def _do_open_known_shares(self):
from crypt import my_keys
from access import shared_access_coordinator
from storage import backup_fs
known_offline_shares = []
for key_id in my_keys.known_keys():
if not key_id.startswith('share_'):
continue
active_share = shared_access_coordinator.get_active_share(key_id)
if active_share:
continue
known_offline_shares.append(key_id)
to_be_opened = []
for pathID, localPath, itemInfo in backup_fs.IterateIDs():
if not itemInfo.key_id:
continue
if itemInfo.key_id in to_be_opened:
continue
if itemInfo.key_id not in known_offline_shares:
continue
to_be_opened.append(itemInfo.key_id)
for key_id in to_be_opened:
active_share = shared_access_coordinator.SharedAccessCoordinator(
key_id,
log_events=True,
publish_events=False,
)
active_share.automat('restart')
def doBackupKeys(self, *args, **kwargs):
"""
Action method.
"""
for old_key_id in list(self.keys_to_rename.keys()):
new_key_id, is_private = self.keys_to_rename[old_key_id]
if old_key_id in self.stored_keys and new_key_id not in self.stored_keys:
self.keys_to_upload.add(new_key_id)
if new_key_id in self.stored_keys and old_key_id in self.stored_keys:
self.keys_to_erase[old_key_id] = is_private
for key_id in my_keys.known_keys().keys():
if key_id not in self.stored_keys or key_id in self.not_stored_keys:
self.keys_to_upload.add(key_id)
keys_saved = []
for key_id in self.keys_to_upload:
res = key_ring.do_backup_key(key_id)
keys_saved.append(res)
self.saved_count += 1
if _Debug:
lg.args(_DebugLevel, keys_saved=len(keys_saved))
wait_all_saved = DeferredList(keys_saved,
fireOnOneErrback=False,
consumeErrors=True)
wait_all_saved.addCallback(lambda ok: self.automat('backup-ok', ok))
wait_all_saved.addErrback(lambda err: self.automat('error', err))
def doCleanKeys(self, *args, **kwargs):
"""
Action method.
"""
keys_deleted = []
for key_id, is_private in self.stored_keys.items():
latest_key_id = my_keys.latest_key_id(key_id)
if key_id not in my_keys.known_keys() and latest_key_id not in my_keys.known_keys():
self.keys_to_erase[key_id] = is_private
for key_id, is_private in self.keys_to_erase.items():
res = key_ring.do_delete_key(key_id, is_private)
keys_deleted.append(res)
self.deleted_count += 1
if _Debug:
lg.args(_DebugLevel, restored=self.restored_count, saved=self.saved_count, deleted=self.deleted_count)
self.automat('clean-ok')
def _do_open_known_shares(self):
from crypt import my_keys
from main import listeners
from access import shared_access_coordinator
from storage import backup_fs
known_offline_shares = []
for key_id in my_keys.known_keys():
if not key_id.startswith('share_'):
continue
active_share = shared_access_coordinator.get_active_share(key_id)
if active_share:
continue
known_offline_shares.append(key_id)
to_be_opened = []
for _, _, itemInfo in backup_fs.IterateIDs():
if not itemInfo.key_id:
continue
if itemInfo.key_id in to_be_opened:
continue
if itemInfo.key_id not in known_offline_shares:
continue
to_be_opened.append(itemInfo.key_id)
for key_id in to_be_opened:
active_share = shared_access_coordinator.SharedAccessCoordinator(key_id, log_events=True, publish_events=False, )
active_share.automat('restart')
if listeners.is_populate_requered('shared_file'):
listeners.populate_later().remove('shared_file')
backup_fs.populate_shared_files(key_id=key_id)
def transfer_private_key(key_id, idurl):
if _Debug:
lg.out(_DebugLevel,
'key_ring.transfer_private_key %s -> %s' % (key_id, idurl))
result = Deferred()
recipient_id_obj = identitycache.FromCache(idurl)
if not recipient_id_obj:
lg.warn('not found "%s" in identity cache' % idurl)
result.errback(Exception('not found "%s" in identity cache' % idurl))
return result
key_alias, creator_idurl = my_keys.split_key_id(key_id)
if not key_alias or not creator_idurl:
lg.warn('wrong key_id')
result.errback(Exception('wrong key_id'))
return result
key_object = my_keys.known_keys().get(key_id)
if key_object is None:
lg.warn('unknown key: "%s"' % key_id)
result.errback(Exception('unknown key: "%s"' % key_id))
return result
key_json = {
'key_id': key_id,
'alias': key_alias,
'creator': creator_idurl,
'fingerprint': str(key_object.fingerprint()),
'type': str(key_object.type()),
'ssh_type': str(key_object.sshType()),
'size': str(key_object.size()),
'public': str(key_object.public().toString('openssh')),
'private': str(key_object.toString('openssh')),
}
key_data = json.dumps(key_json)
block = encrypted.Block(
BackupID=key_id,
Data=key_data,
SessionKey=key.NewSessionKey(),
# encrypt data using public key of recipient
EncryptKey=lambda inp: recipient_id_obj.encrypt(inp),
)
encrypted_key_data = block.Serialize()
p2p_service.SendKey(
remote_idurl=recipient_id_obj.getIDURL(),
encrypted_key_data=encrypted_key_data,
packet_id=key_id,
callbacks={
commands.Ack():
lambda response, info: result.callback(response),
commands.Fail():
lambda response, info: result.errback(Exception(response)),
},
)
return result
def transfer_key(key_id, trusted_idurl, include_private=False, timeout=10, result=None):
if _Debug:
lg.out(_DebugLevel, 'key_ring.transfer_key %s -> %s' % (key_id, trusted_idurl))
if not result:
result = Deferred()
recipient_id_obj = identitycache.FromCache(trusted_idurl)
if not recipient_id_obj:
lg.warn('not found "%s" in identity cache' % trusted_idurl)
result.errback(Exception('not found "%s" in identity cache' % trusted_idurl))
return result
key_alias, creator_idurl = my_keys.split_key_id(key_id)
if not key_alias or not creator_idurl:
lg.warn('wrong key_id')
result.errback(Exception('wrong key_id'))
return result
key_object = my_keys.known_keys().get(key_id)
if key_object is None:
lg.warn('unknown key: "%s"' % key_id)
result.errback(Exception('unknown key: "%s"' % key_id))
return result
try:
key_json = my_keys.make_key_info(key_object, key_id=key_id, include_private=include_private)
except Exception as exc:
lg.exc()
result.errback(exc)
return result
key_data = serialization.DictToBytes(key_json, values_to_text=True)
block = encrypted.Block(
BackupID=key_id,
Data=key_data,
SessionKey=key.NewSessionKey(),
# encrypt data using public key of recipient
EncryptKey=lambda inp: recipient_id_obj.encrypt(inp),
)
encrypted_key_data = block.Serialize()
p2p_service.SendKey(
remote_idurl=recipient_id_obj.getIDURL(),
encrypted_key_data=encrypted_key_data,
packet_id=key_id,
callbacks={
commands.Ack(): lambda response, info: _on_transfer_key_response(response, info, key_id, result),
commands.Fail(): lambda response, info: _on_transfer_key_response(response, info, key_id, result),
# commands.Ack(): lambda response, info: result.callback(response),
# commands.Fail(): lambda response, info: result.errback(Exception(response)),
None: lambda pkt_out: _on_transfer_key_response(None, None, key_id, result),
},
timeout=timeout,
)
return result
def check_rename_my_keys():
"""
Make sure all my keys have correct names according to known latest identities I have cached.
For every key checks corresponding IDURL info and decides to rename it if key owner's identity was rotated.
"""
keys_to_be_renamed = {}
for key_id in list(my_keys.known_keys().keys()):
key_glob_id = global_id.ParseGlobalID(key_id)
owner_idurl = key_glob_id['idurl']
if not owner_idurl.is_latest():
keys_to_be_renamed[key_id] = global_id.MakeGlobalID(
idurl=owner_idurl.to_bin(),
key_alias=key_glob_id['key_alias'],
)
for current_key_id, new_key_id in keys_to_be_renamed.items():
my_keys.rename_key(current_key_id, new_key_id)
def _on_supplier_modified(self, evt):
from access import key_ring
from crypt import my_keys
from userid import global_id
from userid import my_id
if evt.data['new_idurl']:
my_keys_to_be_republished = []
for key_id in my_keys.known_keys():
if not key_id.startswith('share_'):
continue
_glob_id = global_id.ParseGlobalID(key_id)
if _glob_id['idurl'] == my_id.getLocalIDURL():
my_keys_to_be_republished.append(key_id)
for key_id in my_keys_to_be_republished:
key_ring.transfer_key(key_id,
trusted_idurl=evt.data['new_idurl'],
include_private=False)
def _on_supplier_modified(self, evt):
from logs import lg
from access import key_ring
from crypt import my_keys
from userid import global_id
from userid import my_id
if evt.data['new_idurl']:
my_keys_to_be_republished = []
for key_id in my_keys.known_keys():
if not key_id.startswith('group_'):
continue
_glob_id = global_id.ParseGlobalID(key_id)
if _glob_id['idurl'] == my_id.getIDURL():
# only send public keys of my own groups
my_keys_to_be_republished.append(key_id)
for group_key_id in my_keys_to_be_republished:
d = key_ring.transfer_key(group_key_id, trusted_idurl=evt.data['new_idurl'], include_private=False, include_signature=False)
d.addErrback(lambda *a: lg.err('transfer key failed: %s' % str(*a)))
def start_message_producers():
started = 0
for key_id in my_keys.known_keys().keys():
# if not key_id.startswith('person$'):
# continue
group_key_id = key_id
existing_message_producer = get_active_message_producer(group_key_id)
if not existing_message_producer:
existing_message_producer = MessageProducer(group_key_id)
existing_message_producer.automat('init')
if existing_message_producer.state in [
'DHT_READ?',
'BROKER?',
'CONNECTED',
]:
continue
existing_message_producer.automat('connect')
started += 1
return started
