def wrap_fake(self, key, bitsize, cek, headers, point_x, point_y, aes_key):
self._check_key(key)
dk_size = self.keysize
if self.keysize is None:
if cek is not None:
raise InvalidJWEOperation('ECDH-ES cannot use an existing CEK')
alg = headers['enc']
dk_size = bitsize
else:
alg = headers['alg']
epk = JWK.generate(kty=key.key_type, crv=key.key_curve)
dk = self._derive(epk.get_op_key('unwrapKey'),
key.get_op_key('wrapKey'),
alg, dk_size, headers)
if self.keysize is None:
ret = {'cek': aes_key}
else:
aeskw = self.aeskwmap[self.keysize]()
kek = JWK(kty="oct", use="enc", k=base64url_encode(dk))
ret = aeskw.wrap(kek, bitsize, cek, headers)
ret['header'] = {
'epk': {
"crv": "P-256", "kty": "EC",
"x": base64url_encode(int.to_bytes(point_x, 32, "big")),
"y": base64url_encode(int.to_bytes(point_y, 32, "big"))
}
}
return ret
def generate_authorization_request(configuration, registration, redirect_url,
key: jwk.JWK):
auth_url = configuration["authorization_endpoint"]
client_id = registration["client_id"]
pubkey = key.export_public(as_dict=True)
pubkey.update({"alg": "RS256", "ext": True, "key_ops": ["verify"]})
nonce = secrets.token_urlsafe(24)
request = {
"redirect_uri": redirect_url,
"display": "page",
"nonce": nonce,
"key": pubkey
}
print(request)
# I can't seem to use jwcrypto to encode a jwt and sign it with the key, so let's just
# install pyjwt and use that instead
privatekey = key.export_to_pem(private_key=True, password=None)
request_jwt = jwt.encode(request, key=None, algorithm=None)
state = secrets.token_urlsafe(24)
params = {
"scope": "openid",
"client_id": client_id,
# TODO: This should be the values we added when registering
"response_type": "id_token token",
"request": request_jwt,
"state": state,
}
p = Request('GET', auth_url, params=params).prepare()
return p.url
def dump_pem_to_jwks(in_private):
try:
from jwcrypto.jwk import JWK, JWKSet
except ImportError as e:
msg = "You have to install jwcrypto to use this function"
print(msg)
raise ImportError(msg) from e
with open(in_private, "rb") as privfile:
data = privfile.read()
jwk = JWK()
jwk.import_from_pem(data)
jwks = JWKSet()
jwks.add(jwk)
raw = jwks.export(private_keys=True)
formatted = json.dumps(json.loads(raw), indent=2)
with open("private.json", "w") as priv_jwks_file:
priv_jwks_file.write(formatted)
raw = jwks.export(private_keys=False)
formatted = json.dumps(json.loads(raw), indent=2)
with open("public.json", "w") as public_jwks_file:
public_jwks_file.write(formatted)
def get_challenge(self, public_key: jwk.JWK):
key_id = public_key.thumbprint(self._hasher_name)
if not key_id in self._keys:
self._keys[key_id] = public_key.export_public(as_dict=True)
challenge = self._get_sts(key_id, expires_on=time.time() + self._ttl)
challenge_hash = self._hashfn(challenge).digest()
# if algorithm == 'rsa-sha256-pss':
# signature = self._keypair.sign(
# challenge_hash,
# padding=PSS(mgf=MGF1(self._hasher_name),
# salt_length=self._hasher_name.digest_size),
# algorithm=self._hasher_name
# )
if algorithm == 'rsa-sha256':
signature = self._keypair.sign(
challenge_hash,
padding=PKCS1v15(),
algorithm=self._hasher_name
)
else:
raise NotImplementedError('Cannot sign data: invalid algorithm')
return ':'.join([_bytes_to_base64str(obj) for obj in [challenge_hash, signature, challenge]])
def wrap(self, key, bitsize, cek, headers):
self._check_key(key)
dk_size = self.keysize
if self.keysize is None:
if cek is not None:
raise InvalidJWEOperation('ECDH-ES cannot use an existing CEK')
alg = headers['enc']
dk_size = bitsize
else:
alg = headers['alg']
epk = JWK.generate(kty=key.key_type, crv=key.key_curve)
dk = self._derive(epk.get_op_key('unwrapKey'),
key.get_op_key('wrapKey'),
alg, dk_size, headers)
if self.keysize is None:
ret = {'cek': dk}
else:
aeskw = self.aeskwmap[self.keysize]()
kek = JWK(kty="oct", use="enc", k=base64url_encode(dk))
ret = aeskw.wrap(kek, bitsize, cek, headers)
ret['header'] = {'epk': json_decode(epk.export_public())}
return ret
def load_keys(save_path):
fppub = open(os.path.join(save_path, "public.pem"), 'rb')
fppriv = open(os.path.join(save_path, "private.pem"), 'rb')
pub_key = JWK.from_pem(fppub.read())
priv_key = JWK.from_pem(fppriv.read())
fppub.close()
fppriv.close()
return {'public': pub_key, 'private': priv_key}
def __init__(self, host='localhost', port=7777, key=None):
self.host = host
self.port = port
self.key = key
with open('client_private.pem', mode='rb') as f:
self.privkey = JWK.from_pem(f.read())
with open('server_public.pem', mode='rb') as f:
self.server_pubkey = JWK.from_pem(f.read())
def server_keys(self):
if self._server_keys is None:
with open(self.config['server_keys']) as f:
jsonkeys = f.read()
dictkeys = json_decode(jsonkeys)
self._server_keys = (JWK(**dictkeys[KEY_USAGE_SIG]),
JWK(**dictkeys[KEY_USAGE_ENC]))
return self._server_keys
def load_account(path):
if not os.path.isfile(path): # 文件不存在
jwk = JWK.generate(kty='EC', crv='P-384')
return {'jwk': jwk, 'uri': None}
else:
with open(path) as account_file:
account = json_decode(account_file.read())
return {'jwk': JWK(**account['jwk']), 'uri': account['uri']}
def test_4_KEMClient_SET(self):
server_keys = [JWK(**test_keys[kem.KEY_USAGE_SIG]), None]
client_keys = [JWK(**self.client_keys[kem.KEY_USAGE_SIG]),
JWK(**self.client_keys[kem.KEY_USAGE_ENC])]
cli = kem.KEMClient(server_keys, client_keys)
kh = kem.KEMHandler({'KEMKeysStore': self.kk})
req = cli.make_request("key name", "key value")
kh.parse(req, "key name")
self.assertEqual(kh.payload, "key value")
def _load_public(self, data):
try:
self._public = serialization.load_pem_public_key(
b64decode(data), backend=self._backend)
self._public_jwk = JWK()
self._public_jwk.import_from_pyca(self._public)
except Exception: # pragma: no cover
LOGGER.error('Failed to parse public key starting with: %s',
data[:26])
def _load_private(self, data):
try:
self._private = serialization.load_pem_private_key(
b64decode(data), password=None, backend=self._backend)
self._private_jwk = JWK()
self._private_jwk.import_from_pyca(self._private)
except Exception: # pragma: no cover
LOGGER.error('Failed to parse private key starting with: %s',
data[:28])
def server_keys(self):
if self._server_keys is None:
if 'server_keys' not in self.config:
raise UnknownPublicKey("Server Keys not defined")
skey = self.find_key(self.config['server_keys'], KEY_USAGE_SIG)
ekey = self.find_key(self.config['server_keys'], KEY_USAGE_ENC)
self._server_keys = [JWK(**(json_decode(skey))),
JWK(**(json_decode(ekey)))]
return self._server_keys
def generate(header, payload, priv_pem):
priv_pem = json_decode(priv_pem.replace('\n', '\\n'))
if priv_pem.startswith("-----BEGIN"):
priv_key = JWK.from_pem(to_bytes_2and3(priv_pem))
else:
priv_key = JWK(kty='oct', k=base64url_encode(priv_pem))
sig = JWS(payload)
sig.add_signature(priv_key, protected=header)
sys.stdout.write(sig.serialize(compact=True))
def parse(self, msg, name):
"""Parses the message.
We check that the message is properly formatted.
:param msg: a json-encoded value containing a JWS or JWE+JWS token
:raises InvalidMessage: if the message cannot be parsed or validated
:returns: A verified payload
"""
try:
jtok = JWT(jwt=msg)
except Exception as e:
raise InvalidMessage('Failed to parse message: %s' % str(e))
try:
token = jtok.token
if isinstance(token, JWE):
token.decrypt(self.kkstore.server_keys[KEY_USAGE_ENC])
# If an encrypted payload is received then there must be
# a nested signed payload to verify the provenance.
payload = token.payload.decode('utf-8')
token = JWS()
token.deserialize(payload)
elif isinstance(token, JWS):
pass
else:
raise TypeError("Invalid Token type: %s" % type(jtok))
# Retrieve client keys for later use
self.client_keys = [
JWK(**self._get_key(token.jose_header, KEY_USAGE_SIG)),
JWK(**self._get_key(token.jose_header, KEY_USAGE_ENC))
]
# verify token and get payload
token.verify(self.client_keys[KEY_USAGE_SIG])
claims = json_decode(token.payload)
except Exception as e:
logger.debug('Failed to validate message', exc_info=True)
raise InvalidMessage('Failed to validate message: %s' % str(e))
check_kem_claims(claims, name)
self.name = name
self.payload = claims.get('value')
self.msg_type = 'kem'
return {
'type': self.msg_type,
'value': {
'kid': self.client_keys[KEY_USAGE_ENC].key_id,
'claims': claims
}
}
def verify(sjws, pub_pem):
sjws = json_decode(sjws)
pub_pem = json_decode(pub_pem.replace('\n', '\\n'))
if pub_pem.startswith("-----BEGIN"):
pub_key = JWK.from_pem(to_bytes_2and3(pub_pem))
else:
pub_key = JWK(kty='oct', k=base64url_encode(pub_pem))
sig = JWS()
sig.deserialize(sjws, pub_key)
sys.stdout.write(base64url_decode(json_decode(sig.serialize())['payload']))
def _decode_key(self, key):
if key is None:
return None
elif isinstance(key, JWK):
return key
elif isinstance(key, dict):
return JWK(**key)
elif isinstance(key, str):
return JWK(**(json_decode(key)))
else:
raise TypeError("Invalid key type")
def test_2_KEMClient(self):
server_keys = [JWK(**test_keys[KEY_USAGE_SIG]), None]
client_keys = [JWK(**self.client_keys[KEY_USAGE_SIG]),
JWK(**self.client_keys[KEY_USAGE_ENC])]
cli = KEMClient(server_keys, client_keys)
kem = KEMHandler({'KEMKeysStore': self.kk})
req = cli.make_request("key name")
kem.parse(req, "key name")
msg = json_decode(kem.reply('key value'))
rep = cli.parse_reply("key name", msg['value'])
self.assertEqual(rep, 'key value')
def newJwk(**key_args):
"""Create a new JWK obkject with a 'kid' attribute that contains the
key's thumbprint.
"""
from .keystore import keystore
if not key_args:
jwk = JWK(generate="EC", size=256)
else:
jwk = JWK(**key_args)
jwk._params["kid"] = thumbprint(jwk)
keystore().add(jwk)
return jwk
def test_1_Parse_GET(self):
cli_skey = JWK(**self.client_keys[0])
jtok = make_sig_kem("mykey", None, cli_skey, "RS256")
kem = KEMHandler({'KEMKeysStore': self.kk})
kem.parse(jtok, "mykey")
out = kem.reply('output')
jtok = JWT(jwt=json_decode(out)['value'])
cli_ekey = JWK(**self.client_keys[1])
jtok.token.decrypt(cli_ekey)
nested = jtok.token.payload
jtok = JWT(jwt=nested.decode('utf-8'))
jtok.token.verify(JWK(**test_keys[0]))
payload = json_decode(jtok.token.payload)['value']
self.assertEqual(payload, 'output')
def test_3_KEMClient(self):
server_keys = [JWK(**test_keys[kem.KEY_USAGE_SIG]),
JWK(**test_keys[kem.KEY_USAGE_ENC])]
client_keys = [JWK(**self.client_keys[kem.KEY_USAGE_SIG]),
JWK(**self.client_keys[kem.KEY_USAGE_ENC])]
cli = kem.KEMClient(server_keys, client_keys)
kh = kem.KEMHandler({'KEMKeysStore': self.kk})
req = cli.make_request("key name",
encalg=('RSA-OAEP', 'A256CBC-HS512'))
kh.parse(req, "key name")
msg = kh.reply('key value')
self.assertEqual(msg, json_decode(json_encode(msg)))
rep = cli.parse_reply("key name", msg['value'])
self.assertEqual(rep, 'key value')
def newServerKeys(path, keyid):
skey = JWK(generate='RSA', use='sig', kid=keyid)
ekey = JWK(generate='RSA', use='enc', kid=keyid)
with open(path, 'w') as f:
os.fchmod(f.fileno(), 0o600)
os.fchown(f.fileno(), 0, 0)
f.write('[%s,%s]' % (skey.export(), ekey.export()))
return [skey.get_op_key('verify'), ekey.get_op_key('encrypt')]
def verify_certificate(jwt: JWT) -> JWK:
"""Get (and verify) the signing key from JWT."""
# First element in the header is our actual key
try:
decoding_key = JWK.from_pem(
PEM_CERT_TEMPLATE.format(jwt.token.jose_header['x5c'][0]).encode())
except ValueError:
raise InvalidCert('Cannot decode key.')
if SETTINGS.metadata_service['disable_cert_verification']:
return decoding_key
if not SETTINGS.metadata_service['certificate']:
raise CommandError(
"Certificate verification enabled, but no certificate set. "
"Please set certificate or disable validation.")
# Create context and verify
store = _prepare_crypto_store(jwt)
decoding_cert = crypto.load_certificate(
crypto.FILETYPE_PEM,
PEM_CERT_TEMPLATE.format(jwt.token.jose_header['x5c'][0]).encode())
store_ctx = crypto.X509StoreContext(store, decoding_cert)
try:
store_ctx.verify_certificate()
except crypto.X509StoreContextError:
raise InvalidCert('Key could not be verified.')
else:
return decoding_key
def wrap(self, key, keylen, cek, headers):
self._check_key(key)
if self.keydatalen is None:
if cek is not None:
raise InvalidJWEOperation('ECDH-ES cannot use an existing CEK')
keydatalen = keylen * 8
alg = headers['enc']
else:
keydatalen = self.keydatalen
alg = headers['alg']
epk = JWK.generate(kty=key.key_type, crv=key.key_curve)
dk = self._derive(epk.get_op_key('unwrapKey'),
key.get_op_key('wrapKey'),
alg, keydatalen, headers)
if self.keydatalen is None:
ret = {'cek': dk}
else:
aeskw = _AesKw(keydatalen)
kek = JWK(kty="oct", use="enc", k=base64url_encode(dk))
ret = aeskw.wrap(kek, keydatalen // 8, cek, headers)
ret['header'] = {'epk': json_decode(epk.export_public())}
return ret
def handle(self, *args, **options: dict):
configDir: str = os.path.dirname(
os.getenv('ENV_FILE', '/secrets/env.json'))
self.stdout.write('Key files will be written to '
f'directory "{configDir}"...')
self.keyFileBasePathName = os.path.join(
configDir, options.get(self.baseNameOption))
self.stdout.write('Generating key...')
key: RsaKey = RSA.generate(4096)
self.stdout.write('Preparing private and public key strings...')
privateKey: bytes = key.exportKey()
publicKey: bytes = key.publickey().exportKey()
jwk_obj: JWK = JWK.from_pem(publicKey)
public_jwk: dict = {
**json.loads(jwk_obj.export_public()),
**{
'alg': 'RS256',
'use': 'sig'
}
}
self._writeKeyFile(self.KeyFileType.PRIVATE,
privateKey.decode('utf-8'))
self._writeKeyFile(self.KeyFileType.PUBLIC, publicKey.decode('utf-8'))
self._writeKeyFile(self.KeyFileType.JWK, json.dumps(public_jwk))
def _verify(self, prop: str, key: JWK, alg: Optional[AlgorithmName],
header: JsonObject, signer: Optional[JsonObject],
patch_header: _PatchHeader) -> None:
a = self._get_alg(alg, signer or header, InvalidJWSSignature)
# Prepare payload for verification algorithm
payload = copy(self._payload)
h = copy(header)
s = copy(signer)
signature = base64url_decode((s or h).pop(_VALUE))
exclude = h.pop(_EXCLUDES, [])
for x in exclude:
payload.pop(x, None)
h.update(patch_header(s))
payload[prop] = h
canonical = _dumpb(payload)
# Verify signature
if key is None:
key = JWK(**((s or h).get(_PUBLICKEY, None)))
c = JWSCore(a, key, header=None, payload='',
algs=self._allowed_algs)
c.engine.verify(key, canonical, signature)
def get_public_key(self):
public_key_set = self._registration.get_key_set()
key_set_url = self._registration.get_key_set_url()
if not public_key_set:
if key_set_url.startswith(('http://', 'https://')):
public_key_set = self.fetch_public_key(key_set_url)
self._registration.set_key_set(public_key_set)
else:
raise LtiException("Invalid URL: " + key_set_url)
# Find key used to sign the JWT (matches the KID in the header)
kid = self._jwt.get('header', {}).get('kid', None)
alg = self._jwt.get('header', {}).get('alg', None)
if not kid:
raise LtiException("JWT KID not found")
if not alg:
raise LtiException("JWT ALG not found")
for key in public_key_set['keys']:
key_kid = key.get('kid')
key_alg = key.get('alg', 'RS256')
if key_kid and key_kid == kid and key_alg == alg:
try:
key_json = json.dumps(key)
jwk_obj = JWK.from_json(key_json)
return jwk_obj.export_to_pem()
except (ValueError, TypeError):
raise LtiException("Can't convert JWT key to PEM format")
# Could not find public key with a matching kid and alg.
raise LtiException("Unable to find public key")
def get_jwk(cls, public_key):
# type: (str) -> t.Mapping[str, t.Any]
jwk_obj = JWK.from_pem(public_key.encode('utf-8'))
public_jwk = json.loads(jwk_obj.export_public())
public_jwk['alg'] = 'RS256'
public_jwk['use'] = 'sig'
return public_jwk
def make_tok(self, key, alg, name):
pri_key = JWK(**key)
protected = {"typ": "JOSE+JSON", "kid": key['kid'], "alg": alg}
plaintext = {"sub": name, "exp": int(time.time()) + (5 * 60)}
jws = JWS(payload=json_encode(plaintext))
jws.add_signature(pri_key, None, json_encode(protected))
return jws.serialize()
def _get_key(self, alg, key, p2s, p2c):
if isinstance(key, bytes):
plain = key
else:
plain = key.encode('utf8')
salt = bytes(self.name.encode('utf8')) + b'\x00' + p2s
if self.hashsize == 256:
hashalg = hashes.SHA256()
elif self.hashsize == 384:
hashalg = hashes.SHA384()
elif self.hashsize == 512:
hashalg = hashes.SHA512()
else:
raise ValueError('Unknown Hash Size')
kdf = PBKDF2HMAC(algorithm=hashalg,
length=_inbytes(self.keysize),
salt=salt,
iterations=p2c,
backend=self.backend)
rk = kdf.derive(plain)
if _bitsize(rk) != self.keysize:
raise InvalidJWEKeyLength(self.keysize, len(rk))
return JWK(kty="oct", use="enc", k=base64url_encode(rk))
def create_JWK():
"""Create a private key and return it formatted as JWK
"""
# Generate the private key using Ethereum methods
acc = Account.create(
extra_entropy=
"Alastria is the first Public-Permissioned Blockchain Network")
# Get the public key
publicKey = PublicKey.from_private(acc._key_obj)
# The public key is 64 bytes composed of the x and y curve coordinates
# x and y are each 32 bytes long
# We convert x and y to hex, so the dictionary can be converted to JSON
x = publicKey[:32]
y = publicKey[32:]
# Create the Json Web Key (JWK) representation, as specified by W3C DID Document format
key_JWK = JWK(kty="EC",
crv="secp256k1",
d=base64url_encode(acc.privateKey),
x=base64url_encode(x),
y=base64url_encode(y))
return key_JWK
def _load_public(self, data):
try:
self._public = serialization.load_pem_public_key(
b64decode(data), backend=self._backend)
self._public_jwk = JWK()
self._public_jwk.import_from_pyca(self._public)
except Exception: # pragma: no cover
LOGGER.error(
'Failed to parse public key starting with: %s', data[:26])
def generate(header, payload, priv_pem):
priv_pem = json_decode(priv_pem.replace('\n', '\\n'))
if priv_pem.startswith("-----BEGIN"):
priv_key = JWK.from_pem(to_bytes_2and3(priv_pem))
else:
priv_key = JWK(kty='oct', k=base64url_encode(priv_pem))
sig = JWS(payload)
sig.add_signature(priv_key, protected=header)
sys.stdout.write(sig.serialize(compact=True))
def _load_private(self, data):
try:
self._private = serialization.load_pem_private_key(
b64decode(data), password=None, backend=self._backend)
self._private_jwk = JWK()
self._private_jwk.import_from_pyca(self._private)
except Exception: # pragma: no cover
LOGGER.error(
'Failed to parse private key starting with: %s', data[:28])
def __init__(self, config, section):
super(EncryptedOverlay, self).__init__(config, section)
self.store_name = self.backing_store
self.store = None
if (not os.path.isfile(self.master_key) and
self.autogen_master_key):
# XXX https://github.com/latchset/jwcrypto/issues/50
size = self.key_sizes.get(self.master_enctype, 512)
key = JWK(generate='oct', size=size)
with open(self.master_key, 'w') as f:
os.fchmod(f.fileno(), 0o600)
f.write(key.export())
with open(self.master_key) as f:
data = f.read()
key = json_decode(data)
self.mkey = JWK(**key)
def verify(sjws, pub_pem):
sjws = json_decode(sjws)
pub_pem = json_decode(pub_pem.replace('\n', '\\n'))
if pub_pem.startswith("-----BEGIN"):
pub_key = JWK.from_pem(to_bytes_2and3(pub_pem))
else:
pub_key = JWK(kty='oct', k=base64url_encode(pub_pem))
sig = JWS()
sig.deserialize(sjws, pub_key)
sys.stdout.write(base64url_decode(json_decode(sig.serialize())['payload']))
def unwrap(self, key, keylen, ek, headers):
if 'epk' not in headers:
raise InvalidJWEData('Invalid Header, missing "epk" parameter')
self._check_key(key)
if self.keydatalen is None:
keydatalen = keylen * 8
alg = headers['enc']
else:
keydatalen = self.keydatalen
alg = headers['alg']
epk = JWK(**headers['epk'])
dk = self._derive(key.get_op_key('unwrapKey'),
epk.get_op_key('wrapKey'),
alg, keydatalen, headers)
if self.keydatalen is None:
return dk
else:
aeskw = _AesKw(keydatalen)
kek = JWK(kty="oct", use="enc", k=base64url_encode(dk))
cek = aeskw.unwrap(kek, keydatalen // 8, ek, headers)
return cek
def newServerKeys(path, keyid):
skey = JWK(generate='RSA', use='sig', kid=keyid)
ekey = JWK(generate='RSA', use='enc', kid=keyid)
with open(path, 'w') as f:
os.fchmod(f.fileno(), 0o600)
os.fchown(f.fileno(), 0, 0)
f.write('[%s,%s]' % (skey.export(), ekey.export()))
return [skey.get_op_key('verify'), ekey.get_op_key('encrypt')]
def test_upload_jwe(app, stats):
# Encrypt the data with a wrong key.
jwk = JWK.generate(kty='RSA')
data = app.app.registry.crypto.encrypt(
b'{"key": "wrong"}', _public_jwk=jwk)
app.post('/v2/upload', data,
headers={'Content-Type': 'text/plain'},
status=200)
# Encrypt the data with a wrong algorithm.
data = app.app.registry.crypto.encrypt(
b'{"alg": "wrong"}',
_protected='{"alg":"RSA-OAEP","enc":"A128CBC-HS256"}')
app.post('/v2/upload', data,
headers={'Content-Type': 'text/plain'},
status=400)
def Listen_Client(url,data,tport,q,header):
try:
while True:
#print("---Thread---")
HOST = '0.0.0.0'
PORT = int(tport)
conn = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
try:
conn.bind((HOST, PORT))
print("Thread *** Bind is ready", PORT)
except:
print("Thread *** Connection bind failed")
Listen_Client(url,data,PORT,q,header)
info = conn.recvfrom(1024)
#print(info)
data = info[0].decode("utf-8")
#print (data)
addr = info[1]
#print (addr)
#print("-" * 60)
#print('Thread *** connected by', addr)
key = JWK(generate="RSA",public_exponent=29,size=1000)
public_key = key.export_public()
#print('Thread *** public key',public_key)
conn.sendto(public_key.encode("utf-8"),addr)
#otetaan viesti vastaan ja avataan
try:
conn.settimeout(60)
encrypted_signed_token_info = conn.recvfrom(1024)
encrypted_signed_token = encrypted_signed_token_info[0].decode("utf-8")
#print(encrypted_signed_token)
except:
print('Thread *** time out')
break
E = JWE()
E.deserialize(encrypted_signed_token, key)
raw_payload = E.payload
string = raw_payload.decode("utf-8")
Payload = json.loads(string)
#print("Thread *** received payload:", Payload['exp'])
#käydään REST app kysymässä Kumokselta
mac = str(Payload['exp'])
myResponse = requests.get(url + mac,header)
#print(url + mac,header)
#print("Thread *** REST:", myResponse.status_code)
#tarkistus
if(myResponse.ok):
print("Thread *** Found!")
jData = json.loads(myResponse.content.decode("utf-8"))
#print("The response contains {0} properties".format(len(jData)))
conn.close()
else:
print("Thread *** Not found")
answer="Good try <3"
conn.send(answer.encode("utf-8"))
#SDN irrottaa kyseisen laitteen verkosta
break
conn.close()
#conn.close()
print("Thread *** end")
q.put(tport)
except:
#conn.close()
q.put(tport)
print("Thread *** Forced end")
def bench_RSA(self):
""" Import key """
JWK.from_pem(to_bytes_2and3(priv_pem))
def newServerKeys(path, keyid):
skey = JWK(generate='RSA', use='sig', kid=keyid)
ekey = JWK(generate='RSA', use='enc', kid=keyid)
with open(path, 'w+') as f:
f.write('[%s,%s]' % (skey.export(), ekey.export()))
return [skey.get_op_key('verify'), ekey.get_op_key('encrypt')]
def Listen_Client(url,data,tport,q,header):
try:
while True:
HOST = '0.0.0.0'
PORT = tport
s = None
for res in socket.getaddrinfo(HOST, PORT, socket.AF_UNSPEC, socket.SOCK_STREAM, 0, socket.AI_PASSIVE):
af, socktype, proto, canonname, sa = res
try:
s = socket.socket(af, socktype, proto)
s.setsockopt(socket.SOL_SOCKET,socket.SO_REUSEADDR,1)
except socket.error as msg:
print("Thread *** error message:",msg)
s = None
sys.exit(1)
continue
try:
print("Thread",sa)
s.bind(sa)
s.listen(1)
except socket.error as msg:
print("Thread *** error message:",msg)
s.close()
s = None
sys.exit(1)
continue
break
if s is None:
print("Thread *** could not open socket")
break
conn, addr = s.accept()
while True:
print("-" * 60)
print('Thread *** connected by', addr)
key = JWK(generate="RSA",public_exponent=29,size=1000)
public_key = key.export_public()
print('Thread *** public key',public_key)
conn.send(public_key.encode("utf-8"))
#otetaan viesti vastaan ja avataan
try:
conn.settimeout(20)
encrypted_signed_token = conn.recv(1024).decode("utf-8")
print(encrypted_signed_token)
except:
print('Thread *** time out')
q.put(tport)
break
E = JWE()
E.deserialize(encrypted_signed_token, key)
raw_payload = E.payload
string = raw_payload.decode("utf-8")
Payload = json.loads(string)
#print("Thread *** received payload:", Payload['exp'])
while True:
try:
#käydään REST app kysymässä Kumokselta
mac = str(Payload['exp'])
myResponse = requests.get(url + mac,header)
break
except:
print("Thread *** REST failed")
print(url + mac,header)
print("Thread *** REST:", myResponse.status_code)
#tarkistus
if(myResponse.ok):
print("Thread *** Found!")
jData = json.loads(myResponse.content.decode("utf-8"))
print("The response contains {0} properties".format(len(jData)))
elif myResponse.status_code==400:
print("Baasbox is down or configuration file is wrong")
break
else:
print("Thread *** Not found")
answer="Good try <3"
conn.send(answer.encode("utf-8"))
q.put(tport)
#SDN irrottaa kyseisen laitteen verkosta
break
conn.close()
#break
print("Thread *** end")
print("-" * 60)
except Exception as msg:
print("Thread *** Forced end")
print(msg)
print("-" * 60)
def mainServer(q):
filu = 'serverdaemon.ini'
HOST = '0.0.0.0' #change to None if wanted listen from IPv6 address
try:
fp = open(filu, 'r+')
Config.readfp(fp)
url = Config.get('REST','url')
header = Config.get('REST','header')
tport = int(Config.get('DAEMON','port'))
PORT = int(Config.get('DAEMON','port'))
fp.close()
except:
filu = input('anna kansion nimi:')
url = input('anna url:')
header = input('anna header:')
port = input('anna port:')
cfgfile = open(filu,'w')
try:
Config.add_section('REST')
Config.add_section('DAEMON')
print("*** Created sections")
except:
print('*** sections already exists')
Config.set('REST','url',url)
Config.set('REST','header', header)
Config.set('DAEMON','port',port)
Config.write(cfgfile)
cfgfile.close()
tport = int(Config.get('DAEMON','port'))
url = Config.get('REST','url')
header = Config.get('REST','header')
PORT = int(Config.get('DAEMON','port'))
print("*** Created information.")
header = ast.literal_eval(header)
while True:
s = None
for res in socket.getaddrinfo(HOST, PORT, socket.AF_UNSPEC, socket.SOCK_STREAM, 0, socket.AI_PASSIVE):
af, socktype, proto, canonname, sa = res
try:
s = socket.socket(af, socktype, proto)
s.setsockopt(socket.SOL_SOCKET,socket.SO_REUSEADDR,1)
except socket.error as msg:
s = None
continue
try:
#print('Main ***',sa)
s.bind(sa)
s.listen(1)
except socket.error as msg:
s.close()
s = None
continue
break
if s is None:
print('Main *** Could not open socket')
mainServer(q)
#sys.exit(1)
conn, addr = s.accept()
print("*" * 60)
print('Main *** Connected by', addr)
try:
conn.settimeout(5)
data = conn.recv(1024).decode("utf-8")
conn.settimeout(None)
except:
print("Main *** timeout")
mainServer(q)
print(data)
#datan tarkistus ja säikeen aloitus
if data=="I am Client":
print("Main*** Right start message")
#lähetetään julkinen avain
key = JWK(generate="RSA",public_exponent=29,size=1000)
public_key = key.export_public()
conn.send(public_key.encode("utf-8"))
#otetaan viesti vastaan ja avataan
encrypted_signed_token = conn.recv(1024).decode("utf-8")
print(encrypted_signed_token)
E = JWE()
E.deserialize(encrypted_signed_token, key)
raw_payload = E.payload
print("*** raw payload:",raw_payload)
string = raw_payload.decode("utf-8")
print("*** received str:", string)
Payload = json.loads(string)
print("*** JSON:",Payload)
print("*** received payload:", Payload['exp'])
while True:
try:
#käydään kysymässä onko listoilla
mac = str(Payload['exp'])
myResponse = requests.get(url + mac,header)
print(url + mac,header)
print("REST:", myResponse.status_code)
break
except:
print("Main *** REST failed")
if(myResponse.ok):
print("Main *** Found!")
jData = json.loads(myResponse.content.decode("utf-8"))
print("The response contains {0} properties".format(len(jData)))
#Kontrollerille viestiä, id configuroitavissa
#{
#ip: string,
#valid: bool
#}
#POST /iot-service/:id
#Haetaan "listalta"
if not q.empty():
free_port = q.get()
conn.send(free_port.encode("utf-8"))
else:
tport = str(int(tport)+1)
conn.send(tport.encode("utf-8"))
#Aloitetaan stringissä uusi yhteys
#conn.shutdown(socket.SHUT_RDWR)
conn.close()
thread.start_new_thread(Listen_Client,(url,data,tport,q,header,))
elif myResponse.status_code==400:
print("Baasbox is down or configuration file is wrong")
break
else:
print("Not found")
answer="Good try <3"
conn.send(answer.encode("utf-8"))
break
else:
conn.close()
print("*" * 60)
conn.close()
print("*" * 60)
def ServerMain(q,tport):
filu = 'serverdaemon.ini'
HOST = '0.0.0.0' #change to None if wanted listen from IPv6 address
try:
fp = open(filu, 'r+')
Config.readfp(fp)
url = Config.get('REST','url')
header = Config.get('REST','header')
if tport==0:
tport = int(Config.get('DAEMON','port'))
PORT = int(Config.get('DAEMON','port'))
fp.close()
except:
url = input('anna url:')
header = input('anna header:')
port = input('anna port:')
cfgfile = open(filu,'w')
try:
Config.add_section('REST')
Config.add_section('DAEMON')
print("*** Created sections")
except:
print('*** sections already exists')
Config.set('REST','url',url)
Config.set('REST','header', header)
Config.set('DAEMON','port',port)
Config.write(cfgfile)
cfgfile.close()
tport = int(Config.get('DAEMON','port'))
url = Config.get('REST','url')
header = Config.get('REST','header')
PORT = int(Config.get('DAEMON','port'))
print("*** Created information.")
header = ast.literal_eval(header)
try:
conn = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
while True:
print("*** Main ***")
#print("*" * 60)
conn = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
try:
conn.bind((HOST, PORT))
except:
print("Main *** Ei onnistunut")
ServerMain(q,tport)
info = conn.recvfrom(1024)
#print(info)
data = info[0].decode("utf-8")
#print (data)
addr = info[1]
#print (addr)
#datan tarkistus ja säikeen aloitus
if data=="I am Client":
#print("Main *** Right start message")
#lähetetään julkinen avain
key = JWK(generate="RSA",public_exponent=29,size=1000)
public_key = key.export_public()
conn.sendto(public_key.encode("utf-8"),addr)
#otetaan viesti vastaan ja avataan
encrypted_signed_token = conn.recv(1024).decode("utf-8")
#print(encrypted_signed_token)
E = JWE()
E.deserialize(encrypted_signed_token, key)
raw_payload = E.payload
#print("*** raw payload:",raw_payload)
string = raw_payload.decode("utf-8")
#print("*** received str:", string)
Payload = json.loads(string)
#print("*** JSON:",Payload)
#print("*** received payload:", Payload['exp'])
#käydään REST app kysymässä Kumokselta
mac = str(Payload['exp'])
myResponse = requests.get(url + mac,header)
#print(url + mac,header)
#print("REST:", myResponse.status_code)
if(myResponse.ok):
print("main *** Found!")
jData = json.loads(myResponse.content.decode("utf-8"))
#print("The response contains {0} properties".format(len(jData)))
# Konrollerille yhteys
#Haetaan "listalta"
if not q.empty():
tport = q.get()
conn.sendto(tport.encode("utf-8"),addr)
else:
tport = str(int(tport)+1)
conn.sendto(tport.encode("utf-8"),addr)
#Aloitetaan stringissä uusi yhteys
thread.start_new_thread(Listen_Client,(url,data,tport,q,header,))
else:
print("Main *** Not found")
answer="Good try <3"
conn.sendto(answer.encode("utf-8"),addr)
else:
conn.close()
print("*" * 60)
conn.close()
print("*" * 60)
except:
conn.close()
print("Main *** Frong message. Start again")
ServerMain(q,tport)
class Crypto(object):
_backend = None
_private = None
_private_jwk = None
_public = None
_public_jwk = None
def __init__(self, private_key=None, public_key=None):
self._backend = default_backend()
if private_key:
self._load_private(private_key)
if public_key:
self._load_public(public_key)
def _load_private(self, data):
try:
self._private = serialization.load_pem_private_key(
b64decode(data), password=None, backend=self._backend)
self._private_jwk = JWK()
self._private_jwk.import_from_pyca(self._private)
except Exception: # pragma: no cover
LOGGER.error(
'Failed to parse private key starting with: %s', data[:28])
def _load_public(self, data):
try:
self._public = serialization.load_pem_public_key(
b64decode(data), backend=self._backend)
self._public_jwk = JWK()
self._public_jwk.import_from_pyca(self._public)
except Exception: # pragma: no cover
LOGGER.error(
'Failed to parse public key starting with: %s', data[:26])
def encrypt(self, plaintext,
_protected='{"alg":"RSA-OAEP","enc":"A256GCM"}',
_public_jwk=None):
try:
jwe = JWE(plaintext=plaintext,
protected=_protected)
_public_jwk = _public_jwk if _public_jwk else self._public_jwk
jwe.add_recipient(_public_jwk)
ciphertext = jwe.serialize(compact=True)
except Exception:
raise ValueError("Couldn't encrypt message.")
return ciphertext
def decrypt(self, ciphertext):
try:
jwe = JWE()
jwe.deserialize(ciphertext, key=self._private_jwk)
plaintext = jwe.payload.decode('utf-8')
except Exception:
raise ValueError("Couldn't decrypt message.")
return plaintext
def validate(self, ciphertext):
try:
jwe = JWE()
jwe.deserialize(ciphertext)
if jwe.jose_header != {'alg': 'RSA-OAEP', 'enc': 'A256GCM'}:
return False
except Exception:
return False
return True
def mainServer(kierros,PORT,q):
if(kierros==0):
info = filu_checker()
print(info)
info = dict(info)
url = info['url']
header = info['header']
PORT = int(info['port'])
tport = int(info['port'])
kierros = 1
HOST = '0.0.0.0' #change to None if wanted listen from IPv6 address
while True:
s = None
for res in socket.getaddrinfo(HOST, PORT, socket.AF_UNSPEC, socket.SOCK_STREAM, 0, socket.AI_PASSIVE):
af, socktype, proto, canonname, sa = res
try:
s = socket.socket(af, socktype, proto)
s.setsockopt(socket.SOL_SOCKET,socket.SO_REUSEADDR,1)
except socket.error as msg:
print("Main ***",msg)
s = None
continue
try:
#print('Main ***',sa)
s.bind(sa)
s.listen(1)
except socket.error as msg:
print("Main ***",msg)
s.close()
s = None
continue
break
if s is None:
print('Main *** Could not open socket')
time.sleep(10)
PORT = PORT+1
mainServer(kierros,PORT,q)
#sys.exit(1)
conn, addr = s.accept()
#print("*" * 60)
#print('Main *** Connected by', addr)
try:
#conn.settimeout(5)
data = conn.recv(1024).decode("utf-8")
#conn.settimeout(None)
except:
print("Main *** timeout")
mainServer(kierros,PORT,q)
#print(data)
#datan tarkistus ja säikeen aloitus
if data=="I am Client":
#print("Main*** Right start message")
#lähetetään julkinen avain
key = JWK(generate="RSA",public_exponent=29,size=1000)
public_key = key.export_public()
conn.send(public_key.encode("utf-8"))
#otetaan viesti vastaan ja avataan
encrypted_signed_token = conn.recv(1024).decode("utf-8")
#print(encrypted_signed_token)
try:
E = JWE()
E.deserialize(encrypted_signed_token, key)
raw_payload = E.payload
#print("*** raw payload:",raw_payload)
string = raw_payload.decode("utf-8")
except Exception as msg:
print('Main *** Wrong key',encrypted_signed_token)
print('Main *** Wrong key',public_key)
print('Main *** Wrong key',msg)
break
#print("*** received str:", string)
Payload = json.loads(string)
#print("*** JSON:",Payload)
#print("*** received payload:", Payload['exp'])
while True:
try:
#käydään kysymässä onko listoilla
mac = str(Payload['exp'])
#Tähän kohti kysymys lähetetään request session ohjelmalle
myResponse = Check_rest(url,mac,header)
#myResponse = requests.get(url + mac,header)
#print(url + mac,header)
#print("REST:", myResponse.status_code)
break
except Exception as msg:
print("Main *** REST failed",msg)
sys.exit(1)
if(myResponse == 200):
#if(mac=='mac=00-00-00-00-00-01'):
#print("Main *** Found!")
#jData = json.loads(myResponse.content.decode("utf-8"))
#print("The response contains {0} properties".format(len(jData)))
jData = 'mac=00-00-00-00-00-01'
#Kontrollerille viestiä, id configuroitavissa
#{
#ip: string,
#valid: bool
#}
#POST /iot-service/:id
#Haetaan "listalta"
if not q.empty():
free_port = q.get()
conn.send(free_port.encode("utf-8"))
else:
tport = str(int(tport)+1)
conn.send(tport.encode("utf-8"))
#Aloitetaan stringissä uusi yhteys
#conn.shutdown(socket.SHUT_RDWR)
conn.close()
thread.start_new_thread(Listen_Client,(url,data,tport,q,header,))
else:
print("Not found",myResponse.status_code)
answer="Good try <3"
conn.send(answer.encode("utf-8"))
break
else:
conn.close()
print("*" * 60)
conn.close()
print("*" * 60)
def bench_RSA(self):
""" Generate key """
JWK.generate(kty='RSA', size=2048)
