code, ", ".join(otps)))
def __load_bdoc(self, elid): voter_key = htscommon.get_user_key(self._voter_code) sreg = Election().get_sub_reg(elid) for votefile in sreg.list_keys(voter_key): if htscommon.VALID_VOTE_PATTERN.match(votefile): bdoc = bdocpythonutils.BDocContainer() bdoc.load(sreg.path(voter_key + [votefile])) bdoc.validate(bdocpythonutils.ManifestProfile("TM")) self._voter = htscommon.get_votefile_voter(votefile) break if not bdoc: evlog.log_error("No valid BDOC found for voter %s using vote ID %s" % \ (self._voter, self._vote_id)) raise HTSVerifyException, evcommon.VERIFY_ERROR return bdoc
def init_auth(self, phone): try: evlog.log("Autentimispäring: ALGUS %s" % (phone)) if not ElectionState().election_on(): r1, r2 = ElectionState().election_off_msg() evlog.log_error('Viga operatsioonil "cand", teade "%s"' % r2) return protocol.msg_error(r1, r2) self.ctx().set_phone(phone) self.ctx().generate_challenge() service = MobileIDService() rsp = service.init_auth(self.ctx()) if rsp._Status == 'OK': rsp._CertificateData = rsp._CertificateData.strip() self.ctx().save_post_auth(rsp) alog, elog = evlogdata.get_cert_data_log( rsp._CertificateData, 'cand/auth', True) evlog.log('Autentimispäring (%s, %s, %s, %s)' % (rsp._UserIDCode, rsp._UserGivenname, rsp._UserSurname, rsp._Challenge)) evlog.log(alog) if elog: evlog.log_error(elog) return protocol.msg_mobid_auth_init_ok(self.ctx().sessid(), rsp._ChallengeID) return self.__return_mid_error(rsp._Status) except httplib.BadStatusLine as exc: return self.__return_badstatusline_error(exc) except ZSI.FaultException as exc: return self.__return_zsi_error(exc) except: return self.__return_exception() finally: evlog.log('Autentimispäring: LÕPP')
def __return_zsi_error(self, exc): fault = "%s" % exc evlog.log_error("Exception: %s" % fault) # 301 comes from MobileAuthenticate # 201 comes from GetMobileCertificate # both mean that the user is not MID client if fault.startswith("301") or fault.startswith("201"): return self.__return_error(evcommon.EVOTE_MID_ERROR, get_mid_text("MID_ERROR_301")) elif fault.startswith("302"): return self.__return_error(evcommon.EVOTE_MID_ERROR, get_mid_text("MID_ERROR_302")) elif fault.startswith("303"): return self.__return_error(evcommon.EVOTE_MID_ERROR, get_mid_text("MID_ERROR_303")) return self.__return_error(evcommon.EVOTE_MID_ERROR, get_mid_text("MID_UNKNOWN_ERROR"))
def __load_bdoc(self, elid): voter_key = htscommon.get_user_key(self._voter_code) sreg = Election().get_sub_reg(elid) vote_files = [] for vfile in sreg.list_keys(voter_key): if htscommon.VALID_VOTE_PATTERN.match(vfile): vote_files.append(vfile) vote_files.sort() latest = vote_files.pop() if latest: bdoc = htsbase.get_vote(sreg.path(voter_key + [latest])) if not bdoc: evlog.log_error("No valid BDOC found for voter %s using vote ID %s" % \ (self._voter_code, self._vote_id)) raise HTSVerifyException, evcommon.VERIFY_ERROR return bdoc
def init_auth(self, phone): try: evlog.log("Autentimispäring: ALGUS %s" % (phone)) if not ElectionState().election_on(): r1, r2 = ElectionState().election_off_msg() evlog.log_error('Viga operatsioonil "cand", teade "%s"' % r2) return protocol.msg_error(r1, r2) self.ctx().set_phone(phone) self.ctx().generate_challenge() service = MobileIDService() rsp = service.init_auth(self.ctx()) if rsp._Status == "OK": rsp._CertificateData = rsp._CertificateData.strip() self.ctx().save_post_auth(rsp) alog, elog = evlogdata.get_cert_data_log(rsp._CertificateData, "cand/auth", True) evlog.log( "Autentimispäring (%s, %s, %s, %s)" % (rsp._UserIDCode, rsp._UserGivenname, rsp._UserSurname, rsp._Challenge) ) evlog.log(alog) if elog: evlog.log_error(elog) return protocol.msg_mobid_auth_init_ok(self.ctx().sessid(), rsp._ChallengeID) return self.__return_mid_error(rsp._Status) except httplib.BadStatusLine as exc: return self.__return_badstatusline_error(exc) except ZSI.FaultException as exc: return self.__return_zsi_error(exc) except: return self.__return_exception() finally: evlog.log("Autentimispäring: LÕPP")
def load_restore(self, input_list, operator): good_list = [] bad_list = [] for el in input_list: code = el[0] if not self.haaletanud(code): bad_list.append(el) evlog.log_error('Isik koodiga %s ei ole hääletanud' % code) continue revoked, reason, _ = self.is_user_revoked(code) if (not revoked): bad_list.append(el) evlog.log_error('Isik koodiga %s ei ole oma häält tühistanud' % code) continue else: self.restore_vote(el, operator) good_list.append(el) return good_list, bad_list
def load_revoke(self, input_list, operator): good_list = [] bad_list = [] for el in input_list: code = el[0] if not self.haaletanud(code): bad_list.append(el) evlog.log_error('Isik koodiga %s ei ole hääletanud' % code) continue revoked, reason, _ = self.is_user_revoked(code) if revoked: bad_list.append(el) evlog.log_error( 'Kasutaja isikukoodiga %s hääl on juba tühistatud' % code) else: # vajalik lugemisele minevate häälte nimistu koostamiseks self.revoke_vote(el, operator) good_list.append(el) return good_list, bad_list
def load_restore(self, input_list, operator): good_list = [] bad_list = [] for el in input_list: code = el[0] if not self.haaletanud(code): bad_list.append(el) evlog.log_error('Isik koodiga %s ei ole hääletanud' % code) continue revoked, reason, _ = self.is_user_revoked(code) if (not revoked): bad_list.append(el) evlog.log_error( 'Isik koodiga %s ei ole oma häält tühistanud' % code) continue else: self.restore_vote(el, operator) good_list.append(el) return good_list, bad_list
def schedule(cmd, tstruct): sched = scheduled(cmd) if sched: job, timestr = sched evlog.log_error(LOG_ERROR_SCHEDULED % (cmd, job, timestr)) print UI_ERROR_SCHEDULED % (cmd, job, timestr) return timestr = time.strftime(TIME_FORMAT, tstruct) job = _at(timestr, "python -m %s %i %s" % (MODULE_AUTOCMD, EXPECTED[cmd], cmd)) if not job: evlog.log_error(LOG_ERROR_SCHEDULE % cmd) print UI_ERROR_SCHEDULE % cmd return reg = evreg.Registry(root=evcommon.EVREG_CONFIG) reg.ensure_key(AUTOCMD_KEY) reg.create_integer_value(AUTOCMD_KEY, _job_value(cmd), job) reg.create_string_value(AUTOCMD_KEY, _time_value(cmd), timestr) evlog.log(LOG_SCHEDULED % (cmd, job, timestr)) print UI_SCHEDULED % (cmd, job, timestr)
def verify_id(self, vote_id): # check if valid vote ID if not formatutil.is_vote_verification_id(vote_id): # We don't know how large vote_id is, so don't write to disk evlog.log_error("Malformed vote ID") raise HTSVerifyException, evcommon.VERIFY_ERROR vote_id = vote_id.lower() otp_key = htscommon.get_verification_key(vote_id) # check if corresponding OTP exists if not self._rreg.check(otp_key): evlog.log_error("No such vote ID: %s" % vote_id) raise HTSVerifyException, evcommon.VERIFY_ERROR self._voter_code = self._rreg.read_string_value(\ otp_key, "voter").value.rstrip() # check if timestamp is OK current = int(time.time()) created = self._rreg.read_integer_value(otp_key, "timestamp").value timeout = Election().get_verification_time() * 60 if created + timeout < current: evlog.log("Vote ID %s has expired" % vote_id) self.__revoke_vote_id() raise HTSVerifyException, evcommon.VERIFY_ERROR # check if count is OK count = self._rreg.read_integer_value(otp_key, "count").value if count <= 0: evlog.log_error("Vote ID %s count is zero, but had not been revoked") self.__revoke_vote_id() raise HTSVerifyException, evcommon.VERIFY_ERROR self._vote_id = vote_id
def get_log_lines(self, root, path): log_lines = [] for vote_file in path: if htscommon.VALID_VOTE_PATTERN.match(vote_file): inzip = None lline = None try: lname = root + '/' + vote_file inzip = zipfile.ZipFile(lname, 'r') lline = inzip.read(htscommon.ZIP_LOGFILE) except: lline = None evlog.log_error("Viga hääle käitlemisel: " + lname) evlog.log_exception() if inzip: inzip.close() if lline: log_lines.append((lline, vote_file)) return log_lines
def talleta_haal(self, **args): # Hääle tühistamisel on põhjuseks # tühistamise põhjustanud hääle räsi haale_rasi = ksum.votehash(args['vote']) self.__tyhista_korduv_haal(args['signercode'], haale_rasi) user_key = htscommon.get_user_key(args['signercode']) self._reg.ensure_key(user_key) voter = args['valija'] vote_file = htscommon.valid_votefile_name(args['timestamp'], voter) user_key.append(vote_file) filename = self._reg.path(user_key) try: _f = file(filename, 'w') fcntl.lockf(_f, fcntl.LOCK_EX) _f.write(args['signedvote']) _f.flush() _f.close() except Exception, (errno, errstr): evlog.log_error("Faili '%s' kirjutamine nurjus" % filename) raise Exception(errno, errstr)
def __talleta(self, binvote): store = HTSStore() new_otp = False try: store.verify_vote(binvote) evlog.log('Hääle allkirjastaja: %s' % store.signercode) store.extract_questions() store.create_actions() store.revoke_vote_id() vote_id = store.issue_vote_id() evlog.log("Issued vote ID %s to %s for BDOC %s" % \ (vote_id, store.signercode, ksum.votehash(store.signed_vote))) new_otp = True store.store_votes() except HTSStoreException as e: evlog.log_error(store.log_msg) if new_otp: store.revoke_vote_id() return e.ret, store.user_msg return evcommon.EVOTE_OK, vote_id
def init_auth(self, phone): try: evlog.log("Autentimispäring: ALGUS %s" % (phone)) if not ElectionState().election_on(): r1, r2 = ElectionState().election_off_msg() return protocol.msg_error(r1, r2) self.ctx().set_phone(phone) self.ctx().generate_challenge() service = MobileIDService() rsp_cert = service.get_cert(self.ctx()) if not (rsp_cert._SignCertStatus == 'OK'): return self.__return_mid_error(rsp_cert._SignCertStatus) if rsp_cert._AuthCertStatus == 'OK': res, err = cert_ok(rsp_cert._AuthCertData) if not res: evlog.log_error(err) return self.__return_mid_policy_error() else: return self.__return_mid_error(rsp_cert._AuthCertStatus) rsp = service.init_auth(self.ctx()) if rsp._Status == 'OK': self.ctx().save_post_auth(rsp) evlog.log('Autentimispäring (%s, %s, %s, %s)' % \ (rsp._UserIDCode, rsp._UserGivenname, \ rsp._UserSurname, rsp._Challenge)) return protocol.msg_mobid_auth_init_ok(\ self.ctx().sessid(), rsp._ChallengeID) return self.__return_mid_error(rsp._Status) except httplib.BadStatusLine, exc: return self.__return_badstatusline_error(exc)
def __return_zsi_error(self, exc): fault = "%s" % exc evlog.log_error("Exception: %s" % fault) # 301 comes from MobileAuthenticate # 201 comes from GetMobileCertificate # both mean that the user is not MID client if fault.startswith('301') or fault.startswith('201'): return self.__return_error(evcommon.EVOTE_MID_ERROR, get_mid_text('MID_ERROR_301')) elif fault.startswith('302'): return self.__return_error(evcommon.EVOTE_MID_ERROR, get_mid_text('MID_ERROR_302')) elif fault.startswith('303'): return self.__return_error(evcommon.EVOTE_MID_ERROR, get_mid_text('MID_ERROR_303')) return self.__return_error(evcommon.EVOTE_MID_ERROR, get_mid_text('MID_UNKNOWN_ERROR'))
def do_cgi(): try: elec = election.Election() evlog.AppLog().set_app(APP) # Create a list of pairs from the form parameters. Don't use a dictionary # because that will overwrite recurring keys. form = cgi.FieldStorage() params = [] for key in form: for value in form.getlist(key): params.append((key, value)) # Only accept up to a single parameter if len(params) > 1: def keys(pairs): """Return a comma-separated list of the keys.""" return ", ".join([pair[0] for pair in pairs]) evlog.log_error("Too many query parameters: " + keys(params)) bad_parameters() return # Only accept the POST_VERIFY_VOTE parameter. if len(params) and params[0][0] != evcommon.POST_VERIFY_VOTE: evlog.log_error('Unknown query parameter "%s"' % params[0][0]) bad_parameters() return # Make sure the parameter is correctly formatted. if not formatutil.is_vote_verification_id(params[0][1]): # Don't write to disk; we don't know how large the value is evlog.log_error("Malformed vote ID") bad_parameters() return evlog.log("verif/auth REMOTE_ADDR: " + evlogdata.get_remote_ip()) evlog.log("verif/auth VOTE-ID: " + params[0][1]) params.append((evcommon.POST_SESS_ID, sessionid.voting())) url = "http://" + elec.get_hts_ip() + "/" + elec.get_hts_verify_path() conn = urllib.urlopen(url, urllib.urlencode(params)) protocol.http_response(conn.read()) except: evlog.log_exception() technical_error()
def do_cgi(): try: elec = election.Election() evlog.AppLog().set_app(APP) # Create a list of pairs from the form parameters. Don't use a dictionary # because that will overwrite recurring keys. form = cgi.FieldStorage() params = [] for key in form: for value in form.getlist(key): params.append((key, value)) # Only accept up to a single parameter if len(params) > 1: def keys(pairs): """Return a comma-separated list of the keys.""" return ", ".join([pair[0] for pair in pairs]) evlog.log_error("Too many query parameters: " + keys(params)) bad_parameters() return # Only accept the POST_VERIFY_VOTE parameter. if len(params) and params[0][0] != evcommon.POST_VERIFY_VOTE: evlog.log_error("Unknown query parameter \"%s\"" % params[0][0]) bad_parameters() return # Make sure the parameter is correctly formatted. if not formatutil.is_vote_verification_id(params[0][1]): # Don't write to disk; we don't know how large the value is evlog.log_error("Malformed vote ID") bad_parameters() return evlog.log("verif/auth REMOTE_ADDR: " + evlogdata.get_remote_ip()) evlog.log("verif/auth VOTE-ID: " + params[0][1]) params.append((evcommon.POST_SESS_ID, sessionid.voting())) url = "http://" + elec.get_hts_ip() + "/" + elec.get_hts_verify_path() conn = urllib.urlopen(url, urllib.urlencode(params)) protocol.http_response(conn.read()) except: evlog.log_exception() technical_error()
def _decrypt_votes(self, pin): input_file = self._reg.path(['hlr', 'input', 'votes']) token_name = Election().get_hsm_token_name() priv_key_label = Election().get_hsm_priv_key() pkcs11lib = Election().get_pkcs11_path() args = [input_file, self.output_file, token_name, priv_key_label, pin, pkcs11lib] exit_code = 0 try: exit_code = subprocess.call([self.decrypt_prog] + args) except OSError as oserr: errstr = "Häälte faili '%s' dekrüpteerimine nurjus: %s" % \ (input_file, oserr) evlog.log_error(errstr) return False if exit_code == 0: return True if exit_code > 0: errstr2 = "Tundmatu viga" if exit_code in G_DECRYPT_ERRORS: errstr2 = G_DECRYPT_ERRORS[exit_code] errstr = \ "Häälte faili '%s' dekrüpteerimine nurjus: %s (kood %d)" % \ (input_file, errstr2, exit_code) evlog.log_error(errstr) return False errstr = "Häälte faili '%s' dekrüpteerimine nurjus (signaal %d)" % \ (input_file, exit_code) evlog.log_error(errstr) return False
def _decrypt_votes(self, pin): input_file = self._reg.path(['hlr', 'input', 'votes']) token_name = Election().get_hsm_token_name() priv_key_label = Election().get_hsm_priv_key() pkcs11lib = Election().get_pkcs11_path() args = [ input_file, self.output_file, token_name, priv_key_label, pin, pkcs11lib ] exit_code = 0 try: exit_code = subprocess.call([self.decrypt_prog] + args) except OSError as oserr: errstr = "Häälte faili '%s' dekrüpteerimine nurjus: %s" % \ (input_file, oserr) evlog.log_error(errstr) return False if exit_code == 0: return True if exit_code > 0: errstr2 = "Tundmatu viga" if exit_code in G_DECRYPT_ERRORS: errstr2 = G_DECRYPT_ERRORS[exit_code] errstr = \ "Häälte faili '%s' dekrüpteerimine nurjus: %s (kood %d)" % \ (input_file, errstr2, exit_code) evlog.log_error(errstr) return False errstr = "Häälte faili '%s' dekrüpteerimine nurjus (signaal %d)" % \ (input_file, exit_code) evlog.log_error(errstr) return False
def _sign_result(self, pin, input_file): token_name = Election().get_hsm_token_name() priv_key_label = Election().get_hsm_priv_key() pkcs11lib = Election().get_pkcs11_path() args = [ input_file, _sig(input_file), token_name, priv_key_label, pin, pkcs11lib ] exit_code = 0 try: exit_code = subprocess.call([self.sign_prog] + args) except OSError as oserr: errstr = "Tulemuste faili '%s' allkirjastamine nurjus: %s" % \ (input_file, oserr) evlog.log_error(errstr) return False if exit_code == 0: return True if exit_code > 0: errstr2 = "Tundmatu viga" if exit_code in G_SIGN_ERRORS: errstr2 = G_SIGN_ERRORS[exit_code] errstr = \ "Tulemuste faili '%s' allkirjastamine nurjus: %s (kood %d)" % \ (input_file, errstr2, exit_code) evlog.log_error(errstr) return False errstr = "Tulemuste faili '%s' allkirjastamine nurjus (signaal %d)" % \ (input_file, exit_code) evlog.log_error(errstr) return False
def check_vote(self, mobid): try: bdocpython.initialize() conf = bdocconfig.BDocConfig() conf.load(Election().get_bdoc_conf()) alines = [] elines = [] if mobid: alines, elines = \ regrights.analyze_signature_for_log(self._decoded_vote) else: alines, elines = \ regrights.analyze_vote_for_log(self._decoded_vote) for el in alines: evlog.log(el) for el in elines: evlog.log_error(el) res = None if mobid: res = regrights.check_vote_hes_mobid(self._decoded_vote, conf) else: res = regrights.check_vote_hes(self._decoded_vote, conf) if not res.result: self.error.log_msg = res.error if self.error.user_msg == '': self.error.user_msg = evmessage.EV_ERRORS.TEHNILINE_VIGA self.error.user_code = evcommon.EVOTE_ERROR if not res.cert_is_valid: self.error.user_msg =\ evmessage.EV_ERRORS.SERTIFIKAAT_ON_AEGUNUD self.error.user_code = evcommon.EVOTE_CERT_ERROR return False ik_ver = regrights.get_personal_code(res.subject) if self._ik != ik_ver: self.error.log_msg = \ 'Autentija (%s) ja allkirjastaja (%s) erinevad' % \ (self._ik, ik_ver) self.error.user_msg = \ evmessage.EV_ERRORS.TEHNILINE_VIGA self.error.user_code = evcommon.EVOTE_ERROR return False return True except: self.error.user_msg = evmessage.EV_ERRORS.TEHNILINE_VIGA self.error.user_code = evcommon.EVOTE_ERROR self.error.log_msg = exception_msg.trace() finally: bdocpython.terminate() return False