def load_private_key( key_name, password, check_volume=True ):
key_path = make_key_local_path( key_name )
local = True
if not storage.path_exists( key_path, volume=None ) and check_volume:
# load it from the Volume
key_path = make_key_volume_path( key_name )
local = False
return load_private_key_from_path( key_path, password, local )
def update_contact( pubkey_str, privkey_str, email_addr, extras ):
contact_path = make_contact_path( pubkey_str, email_addr )
if not storage.path_exists( contact_path ):
log.error("No such contact '%s'" % email_addr)
return False
try:
contact = read_contact( pubkey_str, privkey_str, email_addr )
except Exception, e:
log.error("Failed to read contact '%s'" % email_addr)
log.exception(e)
return False
def cleanup_syntool( key_paths, tmpdir ):
for key_path in key_paths:
if storage.path_exists( key_path, volume=None ):
rc = storage.erase_file( key_path, volume=None )
if not rc:
log.critical( "!!! FAILED TO ERASE KEY! Securely erase %s !!!" % key_path )
try:
shutil.rmtree( tmpdir )
except Exception, e:
log.exception(e)
log.error("Failed to remove %s" % t)
def read_message( receiver_vol_inst, pubkey_str, privkey_str, gateway_privkey_pem, folder, msg_timestamp, msg_id, sender_vol_inst=None, storage_root="/tmp/syndicate-unused" ):
# is this an incoming message?
mpath = incoming_message_path( msg_timestamp, msg_id )
if storage.path_exists( mpath, volume=receiver_vol_inst ):
# get the incoming message record
incoming_message = read_incoming_message( privkey_str, msg_timestamp, msg_id, volume=receiver_vol_inst )
if incoming_message is None:
log.error("Failed to read incoming message %s" % message_handle( msg_timestamp, msg_id ) )
return None
# open the volume, if need be
if sender_vol_inst is None:
sender_vol_inst = sender_volume_from_incoming_message( incoming_message, gateway_privkey_pem, storage_root )
if sender_vol_inst is None:
log.error("Failed to open Volume")
return None
# get the sender's public key
sender_contact = contact.read_contact( pubkey_str, privkey_str, incoming_message.sender_addr )
if sender_contact is None:
log.error("No contact record for %s; cannot verify message authenticity" % incoming_message.sender_addr )
return None
# get the corresponding message from the remote Volume
msg = read_message_from_volume( sender_vol_inst, sender_contact.pubkey_pem, pubkey_str, privkey_str, incoming_message )
if msg is not None:
# verify that it matches the incoming message
if incoming_message.message_signature != msg.signature:
log.error("Message signature mismatch")
return None
return msg
else:
log.error("Failed to read message from %s" % sender_contact.addr)
return None
else:
# it's a stored message
return read_stored_message( privkey_str, folder, msg_timestamp, msg_id, volume=receiver_vol_inst )
def read_stored_message( privkey_str, folder, msg_timestamp, msg_id, volume=None, receiver_pubkey_pem=None ):
if receiver_pubkey_pem is None:
pkey = CryptoKey.importKey( privkey_str )
receiver_pubkey_pem = pkey.publickey().exportKey()
mpath = stored_message_path( receiver_pubkey_pem, folder, msg_timestamp, msg_id )
if not storage.path_exists( mpath, volume=volume ):
log.error("No message at %s" % mpath )
return None
msg_json = storage.read_encrypted_file( privkey_str, mpath, volume=volume )
if msg_json is None:
log.error("Failed to read message")
return None
try:
msg = storage.json_to_tuple( SyndicateMessage, msg_json )
except Exception, e:
log.error("Failed to parse message")
log.exception(e)
return None
def contact_exists( pubkey_str, email_addr ): contact_path = make_contact_path( pubkey_str, email_addr ) return storage.path_exists( contact_path )
# give the gateway write permission
try:
setcaps_result = syntool.client_call( syntool_conf, "set_gateway_caps", gateway_name, "READWRITE" )
assert setcaps_result
except Exception, e:
log.exception(e)
log.error("Failed to set up Volume access")
cleanup_syntool( [expected_gateway_pkey_path, expected_gateway_signingkey_path], tmpdir )
return False
cleanup_files = [expected_gateway_pkey_path, expected_gateway_signingkey_path]
if gateway_pkey_pem is None:
# get the private key
if not storage.path_exists( expected_gateway_pkey_path, volume=None ):
log.error("Failed to create gateway %s (no key in %s), ret = %s" % (gateway_name, expected_gateway_pkey_path, gateway_info) )
cleanup_syntool( cleanup_files, tmpdir )
return False
gateway_pkey_pem = storage.read_file( expected_gateway_pkey_path, volume=None )
if gateway_pkey_pem is None:
log.error("Failed to load private key from %s" % expected_gateway_pkey_path )
cleanup_syntool( cleanup_files, tmpdir )
return None
# store the key
rc = write_gateway_privkey( mail_password, gateway_name, gateway_pkey_pem )
if not rc:
log.error("Failed to store gateway private key")
cleanup_syntool( cleanup_files, tmpdir )