def Valid(self, raise_signature_invalid=False):
"""
``Valid()`` should check every one of packet header fields: 1) that
command is one of the legal commands 2) signature is good (which means
the hashcode is good) Rest PREPRO: 3) all the number fields are just
numbers 4) length is within legal limits 5) check that URL is a good
URL 6) that DataOrParity is either "data" or "parity" 7) that Creator
is equal to owner or a scrubber for owner 8) etc.
"""
if not self.Ready():
if _Debug:
lg.out(_DebugLevel,
"signed.Valid packet is not ready yet " + str(self))
return False
if not commands.IsCommand(self.Command):
lg.warn("signed.Valid bad Command " + str(self.Command))
return False
if not self.SignatureChecksOut(
raise_signature_invalid=raise_signature_invalid):
if raise_signature_invalid:
creator_xml = contactsdb.get_contact_identity(self.CreatorID)
if creator_xml:
creator_xml = creator_xml.serialize(as_text=True)
owner_xml = contactsdb.get_contact_identity(self.OwnerID)
if owner_xml:
owner_xml = owner_xml.serialize(as_text=True)
raise Exception(
'signature is not valid for %r:\n\n%r\n\ncreator:\n\n%r\n\nowner:\n\n%r'
% (self, self.Serialize(), creator_xml, owner_xml))
lg.warn("signed.Valid Signature IS NOT VALID!!!")
return False
return True
def _on_remote_identity_cached(self, xmlsrc):
self.caching_deferred = None
self.remote_identity = contactsdb.get_contact_identity(self.remote_idurl)
if self.remote_identity is None:
self.automat('fail', Exception('remote id caching failed'))
else:
self.automat('user-identity-cached')
def _on_remote_identity_cached(self, xmlsrc):
self.remote_identity = contactsdb.get_contact_identity(self.remote_idurl)
if self.remote_identity is None:
self.automat('failed')
else:
self.automat('remote-identity-on-hand')
return xmlsrc
def _remote_identity_cached(self, xmlsrc):
self.caching_deferred = None
self.remote_identity = contactsdb.get_contact_identity(self.remote_idurl)
if self.remote_identity is None:
self.automat("failed")
else:
self.automat("remote-identity-on-hand")
def _remote_identity_cached(self, xmlsrc):
self.caching_deferred = None
self.remote_identity = contactsdb.get_contact_identity(
self.remote_idurl)
if self.remote_identity is None:
self.automat('failed')
else:
self.automat('remote-identity-on-hand')
def SignatureChecksOut(self):
"""
This check correctness of signature, uses ``crypt.key.Verify``. To
verify we need 3 things:
- the packet ``Creator`` identity ( it keeps the public key ),
- hash of that packet - just call ``GenerateHash()`` to make it,
- the signature itself.
"""
CreatorIdentity = contactsdb.get_contact_identity(self.CreatorID)
if CreatorIdentity is None:
OwnerIdentity = contactsdb.get_contact_identity(self.OwnerID)
if OwnerIdentity is None:
lg.out(1, "signed.SignatureChecksOut ERROR could not get Identity for " + self.CreatorID + " so returning False")
return False
CreatorIdentity = OwnerIdentity
Result = key.Verify(CreatorIdentity, self.GenerateHash(), self.Signature)
return Result
def Valid(self):
"""
Validate signature to verify the ``encrypted_block``.
"""
if not self.Ready():
lg.warn("block is not ready yet " + str(self))
return False
hashsrc = self.GenerateHash()
ConIdentity = contactsdb.get_contact_identity(my_id.getLocalID())
if ConIdentity is None:
lg.warn("could not get Identity so returning False")
return False
result = key.Verify(ConIdentity, hashsrc, self.Signature) # At block level only work on own stuff
return result
def SignatureChecksOut(self, raise_signature_invalid=False):
"""
This check correctness of signature, uses ``crypt.key.Verify``. To
verify we need 3 things:
- the packet ``Creator`` identity ( it keeps the public key ),
- hash of that packet - just call ``GenerateHash()`` to make it,
- the signature itself.
"""
CreatorIdentity = contactsdb.get_contact_identity(self.CreatorID)
if CreatorIdentity is None:
# OwnerIdentity = contactsdb.get_contact_identity(self.OwnerID)
# if OwnerIdentity is None:
# lg.err("could not get Identity for %s so returning False" % self.CreatorID.to_text())
# return False
# CreatorIdentity = OwnerIdentity
if raise_signature_invalid:
raise Exception(
'can not verify signed packet, unknown identity %r' %
self.CreatorID)
lg.err("could not get Identity for %r so returning False" %
self.CreatorID)
return False
# if _Debug:
# if _LogSignVerify:
# try:
# from main import settings
# try:
# from Cryptodome.Util import number
# except:
# from Crypto.Util import number # @UnresolvedImport @Reimport
# open(os.path.join(settings.LogsDir(), 'crypt.log'), 'wb').write(b'\SignatureChecksOut:\n' + strng.to_bin(number.long_to_bytes(self.Signature)) + b'\n\n')
# except:
# lg.exc()
Result = key.Verify(CreatorIdentity, self.GenerateHash(),
self.Signature)
# if _Debug:
# if _LogSignVerify:
# try:
# from main import settings
# open(os.path.join(settings.LogsDir(), 'crypt.log'), 'wb').write(b'\Result:' + strng.to_bin(str(Result)) + b'\n\n')
# except:
# lg.exc()
return Result
def Valid(self):
"""
Validate signature to verify the ``encrypted_block``.
"""
if not self.Ready():
# lg.warn("block is not ready yet " + str(self))
lg.warn("block is not ready yet " + str(self))
return False
hashsrc = self.GenerateHash()
ConIdentity = contactsdb.get_contact_identity(my_id.getLocalID())
if ConIdentity is None:
lg.warn("could not get Identity so returning False")
return False
result = key.Verify(ConIdentity, hashsrc, self.Signature) # At block level only work on own stuff
return result
def SignatureChecksOut(self):
"""
This check correctness of signature, uses ``crypt.key.Verify``. To
verify we need 3 things:
- the packet ``Creator`` identity ( it keeps the public key ),
- hash of that packet - just call ``GenerateHash()`` to make it,
- the signature itself.
"""
ConIdentity = contactsdb.get_contact_identity(self.CreatorID)
if ConIdentity is None:
lg.out(1, "signed.SignatureChecksOut ERROR could not get Identity for " + self.CreatorID + " so returning False")
return False
Result = key.Verify(ConIdentity, self.GenerateHash(), self.Signature)
return Result
def init(self):
"""
Method to initialize additional variables and flags at creation of the
state machine.
"""
self.log_events = True
self.error_message = None
self.time = time.time()
self.description = self.outpacket.Command + "(" + self.outpacket.PacketID + ")"
self.payloadsize = len(self.outpacket.Payload)
if not self.remote_idurl:
self.remote_idurl = correct_packet_destination(self.outpacket)
self.remote_identity = contactsdb.get_contact_identity(self.remote_idurl)
self.packetdata = None
self.filename = None
self.filesize = None
self.items = []
self.results = []
self.response_packet = None
self.response_info = None
self.timeout = None # 300 # settings.SendTimeOut() * 3
def init(self):
"""
Method to initialize additional variables and flags at creation of the
state machine.
"""
self.log_events = True
self.error_message = None
self.time = time.time()
self.description = self.outpacket.Command + '(' + self.outpacket.PacketID + ')'
self.payloadsize = len(self.outpacket.Payload)
if not self.remote_idurl:
self.remote_idurl = correct_packet_destination(self.outpacket)
self.remote_identity = contactsdb.get_contact_identity(
self.remote_idurl)
self.packetdata = None
self.filename = None
self.filesize = None
self.items = []
self.results = []
self.response_packet = None
self.response_info = None
self.timeout = None # 300 # settings.SendTimeOut() * 3
def _remote_identity_cached(self, xmlsrc, arg):
sender_identity = contactsdb.get_contact_identity(self.sender_idurl)
if sender_identity is None:
self.automat("failed")
else:
self.automat("remote-id-cached", arg)
