def _handleSigningAndEncryption(self, message, endpoint):
"""
Helper function for supporting the encryption of a message.
The algorithm name is gained for the given algorithm id (from the AlgorithmManager inside
the securitymanager module) and the message is encrypted using the SecurityController class
in the securitycontroller module (of course using the given algorithm name). Afterwards,
the message is passed on to the L{messagewrapper.MessageWrapper.wrapForEncryption} to make
it a valid piece of encrypted information.
@param message: Message to be encrypted and wrapped
@type message: C{String}
@param endpoint: Endpoint instance holding all information required about the destination
@type endpoint: L{communicationmanager.Endpoint}
"""
from securitymanager import getCredentialManager
credential = getCredentialManager().getCredential(endpoint.getCredentialId())
algName = getAlgorithmManager().getAlgorithm(credential.getAlgorithmId()).getName()
from config import memberid
communityid = endpoint.getCommunityId()
signature = getSecurityController().signMessage(message, algName) # let's just use the same algorithm as we used for encryption
sigXmlString, doc, node = getMessageWrapper().wrapForSigning(message, signature, algName, memberid, communityid)
ciphered = getSecurityController().encrypt(sigXmlString, credential.getKey(), algName)
xmlString = getMessageWrapper().wrapForEncryption(ciphered, algName)
return xmlString
def installEndPoints(i, localMemberId, tcId):
"""
Add the local endpoints as defined in the config file in the protocols folder.
"""
_printAction (i, "Initialise protocols and their endpoints", 1)
from protocolcontroller import getProtocolController
from communicationmanager import getProtocolManager
from communicationmanager import Protocol
from communicationmanager import getEndpointManager
from communicationmanager import Endpoint
from protocols.config import endpoints # these are actually addesses, not really endpoints
from securitymanager import getCredentialManager
from securitymanager import getAlgorithmManager
for protocolName in getProtocolController().getOpenProtocols():
_printAction (i+1, "Add Protocol '" + protocolName + "'")
## protocol = Protocol(None, protocolName)
## getProtocolManager().addProtocol(protocol)
protocol = getProtocolManager().getProtocolByNameAndInsert(protocolName)
_finishActionLine()
_printAction (i+1, "Add Endpoints for protocol '" + protocolName + "'", 1)
address = endpoints[protocolName]
for credential in getCredentialManager().getCredentialsForMember(localMemberId):
algName = getAlgorithmManager().getAlgorithm(credential.getAlgorithmId()).getName()
_printAction (i+2, "Add Endpoint for protocol '" + protocolName + "' and Algorithm '" + algName + "'")
endpoint = Endpoint (None, localMemberId, tcId, protocol.getId(), address, credential.getId())
getEndpointManager().addEndpoint(endpoint)
_finishActionLine()
_printAction (i, "Finished protocols and endpoints")
_finishActionLine()
def loadKeys(self):
"""
Loads the required keys for the algorithms.
"""
from securitymanager import getAlgorithmManager
from securitymanager import getPersonalCredentialManager
for alg in getAlgorithmManager().getAlgorithms():
if alg.getName() in self.getOpenAlgorithms():
for cred in getPersonalCredentialManager().getPersonalCredentials():
if cred.getAlgorithmId() == alg.getId():
self.getAlgorithm(alg.getName()).setKeyPair(cred.getPrivateKey())
def _handleDecryptionAndValidation(self, message, protocolname):
"""
Helper function for supporting the decryption of the message.
The passed message is passed to the L{messagewrapper.MessageWrapper.unwrapForDecryption}
for removing the encryption "header" and gaining the name of the algorithm and the
cipher text. Afterwards, the function decrypt in the securitycontroller is invoked
and the result is returned.
@return: Result of the L{securitycontroller.SecurityController.decrypt}
@rtype: C{String}
"""
alg, data = getMessageWrapper().unwrapForDecryption(message)
data = getSecurityController().decrypt(data, alg)
algName, memberid, communityid, data, signature = getMessageWrapper().unwrapForValidation(data)
from communicationmanager import getEndpointManager
from errorhandling import G4dsDependencyException, G4dsCommunicationException
from g4dslogging import getDefaultLogger, COMMUNICATION_INCOMING_NO_ENDPOINT
from securitymanager import getCredentialManager, getAlgorithmManager
try:
endpoint = getEndpointManager().findEndpoint(memberid, communityid, protocolname, algName)
credential = getCredentialManager().getCredential(endpoint.getCredentialId())
if not credential:
getDefaultLogger().newMessage(COMMUNICATION_INCOMING_NO_ENDPOINT, 'No credential found for the sender of the incoming message - validation aborted.')
raise G4dsCommunicationException('No credential found for the sender of the incoming message - validation aborted.')
key = credential.getKey()
if not getSecurityController().validate(data, signature, key, algName):
raise G4dsCommunicationException('Signature not valid for this message.')
return data, memberid, communityid
except G4dsDependencyException, msg:
getDefaultLogger().newMessage(COMMUNICATION_INCOMING_NO_ENDPOINT, 'Src Enpoint Detemination: %s - attempt key determination' %(msg))
# we have to carry on here - if the message is routed; the end-to-end message integrity must still be ensured; however - both members are not in the
# same community; hence - the receiver might not know about the endpoints of the sender; however, for this approach it's compulsary, that the public
# key is known
creds = getCredentialManager().getCredentialsForMember(memberid)
for cred in creds:
# well, problem here - the sender might have several keys of the same algorithm - no chance to get around checking them all here
if getAlgorithmManager().getAlgorithm(cred.getAlgorithmId()).getName() == algName:
key = cred.getKey()
if getSecurityController().validate(data, signature, key, algName):
return data, memberid, communityid
# ohoh - looks like this message is not valied :(
getDefaultLogger().newMessage(COMMUNICATION_INCOMING_NO_ENDPOINT, 'Src Enpoint Detemination: manual key search not sucessful.')
raise G4dsCommunicationException('Signature not valid for the incoming message.')
def testUpdatingAndDeletingOnManager():
from communitymanager import getMemberManager, Member
from communicationmanager import getEndpointManager, Endpoint, getProtocolManager
from securitymanager import getCredentialManager, Credential, getAlgorithmManager
m = Member('123','kk test', '<mdl/>','1.0.0.0','2005-07-08')
#m.addCommunity('C760394')
getMemberManager().updateMember(m, 1)
alg = getAlgorithmManager().getAlgorithmByNameAndInsert('nikos alg')
getEndpointManager().removeEndpointsForMember(m.getId())
c = Credential(None, alg.getId(),'','key5','123')
getCredentialManager().removeCredentialsForMember(m.getId())
getCredentialManager().addCredential(c)
protocol = getProtocolManager().getProtocolByNameAndInsert('soap')
e = Endpoint(None, '123', 'C426009', protocol.getId(), 'http://localhost', c.getId())
getEndpointManager().addEndpoint(e)
def testCommunityManager():
cm = communitymanager.getCommunityManager()
mm = communitymanager.getMemberManager()
## c = communitymanager.Community(None,"Community F","pas de comment","<tcdl/>","0.9.9","2005-06-28")
## m = communitymanager.Member(None, "Member F", "<mdl>Member F description file</mdl>","0.9.9", "2005-06-28")
##
## cm.addCommunity(c)
## mm.addMember(m)
##
## c2 = cm.getCommunity('C10001')
##
## c.addMember(m.getId())
## m.addCommunity(c.getId())
## c2.addMember(m.getId())
## m.addCommunity(c2.getId())
## c2.addAuthority(m.getId())
## m.addAuthorityRole(c2.getId())
## c.addAuthority(m.getId())
## m.addAuthorityRole(c.getId())
## communitymanager.CommunityGateway(m.getId(), c.getId(), c2.getId(), 1, 1)
## print cm, "\n", mm
## printCommunities()
## printMembers()
## print ""
## from communitymanager_db import CM_DB
## db = CM_DB()
## db.addProtocolToCommunity('C001', 'P906688')
## print db.getProtocolsForCommunity('C001')
community = cm.getCommunity('C001')
from communicationmanager import getProtocolManager
## prot = getProtocolManager().getProtocolByNameAndInsert('soap')
## community.addProtocol(prot.getId())
print community.getProtocols()
from securitymanager import getAlgorithmManager
alg = getAlgorithmManager().getAlgorithmByNameAndInsert('rsa')
community.addAlgorithm(alg.getId())
print community.getAlgorithms()
def testSecurityManager():
algMan = securitymanager.getAlgorithmManager()
## alg = securitymanager.Algorithm(None, "SSL")
## algMan.addAlgorithm(alg)
alg = algMan.getAlgorithms()[0]
print algMan
print alg
credMan = securitymanager.getCredentialManager()
cred = credMan.getCredentials()[0]
## cred1 = securitymanager.Credential(None, alg.getId(), 'mpilgerm', 'key here', 'M10002')
## credMan.addCredential(cred1)
print credMan
print cred
## print cred1
persCredMan = securitymanager.getPersonalCredentialManager()
persCred = persCredMan.getPersonalCredentials()[0]
## persCred1 = securitymanager.PersonalCredential(None, 'Test SSL 510 bit', alg.getId(), "key private", "key public")
## persCredMan.addPersonalCredential(persCred1)
print persCredMan
print persCred
def installOneKey(algId, i, localMemberId):
"""
Install key for one algorithm
"""
from algorithmcontroller import getAlgorithmController
from securitymanager import getAlgorithmManager
algName = getAlgorithmManager().getAlgorithm(algId).getName()
_printAction (i, "Personal Credential for algorithm '" + algName + "'")
algImplementation = getAlgorithmController().getAlgorithm(algName)
privateKey = algImplementation.createKeyPair()
publicKey = algImplementation.getPublicKey(privateKey)
from securitymanager import PersonalCredential
credential = PersonalCredential(None, algName + " key pair", algId, privateKey, publicKey, "")
from securitymanager import getPersonalCredentialManager
getPersonalCredentialManager().addPersonalCredential(credential)
_finishActionLine()
_printAction (i, "Public Credential for algorithm '" + algName + "'")
from securitymanager import Credential
from securitymanager import getCredentialManager
credential = Credential(None, algId, "", publicKey, localMemberId)
getCredentialManager().addCredential(credential)
_finishActionLine()
def installAlgorithms(i, localMemberId):
"""
Put all algorithms into the database.
@return: list of algorithm ids.
@rtype: C{List} of C{String}
"""
_printAction (i, "Initialise algorithms", 1)
from algorithmcontroller import getAlgorithmController
from securitymanager import getAlgorithmManager
from securitymanager import Algorithm
allOpen = getAlgorithmController().getOpenAlgorithms()
returnList = []
for algName in allOpen:
_printAction (i +1, "Algorithm '" + algName)
## alg = Algorithm(None, algName)
## getAlgorithmManager().addAlgorithm(alg)
alg = getAlgorithmManager().getAlgorithmByNameAndInsert(algName)
returnList.append(alg.getId())
_finishActionLine()
_printAction (i, "Finished algorithms")
_finishActionLine()
return returnList
