def _processRecoveryInterest(self, interest, syncDigest, transport):
logging.getLogger(__name__).info("processRecoveryInterest")
if self._logFind(syncDigest) != -1:
tempContent = sync_state_pb2.SyncStateMsg()
for i in range(self._digestTree.size()):
content = getattr(tempContent, "ss").add()
content.name = self._applicationDataPrefixUri
content.type = SyncState_UPDATE
content.seqno.seq = self._sequenceNo
content.seqno.session = self._digestTree.get(i).getSessionNo()
if len(getattr(tempContent, "ss")) != 0:
# TODO: Check if this works in Python 3.
#pylint: disable=E1103
array = tempContent.SerializeToString()
#pylint: enable=E1103
data = Data(interest.getName())
data.setContent(Blob(array))
self._keyChain.sign(data, self._certificateName)
try:
transport.send(data.wireEncode().toBuffer())
except Exception as ex:
logging.getLogger(__name__).error(
"Error in transport.send: %s", str(ex))
return
logging.getLogger(__name__).info("send recovery data back")
logging.getLogger(__name__).info("%s", interest.getName().toUri())
def _registerPrefixHelper(self, registeredPrefixId, prefix, onInterest,
onRegisterFailed, flags, wireFormat):
"""
Do the work of registerPrefix to register with NDNx once we have an
ndndId_.
:param int registeredPrefixId: The
_RegisteredPrefix.getNextRegisteredPrefixId() which registerPrefix got
so it could return it to the caller. If this is 0, then don't add to
registeredPrefixTable_ (assuming it has already been done).
"""
# Create a ForwardingEntry.
# Note: ndnd ignores any freshness that is larger than 3600 seconds and
# sets 300 seconds instead. To register "forever", (=2000000000 sec),
# the freshness period must be omitted.
forwardingEntry = ForwardingEntry()
forwardingEntry.setAction("selfreg")
forwardingEntry.setPrefix(prefix)
forwardingEntry.setForwardingFlags(flags)
content = forwardingEntry.wireEncode(wireFormat)
# Set the ForwardingEntry as the content of a Data packet and sign.
data = Data()
data.setContent(content)
# Set the name to a random value so that each request is unique.
nonce = bytearray(4)
for i in range(len(nonce)):
nonce[i] = _systemRandom.randint(0, 0xff)
data.getName().append(nonce)
# The ndnd ignores the signature, so set to blank values.
data.getSignature().getKeyLocator().setType(
KeyLocatorType.KEY_LOCATOR_DIGEST)
data.getSignature().getKeyLocator().setKeyData(
Blob(bytearray(32), False))
data.getSignature().setSignature(Blob(bytearray(128), False))
encodedData = data.wireEncode(wireFormat)
# Create an interest where the name has the encoded Data packet.
interestName = Name().append("ndnx").append(
self._ndndId).append("selfreg").append(encodedData)
interest = Interest(interestName)
interest.setInterestLifetimeMilliseconds(4000.0)
interest.setScope(1)
encodedInterest = interest.wireEncode(wireFormat)
if registeredPrefixId != 0:
# Save the onInterest callback and send the registration interest.
self._registeredPrefixTable.append(
Node._RegisteredPrefix(registeredPrefixId, prefix, onInterest))
response = Node._RegisterResponse(self, prefix, onInterest,
onRegisterFailed, flags, wireFormat,
False)
self.expressInterest(interest, response.onData, response.onTimeout,
wireFormat)
def _registerPrefixHelper(
self, registeredPrefixId, prefix, onInterest, onRegisterFailed, flags,
wireFormat):
"""
Do the work of registerPrefix to register with NDNx once we have an
_ndndId.
:param int registeredPrefixId: The
_RegisteredPrefix.getNextRegisteredPrefixId() which registerPrefix got
so it could return it to the caller. If this is 0, then don't add to
_registeredPrefixTable (assuming it has already been done).
"""
# Create a ForwardingEntry.
# Note: ndnd ignores any freshness that is larger than 3600 seconds and
# sets 300 seconds instead. To register "forever", (=2000000000 sec),
# the freshness period must be omitted.
forwardingEntry = ForwardingEntry()
forwardingEntry.setAction("selfreg")
forwardingEntry.setPrefix(prefix)
forwardingEntry.setForwardingFlags(flags)
content = forwardingEntry.wireEncode(wireFormat)
# Set the ForwardingEntry as the content of a Data packet and sign.
data = Data()
data.setContent(content)
# Set the name to a random value so that each request is unique.
nonce = bytearray(4)
for i in range(len(nonce)):
nonce[i] = _systemRandom.randint(0, 0xff)
data.getName().append(nonce)
# The ndnd ignores the signature, so set to blank values.
data.getSignature().getKeyLocator().setType(
KeyLocatorType.KEY_LOCATOR_DIGEST)
data.getSignature().getKeyLocator().setKeyData(
Blob(bytearray(32), False))
data.getSignature().setSignature(Blob(bytearray(128), False))
encodedData = data.wireEncode(wireFormat)
# Create an interest where the name has the encoded Data packet.
interestName = Name().append("ndnx").append(self._ndndId).append(
"selfreg").append(encodedData)
interest = Interest(interestName)
interest.setInterestLifetimeMilliseconds(4000.0)
interest.setScope(1)
encodedInterest = interest.wireEncode(wireFormat)
if registeredPrefixId != 0:
# Save the onInterest callback and send the registration interest.
self._registeredPrefixTable.append(Node._RegisteredPrefix(
registeredPrefixId, prefix, onInterest))
response = Node._RegisterResponse(
self, prefix, onInterest, onRegisterFailed, flags, wireFormat, False)
self.expressInterest(
interest, response.onData, response.onTimeout, wireFormat)
def _registerPrefixHelper(
self, registeredPrefixId, prefix, onInterest, onRegisterFailed, flags,
wireFormat, face):
"""
Do the work of registerPrefix to register with NDNx once we have an
_ndndId.
:param int registeredPrefixId: The getNextEntryId() which registerPrefix
got so it could return it to the caller. If this is 0, then don't add
to _registeredPrefixTable (assuming it has already been done).
"""
if not WireFormat.ENABLE_NDNX:
# We can get here if the command signing info is set, but running NDNx.
raise RuntimeError(
"registerPrefix with NDNx is deprecated. To enable while you upgrade your code to use NFD, set WireFormat.ENABLE_NDNX = True")
# Create a ForwardingEntry.
# Note: ndnd ignores any freshness that is larger than 3600 seconds and
# sets 300 seconds instead. To register "forever", (=2000000000 sec),
# the freshness period must be omitted.
forwardingEntry = ForwardingEntry()
forwardingEntry.setAction("selfreg")
forwardingEntry.setPrefix(prefix)
forwardingEntry.setForwardingFlags(flags)
content = forwardingEntry.wireEncode(wireFormat)
# Set the ForwardingEntry as the content of a Data packet and sign.
data = Data()
data.setContent(content)
# Set the name to a random value so that each request is unique.
nonce = bytearray(4)
for i in range(len(nonce)):
nonce[i] = _systemRandom.randint(0, 0xff)
data.getName().append(nonce)
# The ndnd ignores the signature, so set to blank values.
data.getSignature().getKeyLocator().setType(
KeyLocatorType.KEY_LOCATOR_DIGEST)
data.getSignature().getKeyLocator().setKeyData(
Blob(bytearray(32), False))
data.getSignature().setSignature(Blob(bytearray(128), False))
encodedData = data.wireEncode(wireFormat)
# Create an interest where the name has the encoded Data packet.
interestName = Name().append("ndnx").append(self._ndndId).append(
"selfreg").append(encodedData)
interest = Interest(interestName)
interest.setInterestLifetimeMilliseconds(4000.0)
interest.setScope(1)
if registeredPrefixId != 0:
interestFilterId = 0
if onInterest != None:
# registerPrefix was called with the "combined" form that includes
# the callback, so add an InterestFilterEntry.
interestFilterId = self.getNextEntryId()
self.setInterestFilter(
interestFilterId, InterestFilter(prefix), onInterest, face)
self._registeredPrefixTable.append(Node._RegisteredPrefix(
registeredPrefixId, prefix, interestFilterId))
# Send the registration interest.
response = Node._RegisterResponse(
self, prefix, onInterest, onRegisterFailed, flags, wireFormat, False,
face)
self.expressInterest(
self.getNextEntryId(), interest, response.onData, response.onTimeout,
wireFormat, face)
def _processSyncInterest(self, index, syncDigest, transport):
"""
Common interest processing, using digest log to find the difference
after syncDigest.
:return: True if sent a data packet to satisfy the interest, otherwise
False.
:rtype: bool
"""
nameList = [] # of str
sequenceNoList = [] # of int
sessionNoList = [] # of int
for j in range(index + 1, len(self._digestLog)):
temp = self._digestLog[j].getData() # array of sync_state_pb2.SyncState.
for i in range(len(temp)):
syncState = temp[i]
if syncState.type != SyncState_UPDATE:
continue
if self._digestTree.find(
syncState.name, syncState.seqno.session) != -1:
n = -1
for k in range(len(nameList)):
if nameList[k] == syncState.name:
n = k
break
if n == -1:
nameList.append(syncState.name)
sequenceNoList.append(syncState.seqno.seq)
sessionNoList.append(syncState.seqno.session)
else:
sequenceNoList[n] = syncState.seqno.seq
sessionNoList[n] = syncState.seqno.session
tempContent = sync_state_pb2.SyncStateMsg()
for i in range(len(nameList)):
content = getattr(tempContent, "ss").add()
content.name = nameList[i]
content.type = SyncState_UPDATE
content.seqno.seq = sequenceNoList[i]
content.seqno.session = sessionNoList[i]
sent = False
if len(getattr(tempContent, "ss")) != 0:
name = Name(self._applicationBroadcastPrefix)
name.append(syncDigest)
# TODO: Check if this works in Python 3.
#pylint: disable=E1103
array = tempContent.SerializeToString()
#pylint: enable=E1103
data = Data(name)
data.setContent(Blob(array))
self._keyChain.sign(data, self._certificateName)
try:
transport.send(data.wireEncode().toBuffer())
except Exception as ex:
logging.getLogger(__name__).error(
"Error in transport.send: %s", str(ex))
return
sent = True
logging.getLogger(__name__).info("Sync Data send")
logging.getLogger(__name__).info("%s", name.toUri())
return sent
class SafeBag(object):
"""
There are three forms of the SafeBag constructor:
SafeBag(certificate, privateKeyBag) - Create a SafeBag with the given
certificate and private key.
SafeBag(keyName, privateKeyBag, publicKeyEncoding [, password,
digestAlgorithm, wireFormat]) - Create a SafeBag with given private key
and a new self-signed certificate for the given public key.
SafeBag(input) - Create a SafeBag by decoding the input as an NDN-TLV SafeBag.
:param Data certificate: The certificate data packet (used only for
SafeBag(certificate, privateKeyBag)). This copies the object.
:param Blob privateKeyBag: The encoded private key. If encrypted, this is a
PKCS #8 EncryptedPrivateKeyInfo. If not encrypted, this is an unencrypted
PKCS #8 PrivateKeyInfo.
:param password: (optional) The password for decrypting the private key in
order to sign the self-signed certificate, which should have characters in
the range of 1 to 127. If the password is supplied, use it to decrypt the
PKCS #8 EncryptedPrivateKeyInfo. If the password is omitted or None,
privateKeyBag is an unencrypted PKCS #8 PrivateKeyInfo.
:type password: an array which implements the buffer protocol
:param int digestAlgorithm: (optional) The digest algorithm for signing the
self-signed certificate. If omitted, use DigestAlgorithm.SHA256 .
:type digestAlgorithm: int from the DigestAlgorithm enum
:param WireFormat wireFormat: (optional) A WireFormat object used to encode
the self-signed certificate in order to sign it. If omitted, use
WireFormat.getDefaultWireFormat().
:param input: The array with the bytes to decode.
:type input: A Blob or an array type with int elements
"""
def __init__(self, arg1, privateKeyBag = None,
publicKeyEncoding = None, password = None,
digestAlgorithm = DigestAlgorithm.SHA256, wireFormat = None):
if isinstance(arg1, Name):
keyName = arg1
if wireFormat == None:
# Don't use a default argument since getDefaultWireFormat can change.
wireFormat = WireFormat.getDefaultWireFormat()
self._certificate = SafeBag._makeSelfSignedCertificate(
keyName, privateKeyBag, publicKeyEncoding, password,
digestAlgorithm, wireFormat)
self._privateKeyBag = privateKeyBag
elif isinstance(arg1, Data):
# The certificate is supplied.
self._certificate = Data(arg1)
self._privateKeyBag = privateKeyBag
else:
# Assume the first argument is the encoded SafeBag.
self.wireDecode(arg1)
def getCertificate(self):
"""
Get the certificate data packet.
:return: The certificate as a Data packet. If you need to process it as
a certificate object then you must create a new CertificateV2(data).
:rtype: Data
"""
return self._certificate
def getPrivateKeyBag(self):
"""
Get the encoded private key.
:return: The encoded private key. If encrypted, this is a PKCS #8
EncryptedPrivateKeyInfo. If not encrypted, this is an unencrypted PKCS
#8 PrivateKeyInfo.
:rtype: Blob
"""
return self._privateKeyBag
def wireDecode(self, input):
"""
Decode the input as an NDN-TLV SafeBag and update this object.
:param input: The array with the bytes to decode.
:type input: A Blob or an array type with int elements
"""
if isinstance(input, Blob):
input = input.buf()
# Decode directly as TLV. We don't support the WireFormat abstraction
# because this isn't meant to go directly on the wire.
decoder = TlvDecoder(input)
endOffset = decoder.readNestedTlvsStart(Tlv.SafeBag_SafeBag)
# Get the bytes of the certificate and decode.
certificateBeginOffset = decoder.getOffset()
certificateEndOffset = decoder.readNestedTlvsStart(Tlv.Data)
decoder.seek(certificateEndOffset)
self._certificate = Data()
self._certificate.wireDecode(
decoder.getSlice(certificateBeginOffset, certificateEndOffset),
TlvWireFormat.get())
self._privateKeyBag = Blob(
decoder.readBlobTlv(Tlv.SafeBag_EncryptedKeyBag), True)
decoder.finishNestedTlvs(endOffset)
def wireEncode(self, wireFormat = None):
"""
Encode this as an NDN-TLV SafeBag.
:return: The encoded byte array as a Blob.
:rtype: Blob
"""
# Encode directly as TLV. We don't support the WireFormat abstraction
# because this isn't meant to go directly on the wire.
encoder = TlvEncoder(256)
saveLength = len(encoder)
# Encode backwards.
encoder.writeBlobTlv(
Tlv.SafeBag_EncryptedKeyBag, self._privateKeyBag.buf())
# Add the entire Data packet encoding as is.
encoder.writeBuffer(
self._certificate.wireEncode(TlvWireFormat.get()).buf())
encoder.writeTypeAndLength(
Tlv.SafeBag_SafeBag, len(encoder) - saveLength)
return Blob(encoder.getOutput(), False)
@staticmethod
def _makeSelfSignedCertificate(
keyName, privateKeyBag, publicKeyEncoding, password, digestAlgorithm,
wireFormat):
certificate = CertificateV2()
# Set the name.
now = Common.getNowMilliseconds()
certificateName = Name(keyName)
certificateName.append("self").appendVersion(int(now))
certificate.setName(certificateName)
# Set the MetaInfo.
certificate.getMetaInfo().setType(ContentType.KEY)
# Set a one-hour freshness period.
certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0)
# Set the content.
publicKey = PublicKey(publicKeyEncoding)
certificate.setContent(publicKey.getKeyDer())
# Create a temporary in-memory Tpm and import the private key.
tpm = Tpm("", "", TpmBackEndMemory())
tpm._importPrivateKey(keyName, privateKeyBag.toBytes(), password)
# Set the signature info.
if publicKey.getKeyType() == KeyType.RSA:
certificate.setSignature(Sha256WithRsaSignature())
elif publicKey.getKeyType() == KeyType.EC:
certificate.setSignature(Sha256WithEcdsaSignature())
else:
raise ValueError("Unsupported key type")
signatureInfo = certificate.getSignature()
KeyLocator.getFromSignature(signatureInfo).setType(KeyLocatorType.KEYNAME)
KeyLocator.getFromSignature(signatureInfo).setKeyName(keyName)
# Set a 20-year validity period.
ValidityPeriod.getFromSignature(signatureInfo).setPeriod(
now, now + 20 * 365 * 24 * 3600 * 1000.0)
# Encode once to get the signed portion.
encoding = certificate.wireEncode(wireFormat)
signatureBytes = tpm.sign(encoding.toSignedBytes(), keyName,
digestAlgorithm)
signatureInfo.setSignature(signatureBytes)
# Encode again to include the signature.
certificate.wireEncode(wireFormat)
return certificate
class SafeBag(object):
"""
There are three forms of the SafeBag constructor:
SafeBag(certificate, privateKeyBag) - Create a SafeBag with the given
certificate and private key.
SafeBag(keyName, privateKeyBag, publicKeyEncoding [, password,
digestAlgorithm, wireFormat]) - Create a SafeBag with given private key
and a new self-signed certificate for the given public key.
SafeBag(input) - Create a SafeBag by decoding the input as an NDN-TLV SafeBag.
:param Data certificate: The certificate data packet (used only for
SafeBag(certificate, privateKeyBag)). This copies the object.
:param Blob privateKeyBag: The encoded private key. If encrypted, this is a
PKCS #8 EncryptedPrivateKeyInfo. If not encrypted, this is an unencrypted
PKCS #8 PrivateKeyInfo.
:param password: (optional) The password for decrypting the private key in
order to sign the self-signed certificate, which should have characters in
the range of 1 to 127. If the password is supplied, use it to decrypt the
PKCS #8 EncryptedPrivateKeyInfo. If the password is omitted or None,
privateKeyBag is an unencrypted PKCS #8 PrivateKeyInfo.
:type password: an array which implements the buffer protocol
:param int digestAlgorithm: (optional) The digest algorithm for signing the
self-signed certificate. If omitted, use DigestAlgorithm.SHA256 .
:type digestAlgorithm: int from the DigestAlgorithm enum
:param WireFormat wireFormat: (optional) A WireFormat object used to encode
the self-signed certificate in order to sign it. If omitted, use
WireFormat.getDefaultWireFormat().
:param input: The array with the bytes to decode.
:type input: A Blob or an array type with int elements
"""
def __init__(self,
arg1,
privateKeyBag=None,
publicKeyEncoding=None,
password=None,
digestAlgorithm=DigestAlgorithm.SHA256,
wireFormat=None):
if isinstance(arg1, Name):
keyName = arg1
if wireFormat == None:
# Don't use a default argument since getDefaultWireFormat can change.
wireFormat = WireFormat.getDefaultWireFormat()
self._certificate = SafeBag._makeSelfSignedCertificate(
keyName, privateKeyBag, publicKeyEncoding, password,
digestAlgorithm, wireFormat)
self._privateKeyBag = privateKeyBag
elif isinstance(arg1, Data):
# The certificate is supplied.
self._certificate = Data(arg1)
self._privateKeyBag = privateKeyBag
else:
# Assume the first argument is the encoded SafeBag.
self.wireDecode(arg1)
def getCertificate(self):
"""
Get the certificate data packet.
:return: The certificate as a Data packet. If you need to process it as
a certificate object then you must create a new CertificateV2(data).
:rtype: Data
"""
return self._certificate
def getPrivateKeyBag(self):
"""
Get the encoded private key.
:return: The encoded private key. If encrypted, this is a PKCS #8
EncryptedPrivateKeyInfo. If not encrypted, this is an unencrypted PKCS
#8 PrivateKeyInfo.
:rtype: Blob
"""
return self._privateKeyBag
def wireDecode(self, input):
"""
Decode the input as an NDN-TLV SafeBag and update this object.
:param input: The array with the bytes to decode.
:type input: A Blob or an array type with int elements
"""
if isinstance(input, Blob):
input = input.buf()
# Decode directly as TLV. We don't support the WireFormat abstraction
# because this isn't meant to go directly on the wire.
decoder = TlvDecoder(input)
endOffset = decoder.readNestedTlvsStart(Tlv.SafeBag_SafeBag)
# Get the bytes of the certificate and decode.
certificateBeginOffset = decoder.getOffset()
certificateEndOffset = decoder.readNestedTlvsStart(Tlv.Data)
decoder.seek(certificateEndOffset)
self._certificate = Data()
self._certificate.wireDecode(
decoder.getSlice(certificateBeginOffset, certificateEndOffset),
TlvWireFormat.get())
self._privateKeyBag = Blob(
decoder.readBlobTlv(Tlv.SafeBag_EncryptedKeyBag), True)
decoder.finishNestedTlvs(endOffset)
def wireEncode(self, wireFormat=None):
"""
Encode this as an NDN-TLV SafeBag.
:return: The encoded byte array as a Blob.
:rtype: Blob
"""
# Encode directly as TLV. We don't support the WireFormat abstraction
# because this isn't meant to go directly on the wire.
encoder = TlvEncoder(256)
saveLength = len(encoder)
# Encode backwards.
encoder.writeBlobTlv(Tlv.SafeBag_EncryptedKeyBag,
self._privateKeyBag.buf())
# Add the entire Data packet encoding as is.
encoder.writeBuffer(
self._certificate.wireEncode(TlvWireFormat.get()).buf())
encoder.writeTypeAndLength(Tlv.SafeBag_SafeBag,
len(encoder) - saveLength)
return Blob(encoder.getOutput(), False)
@staticmethod
def _makeSelfSignedCertificate(keyName, privateKeyBag, publicKeyEncoding,
password, digestAlgorithm, wireFormat):
certificate = CertificateV2()
# Set the name.
now = Common.getNowMilliseconds()
certificateName = Name(keyName)
certificateName.append("self").appendVersion(int(now))
certificate.setName(certificateName)
# Set the MetaInfo.
certificate.getMetaInfo().setType(ContentType.KEY)
# Set a one-hour freshness period.
certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0)
# Set the content.
publicKey = PublicKey(publicKeyEncoding)
certificate.setContent(publicKey.getKeyDer())
# Create a temporary in-memory Tpm and import the private key.
tpm = Tpm("", "", TpmBackEndMemory())
tpm._importPrivateKey(keyName, privateKeyBag.toBytes(), password)
# Set the signature info.
if publicKey.getKeyType() == KeyType.RSA:
certificate.setSignature(Sha256WithRsaSignature())
elif publicKey.getKeyType() == KeyType.EC:
certificate.setSignature(Sha256WithEcdsaSignature())
else:
raise ValueError("Unsupported key type")
signatureInfo = certificate.getSignature()
KeyLocator.getFromSignature(signatureInfo).setType(
KeyLocatorType.KEYNAME)
KeyLocator.getFromSignature(signatureInfo).setKeyName(keyName)
# Set a 20-year validity period.
ValidityPeriod.getFromSignature(signatureInfo).setPeriod(
now, now + 20 * 365 * 24 * 3600 * 1000.0)
# Encode once to get the signed portion.
encoding = certificate.wireEncode(wireFormat)
signatureBytes = tpm.sign(encoding.toSignedBytes(), keyName,
digestAlgorithm)
signatureInfo.setSignature(signatureBytes)
# Encode again to include the signature.
certificate.wireEncode(wireFormat)
return certificate
