async def authenticate_message(request, message_tree, message_payload, fingerprint_lookup): if request.secure and 'ven_id' in message_payload: print("Getting cert fingerprint from request") connection_fingerprint = utils.get_cert_fingerprint_from_request( request) print("Checking cert fingerprint") if connection_fingerprint is None: msg = ( "Your request must use a client side SSL certificate, of which the " "fingerprint must match the fingerprint that you have given to this VTN" ) raise errors.NotRegisteredOrAuthorizedError(msg) try: ven_id = message_payload.get('ven_id') expected_fingerprint = fingerprint_lookup(ven_id) if iscoroutine(expected_fingerprint): expected_fingerprint = await expected_fingerprint except ValueError: msg = ( f"Your venID {ven_id} is not known to this VTN. Make sure you use the venID " "that you receive from this VTN during the registration step") raise errors.NotRegisteredOrAuthorizedError(msg) if expected_fingerprint is None: msg = ( "This VTN server does not know what your certificate fingerprint is. Please " "deliver your fingerprint to the VTN (outside of OpenADR). You used the " "following fingerprint to make this request:") raise errors.NotRegisteredOrAuthorizedError(msg) print("Checking connection fingerprint") if connection_fingerprint != expected_fingerprint: msg = ( f"The fingerprint of your HTTPS certificate {connection_fingerprint} " f"does not match the expected fingerprint {expected_fingerprint}" ) raise errors.NotRegisteredOrAuthorizedError(msg) print("Checking message fingerprint") message_cert = utils.extract_pem_cert(message_tree) message_fingerprint = utils.certificate_fingerprint(message_cert) if message_fingerprint != expected_fingerprint: msg = ( f"The fingerprint of the certificate used to sign the message " f"{message_fingerprint} did not match the fingerprint that this " f"VTN has for you {expected_fingerprint}. Make sure you use the correct " "certificate to sign your messages.") raise errors.NotRegisteredOrAuthorizedError(msg) print("Validating XML signature") try: validate_xml_signature(message_tree) except ValueError: msg = ( "The message signature did not match the message contents. Please make sure " "you are using the correct XMLDSig algorithm and C14n canonicalization." ) raise errors.NotRegisteredOrAuthorizedError(msg)
def show_fingerprint(): parser = ArgumentParser() parser.add_argument('certificate', type=str) args = parser.parse_args() if 'certificate' in args: with open(args.certificate) as file: cert_str = file.read() print(certificate_fingerprint(cert_str))
def test_fingerprint_cmdline(): cert_path = os.path.join('certificates', 'dummy_ven.crt') with open(cert_path) as file: cert_str = file.read() fingerprint = utils.certificate_fingerprint(cert_str) if sys.platform.startswith('linux') or sys.platform.startswith('darwin'): executable = os.path.join(sys.prefix, 'bin', 'fingerprint') elif sys.platform.startswith('win'): executable = os.path.join(sys.prefix, 'Scripts', 'fingerprint.exe') result = subprocess.run([executable, cert_path], stdout=subprocess.PIPE) assert fingerprint == result.stdout.decode('utf-8').strip()
def validate_xml_signature(xml_tree, cert_fingerprint=None): """ Validate the XMLDSIG signature and the ReplayProtect element. """ cert = utils.extract_pem_cert(xml_tree) if cert_fingerprint: fingerprint = utils.certificate_fingerprint(cert) if fingerprint != cert_fingerprint: raise errors.FingerprintMismatch("The certificate fingerprint was incorrect. " f"Expected: {cert_fingerprint};" f"Received: {fingerprint}") VERIFIER.verify(xml_tree, x509_cert=utils.ensure_bytes(cert), expect_references=2) _verify_replay_protect(xml_tree)
async def test_create_party_registration_with_signatures( start_server_with_signatures): with open(CERTFILE) as file: cert = file.read() client = OpenADRClient( ven_name=VEN_NAME, vtn_url=f"http://localhost:{SERVER_PORT}/OpenADR2/Simple/2.0b", cert=CERTFILE, key=KEYFILE, vtn_fingerprint=certificate_fingerprint(cert)) response_type, response_payload = await client.create_party_registration() assert response_type == 'oadrCreatedPartyRegistration' assert response_payload['ven_id'] == VEN_ID await client.stop()
def fingerprint_lookup(ven_id): with open(CERTFILE) as file: cert = file.read() return certificate_fingerprint(cert)
from openleadr import OpenADRServer, OpenADRClient, enable_default_logging from openleadr.utils import certificate_fingerprint from openleadr import errors from async_timeout import timeout enable_default_logging() CA_CERT = os.path.join(os.path.dirname(os.path.dirname(__file__)), 'certificates', 'dummy_ca.crt') VTN_CERT = os.path.join(os.path.dirname(os.path.dirname(__file__)), 'certificates', 'dummy_vtn.crt') VTN_KEY = os.path.join(os.path.dirname(os.path.dirname(__file__)), 'certificates', 'dummy_vtn.key') VEN_CERT = os.path.join(os.path.dirname(os.path.dirname(__file__)), 'certificates', 'dummy_ven.crt') VEN_KEY = os.path.join(os.path.dirname(os.path.dirname(__file__)), 'certificates', 'dummy_ven.key') with open(VEN_CERT) as file: ven_fingerprint = certificate_fingerprint(file.read()) with open(VTN_CERT) as file: vtn_fingerprint = certificate_fingerprint(file.read()) async def lookup_fingerprint(ven_id): return ven_fingerprint async def on_create_party_registration(payload, future): if payload['fingerprint'] != ven_fingerprint: raise errors.FingerprintMismatch("The fingerprint of your TLS connection does not match the expected fingerprint. Your VEN is not allowed to register.") else: future.set_result(True) return 'ven1234', 'reg5678' @pytest.mark.asyncio
VEN_ID = '1234abcd' VTN_ID = "TestVTN" VEN_CERT = os.path.join(os.path.dirname(os.path.dirname(__file__)), "certificates", "dummy_ven.crt") VEN_KEY = os.path.join(os.path.dirname(os.path.dirname(__file__)), "certificates", "dummy_ven.key") VTN_CERT = os.path.join(os.path.dirname(os.path.dirname(__file__)), "certificates", "dummy_vtn.crt") VTN_KEY = os.path.join(os.path.dirname(os.path.dirname(__file__)), "certificates", "dummy_vtn.key") CA_FILE = os.path.join(os.path.dirname(os.path.dirname(__file__)), "certificates", "dummy_ca.crt") with open(VEN_CERT) as file: VEN_FINGERPRINT = certificate_fingerprint(file.read()) with open(VTN_CERT) as file: VTN_FINGERPRINT = certificate_fingerprint(file.read()) async def _on_create_party_registration(payload): registration_id = generate_id() payload = { 'response': { 'response_code': 200, 'response_description': 'OK', 'request_id': payload['request_id'] }, 'ven_id': VEN_ID,