def audit_private_key(key_id, untrusted_idurl, timeout=10):
"""
Be sure remote user posses given private key.
I need to posses the public key to be able to audit.
I will generate a random string, encrypt it with given key public key and send encrypted string to him.
He will decrypt and send me back original string.
Returns Deferred object.
"""
if _Debug:
lg.out(_DebugLevel, 'key_ring.audit_private_key testing %s from %s' % (key_id, untrusted_idurl))
result = Deferred()
recipient_id_obj = identitycache.FromCache(untrusted_idurl)
if not recipient_id_obj:
lg.warn('not found "%s" in identity cache' % untrusted_idurl)
result.errback(Exception('not found "%s" in identity cache' % untrusted_idurl))
return result
key_alias, creator_idurl = my_keys.split_key_id(key_id)
if not key_alias or not creator_idurl:
lg.warn('wrong key_id')
result.errback(Exception('wrong key_id'))
return result
private_test_sample = key.NewSessionKey()
if untrusted_idurl == creator_idurl and key_alias == 'master':
lg.warn('doing audit of master key (private part) of remote user')
private_test_encrypted_sample = recipient_id_obj.encrypt(private_test_sample)
else:
if not my_keys.is_key_registered(key_id):
lg.warn('unknown key: "%s"' % key_id)
result.errback(Exception('unknown key: "%s"' % key_id))
return result
private_test_encrypted_sample = my_keys.encrypt(key_id, private_test_sample)
json_payload = {
'key_id': key_id,
'audit': {
'public_sample': '',
'private_sample': base64.b64encode(private_test_encrypted_sample),
}
}
raw_payload = serialization.DictToBytes(json_payload, values_to_text=True)
block = encrypted.Block(
BackupID=key_id,
Data=raw_payload,
SessionKey=key.NewSessionKey(),
# encrypt data using public key of recipient
EncryptKey=lambda inp: recipient_id_obj.encrypt(inp),
)
encrypted_payload = block.Serialize()
p2p_service.SendAuditKey(
remote_idurl=recipient_id_obj.getIDURL(),
encrypted_payload=encrypted_payload,
packet_id=key_id,
timeout=timeout,
callbacks={
commands.Ack(): lambda response, info:
_on_audit_private_key_response(response, info, key_id, untrusted_idurl, private_test_sample, result),
commands.Fail(): lambda response, info: result.errback(Exception(response)),
None: lambda pkt_out: result.errback(Exception('timeout')), # timeout
},
)
return result
def doSendMyListFiles(self, *args, **kwargs):
"""
Action method.
"""
json_list_files = backup_fs.Serialize(
to_json=True,
filter_cb=lambda path_id, path, info: True if strng.to_text(info.key_id) == strng.to_text(self.key_id) else False,
)
# raw_list_files = json.dumps(json_list_files, indent=2, encoding='utf-8')
raw_list_files = serialization.DictToBytes(json_list_files, keys_to_text=True, values_to_text=True)
if _Debug:
lg.out(_DebugLevel, 'shared_access_donor.doSendMyListFiles prepared list of files for %s :\n%s' % (
self.remote_idurl, raw_list_files))
block = encrypted.Block(
CreatorID=my_id.getLocalID(),
BackupID=self.key_id,
Data=raw_list_files,
SessionKey=key.NewSessionKey(),
EncryptKey=self.key_id,
)
encrypted_list_files = block.Serialize()
packet_id = "%s:%s" % (self.key_id, packetid.UniqueID(), )
p2p_service.SendFiles(
idurl=self.remote_idurl,
raw_list_files_info=encrypted_list_files,
packet_id=packet_id,
callbacks={
commands.Ack(): lambda response, _: self.automat('list-files-ok', response),
commands.Fail(): lambda response, _: self.automat('fail', Exception(str(response))),
None: lambda pkt_out: self.automat('fail', Exception('timeout')),
},
)
def encrypt(self, message_body, encrypt_session_func=None):
if _Debug:
lg.args(_DebugLevel, encrypt_session_func=encrypt_session_func, recipient=self.recipient)
new_sessionkey = key.NewSessionKey(session_key_type=key.SessionKeyType())
if not encrypt_session_func:
if my_keys.is_key_registered(self.recipient):
if _Debug:
lg.dbg(_DebugLevel, 'with registered key %r' % self.recipient)
encrypt_session_func = lambda inp: my_keys.encrypt(self.recipient, inp)
if not encrypt_session_func:
glob_id = global_id.NormalizeGlobalID(self.recipient)
if glob_id['key_alias'] == 'master':
if glob_id['idurl'] == my_id.getIDURL():
lg.warn('making encrypted message addressed to me ?')
encrypt_session_func = lambda inp: my_keys.encrypt('master', inp)
else:
remote_identity = identitycache.FromCache(glob_id['idurl'])
if not remote_identity:
raise Exception('remote identity is not cached yet, not able to encrypt the message')
if _Debug:
lg.dbg(_DebugLevel, 'with remote identity public key %r' % glob_id['idurl'])
encrypt_session_func = remote_identity.encrypt
else:
own_key = global_id.MakeGlobalID(idurl=my_id.getIDURL(), key_alias=glob_id['key_alias'])
if my_keys.is_key_registered(own_key):
if _Debug:
lg.dbg(_DebugLevel, 'with registered key (found by alias) %r' % own_key)
encrypt_session_func = lambda inp: my_keys.encrypt(own_key, inp)
if not encrypt_session_func:
raise Exception('can not find key for given recipient')
self.encrypted_session = encrypt_session_func(new_sessionkey)
self.encrypted_body = key.EncryptWithSessionKey(new_sessionkey, message_body, session_key_type=key.SessionKeyType())
return self.encrypted_session, self.encrypted_body
def test_encrypted_block(self):
from crypt import key
from crypt import encrypted
from userid import my_id
key.InitMyKey()
data1 = os.urandom(1024)
b1 = encrypted.Block(
CreatorID=my_id.getLocalIDURL(),
BackupID='BackupABC',
BlockNumber=123,
SessionKey=key.NewSessionKey(),
SessionKeyType=key.SessionKeyType(),
LastBlock=True,
Data=data1,
)
self.assertTrue(b1.Valid())
raw1 = b1.Serialize()
b2 = encrypted.Unserialize(raw1)
self.assertTrue(b2.Valid())
raw2 = b2.Serialize()
data2 = b2.Data()
self.assertEqual(data1, data2)
self.assertEqual(raw1, raw2)
def encrypt(self, message_body, encrypt_session_func=None):
new_sessionkey = key.NewSessionKey()
if not encrypt_session_func:
if my_keys.is_key_registered(self.recipient):
if _Debug:
lg.out(_DebugLevel, 'message.PrivateMessage.encrypt with "%s" key' % self.recipient)
encrypt_session_func = lambda inp: my_keys.encrypt(self.recipient, inp)
if not encrypt_session_func:
glob_id = global_id.ParseGlobalID(self.recipient)
if glob_id['key_alias'] == 'master':
if glob_id['idurl'] == my_id.getLocalID():
lg.warn('making private message addressed to me ???')
if _Debug:
lg.out(_DebugLevel, 'message.PrivateMessage.encrypt with "master" key')
encrypt_session_func = lambda inp: my_keys.encrypt('master', inp)
else:
remote_identity = identitycache.FromCache(glob_id['idurl'])
if not remote_identity:
raise Exception('remote identity is not cached yet, not able to encrypt the message')
if _Debug:
lg.out(_DebugLevel, 'message.PrivateMessage.encrypt with remote identity public key')
encrypt_session_func = remote_identity.encrypt
else:
own_key = global_id.MakeGlobalID(idurl=my_id.getLocalID(), key_alias=glob_id['key_alias'])
if my_keys.is_key_registered(own_key):
if _Debug:
lg.out(_DebugLevel, 'message.PrivateMessage.encrypt with "%s" key' % own_key)
encrypt_session_func = lambda inp: my_keys.encrypt(own_key, inp)
if not encrypt_session_func:
raise Exception('can not find key for given recipient')
self.encrypted_session = encrypt_session_func(new_sessionkey)
self.encrypted_body = key.EncryptWithSessionKey(new_sessionkey, message_body)
return self.encrypted_session, self.encrypted_body
def transfer_key(key_id, trusted_idurl, include_private=False, include_signature=False, timeout=10, result=None):
"""
Actually sending given key to remote user.
"""
if _Debug:
lg.out(_DebugLevel, 'key_ring.transfer_key %s -> %s' % (key_id, trusted_idurl))
if not result:
result = Deferred()
recipient_id_obj = identitycache.FromCache(trusted_idurl)
if not recipient_id_obj:
lg.warn('not found "%s" in identity cache' % trusted_idurl)
result.errback(Exception('not found "%s" in identity cache' % trusted_idurl))
return result
key_alias, creator_idurl = my_keys.split_key_id(key_id)
if not key_alias or not creator_idurl:
lg.warn('wrong key_id')
result.errback(Exception('wrong key_id'))
return result
if not my_keys.is_key_registered(key_id):
lg.warn('unknown key: "%s"' % key_id)
result.errback(Exception('unknown key: "%s"' % key_id))
return result
key_object = my_keys.key_obj(key_id)
try:
key_json = my_keys.make_key_info(
key_object,
key_id=key_id,
include_private=include_private,
include_signature=include_signature,
)
except Exception as exc:
lg.exc()
result.errback(exc)
return result
key_data = serialization.DictToBytes(key_json, values_to_text=True)
block = encrypted.Block(
BackupID=key_id,
Data=key_data,
SessionKey=key.NewSessionKey(session_key_type=key.SessionKeyType()),
SessionKeyType=key.SessionKeyType(),
# encrypt data using public key of recipient
EncryptKey=lambda inp: recipient_id_obj.encrypt(inp),
)
encrypted_key_data = block.Serialize()
p2p_service.SendKey(
remote_idurl=recipient_id_obj.getIDURL(),
encrypted_key_data=encrypted_key_data,
packet_id=key_id,
callbacks={
commands.Ack(): lambda response, info: _on_transfer_key_response(response, info, key_id, result),
commands.Fail(): lambda response, info: _on_transfer_key_response(response, info, key_id, result),
None: lambda pkt_out: _on_transfer_key_response(None, None, key_id, result),
},
timeout=timeout,
)
return result
def doSuppliersSendIndexFile(self, arg):
"""
Action method.
"""
if _Debug:
lg.out(_DebugLevel, 'index_synchronizer.doSuppliersSendIndexFile')
packetID = global_id.MakeGlobalID(
customer=my_id.getGlobalID(key_alias='master'),
path=settings.BackupIndexFileName(),
)
self.sending_suppliers.clear()
self.sent_suppliers_number = 0
src = bpio.ReadBinaryFile(settings.BackupIndexFilePath())
localID = my_id.getLocalID()
b = encrypted.Block(
localID,
packetID,
0,
key.NewSessionKey(),
key.SessionKeyType(),
True,
src,
)
Payload = b.Serialize()
for supplierId in contactsdb.suppliers():
if not supplierId:
continue
if not contact_status.isOnline(supplierId):
continue
newpacket, pkt_out = p2p_service.SendData(
raw_data=Payload,
ownerID=localID,
creatorID=localID,
remoteID=supplierId,
packetID=packetID,
callbacks={
commands.Ack(): self._on_supplier_acked,
commands.Fail(): self._on_supplier_acked,
},
)
# newpacket = signed.Packet(
# commands.Data(), localID, localID, packetID,
# Payload, supplierId)
# pkt_out = gateway.outbox(newpacket, callbacks={
# commands.Ack(): self._on_supplier_acked,
# commands.Fail(): self._on_supplier_acked, })
if pkt_out:
self.sending_suppliers.add(supplierId)
self.sent_suppliers_number += 1
if _Debug:
lg.out(
_DebugLevel, ' %s sending to %s' %
(newpacket, nameurl.GetName(supplierId)))
def transfer_private_key(key_id, idurl):
if _Debug:
lg.out(_DebugLevel,
'key_ring.transfer_private_key %s -> %s' % (key_id, idurl))
result = Deferred()
recipient_id_obj = identitycache.FromCache(idurl)
if not recipient_id_obj:
lg.warn('not found "%s" in identity cache' % idurl)
result.errback(Exception('not found "%s" in identity cache' % idurl))
return result
key_alias, creator_idurl = my_keys.split_key_id(key_id)
if not key_alias or not creator_idurl:
lg.warn('wrong key_id')
result.errback(Exception('wrong key_id'))
return result
key_object = my_keys.known_keys().get(key_id)
if key_object is None:
lg.warn('unknown key: "%s"' % key_id)
result.errback(Exception('unknown key: "%s"' % key_id))
return result
key_json = {
'key_id': key_id,
'alias': key_alias,
'creator': creator_idurl,
'fingerprint': str(key_object.fingerprint()),
'type': str(key_object.type()),
'ssh_type': str(key_object.sshType()),
'size': str(key_object.size()),
'public': str(key_object.public().toString('openssh')),
'private': str(key_object.toString('openssh')),
}
key_data = json.dumps(key_json)
block = encrypted.Block(
BackupID=key_id,
Data=key_data,
SessionKey=key.NewSessionKey(),
# encrypt data using public key of recipient
EncryptKey=lambda inp: recipient_id_obj.encrypt(inp),
)
encrypted_key_data = block.Serialize()
p2p_service.SendKey(
remote_idurl=recipient_id_obj.getIDURL(),
encrypted_key_data=encrypted_key_data,
packet_id=key_id,
callbacks={
commands.Ack():
lambda response, info: result.callback(response),
commands.Fail():
lambda response, info: result.errback(Exception(response)),
},
)
return result
def doSuppliersSendIndexFile(self, *args, **kwargs):
"""
Action method.
"""
if _Debug:
lg.out(_DebugLevel, 'index_synchronizer.doSuppliersSendIndexFile')
packetID = global_id.MakeGlobalID(
customer=my_id.getGlobalID(key_alias='master'),
path=settings.BackupIndexFileName(),
)
self.sending_suppliers.clear()
self.outgoing_packets_ids = []
self.sent_suppliers_number = 0
localID = my_id.getIDURL()
b = encrypted.Block(
CreatorID=localID,
BackupID=packetID,
BlockNumber=0,
SessionKey=key.NewSessionKey(
session_key_type=key.SessionKeyType()),
SessionKeyType=key.SessionKeyType(),
LastBlock=True,
Data=bpio.ReadBinaryFile(settings.BackupIndexFilePath()),
)
Payload = b.Serialize()
for supplier_idurl in contactsdb.suppliers():
if not supplier_idurl:
continue
sc = supplier_connector.by_idurl(supplier_idurl)
if sc is None or sc.state != 'CONNECTED':
continue
if online_status.isOffline(supplier_idurl):
continue
newpacket, pkt_out = p2p_service.SendData(
raw_data=Payload,
ownerID=localID,
creatorID=localID,
remoteID=supplier_idurl,
packetID=packetID,
callbacks={
commands.Ack(): self._on_supplier_acked,
commands.Fail(): self._on_supplier_acked,
},
)
if pkt_out:
self.sending_suppliers.add(supplier_idurl)
self.sent_suppliers_number += 1
self.outgoing_packets_ids.append(packetID)
if _Debug:
lg.out(
_DebugLevel, ' %s sending to %s' %
(newpacket, nameurl.GetName(supplier_idurl)))
def send(customer_idurl, packet_id, format_type, key_id, remote_idurl):
if not my_keys.is_key_registered(key_id):
lg.warn(
'not able to return Files() for customer %s, key %s not registered'
% (
customer_idurl,
key_id,
))
return p2p_service.SendFailNoRequest(customer_idurl, packet_id)
if _Debug:
lg.out(
_DebugLevel,
"list_files.send to %s, customer_idurl=%s, key_id=%s" % (
remote_idurl,
customer_idurl,
key_id,
))
ownerdir = settings.getCustomerFilesDir(customer_idurl)
plaintext = ''
if os.path.isdir(ownerdir):
for key_alias in os.listdir(ownerdir):
if not misc.ValidKeyAlias(str(key_alias)):
continue
key_alias_dir = os.path.join(ownerdir, key_alias)
plaintext += TreeSummary(key_alias_dir, key_alias)
else:
lg.warn('did not found customer dir: %s' % ownerdir)
if _Debug:
lg.out(_DebugLevel + 8, '\n%s' % plaintext)
raw_list_files = PackListFiles(plaintext, format_type)
block = encrypted.Block(
CreatorID=my_id.getLocalID(),
BackupID=key_id,
Data=raw_list_files,
SessionKey=key.NewSessionKey(),
EncryptKey=key_id,
)
encrypted_list_files = block.Serialize()
newpacket = p2p_service.SendFiles(
idurl=remote_idurl,
raw_list_files_info=encrypted_list_files,
packet_id=packet_id,
callbacks={
commands.Ack(): on_acked,
commands.Fail(): on_failed,
None: on_timeout,
},
)
return newpacket
def _doBlock():
dt = time.time()
src = self.currentBlockData.getvalue()
block = encrypted.Block(
my_id.getLocalID(),
self.backupID,
self.blockNumber,
key.NewSessionKey(),
key.SessionKeyType(),
self.stateEOF,
src,
EncryptKey=self.keyID,
)
del src
if _Debug:
lg.out(_DebugLevel, 'backup.doEncryptBlock blockNumber=%d size=%d atEOF=%s dt=%s EncryptKey=%s' % (
self.blockNumber, self.currentBlockSize, self.stateEOF, str(time.time() - dt), self.keyID))
return block
def _doBlock():
dt = time.time()
raw_bytes = self.currentBlockData.getvalue()
block = encrypted.Block(
CreatorID=self.creatorIDURL,
BackupID=self.backupID,
BlockNumber=self.blockNumber,
SessionKey=key.NewSessionKey(
session_key_type=key.SessionKeyType()),
SessionKeyType=key.SessionKeyType(),
LastBlock=self.stateEOF,
Data=raw_bytes,
EncryptKey=self.keyID,
)
del raw_bytes
if _Debug:
lg.out(
_DebugLevel,
'backup.doEncryptBlock blockNumber=%d size=%d atEOF=%s dt=%s EncryptKey=%s'
% (self.blockNumber, self.currentBlockSize, self.stateEOF,
str(time.time() - dt), self.keyID))
return block
def _doBlock():
dt = time.time()
raw_bytes = self.currentBlockData.getvalue()
# if not raw_bytes:
# lg.err('current block data is empty')
# raise ValueError('current block data is empty')
block = encrypted.Block(
CreatorID=my_id.getLocalID(),
BackupID=self.backupID,
BlockNumber=self.blockNumber,
SessionKey=key.NewSessionKey(),
SessionKeyType=key.SessionKeyType(),
LastBlock=self.stateEOF,
Data=raw_bytes,
EncryptKey=self.keyID,
)
del raw_bytes
if _Debug:
lg.out(
_DebugLevel,
'backup.doEncryptBlock blockNumber=%d size=%d atEOF=%s dt=%s EncryptKey=%s'
% (self.blockNumber, self.currentBlockSize, self.stateEOF,
str(time.time() - dt), self.keyID))
return block
def doSendMyListFiles(self, arg):
"""
Action method.
"""
json_list_files = backup_fs.Serialize(
to_json=True,
filter_cb=lambda path_id, path, info: True
if info.key_id == self.key_id else False,
)
raw_list_files = json.dumps(json_list_files,
indent=2,
encoding='utf-8')
block = encrypted.Block(
CreatorID=my_id.getLocalID(),
BackupID=self.key_id,
Data=raw_list_files,
SessionKey=key.NewSessionKey(),
# encrypt data using public key of recipient
EncryptKey=lambda inp: self.remote_identity.encrypt(inp),
)
encrypted_list_files = block.Serialize()
packet_id = "%s:%s" % (self.key_id, packetid.UniqueID())
p2p_service.SendFiles(
idurl=self.remote_idurl,
raw_list_files_info=encrypted_list_files,
packet_id=packet_id,
callbacks={
commands.Ack():
lambda response, _: self.automat('list-files-ok', response),
commands.Fail():
lambda response, _: self.automat('fail',
Exception(str(response))),
None:
lambda pkt_out: self.automat('fail', Exception('timeout')),
},
)
def _on_outbox_packet(self, outpacket, wide, callbacks, target=None, route=None, response_timeout=None, keep_alive=True):
"""
"""
if not driver.is_on('service_proxy_transport'):
if _Debug:
lg.out(_DebugLevel, 'proxy_sender._on_outbox_packet SKIP because service_proxy_transport is not started')
return None
if proxy_receiver.A() and proxy_receiver.A().state != 'LISTEN':
if _Debug:
lg.out(_DebugLevel, 'proxy_sender._on_outbox_packet SKIP because proxy_receiver state is not LISTEN')
return self._add_pending_packet(outpacket, wide, callbacks)
router_idurl = proxy_receiver.GetRouterIDURL()
router_identity_obj = proxy_receiver.GetRouterIdentity()
router_proto_host = proxy_receiver.GetRouterProtoHost()
router_proto, router_host = router_proto_host
publickey = router_identity_obj.publickey
my_original_identity_src = proxy_receiver.ReadMyOriginalIdentitySource()
if not router_idurl or not router_identity_obj or not router_proto_host or not my_original_identity_src:
if _Debug:
lg.out(_DebugLevel, 'proxy_sender._on_outbox_packet SKIP because remote router not ready')
return self._add_pending_packet(outpacket, wide, callbacks)
if outpacket.RemoteID == router_idurl:
if _Debug:
lg.out(_DebugLevel, 'proxy_sender._on_outbox_packet SKIP, packet addressed to router and must be sent in a usual way')
return None
try:
raw_data = outpacket.Serialize()
except:
lg.exc('failed to Serialize %s' % outpacket)
return None
src = ''
src += my_id.getLocalID() + '\n'
src += outpacket.RemoteID + '\n'
src += 'wide\n' if wide else '\n'
src += raw_data
block = encrypted.Block(
my_id.getLocalID(),
'routed outgoing data',
0,
key.NewSessionKey(),
key.SessionKeyType(),
True,
src,
EncryptKey=lambda inp: key.EncryptOpenSSHPublicKey(publickey, inp))
block_encrypted = block.Serialize()
newpacket = signed.Packet(
commands.Relay(),
outpacket.OwnerID,
my_id.getLocalID(),
outpacket.PacketID,
block_encrypted,
router_idurl,
)
result_packet = packet_out.create(
outpacket,
wide=wide,
callbacks=callbacks,
route={
'packet': newpacket,
'proto': router_proto,
'host': router_host,
'remoteid': router_idurl,
'description': 'Relay_%s[%s]_%s' % (outpacket.Command, outpacket.PacketID, nameurl.GetName(router_idurl)),
},
response_timeout=response_timeout,
keep_alive=keep_alive,
)
self.event('outbox-packet-sent', (outpacket, newpacket, result_packet))
if _Debug:
lg.out(_DebugLevel, '>>>Relay-OUT %s' % str(outpacket))
lg.out(_DebugLevel, ' sent to %s://%s with %d bytes' % (
router_proto, router_host, len(block_encrypted)))
del src
del block
del newpacket
del outpacket
del router_identity_obj
del router_idurl
del router_proto_host
return result_packet
def _on_first_outbox_packet(self, outpacket, wide, callbacks, target=None, route=None, response_timeout=None, keep_alive=True):
"""
Will be called first for every outgoing packet.
Must return `None` if that packet should be send normal way.
Otherwise will create another "routed" packet instead and return it.
"""
if not driver.is_on('service_proxy_transport'):
if _Debug:
lg.out(_DebugLevel, 'proxy_sender._on_first_outbox_packet SKIP sending %r because service_proxy_transport is not started yet' % outpacket)
return None
if not proxy_receiver.A():
if _Debug:
lg.out(_DebugLevel, 'proxy_sender._on_first_outbox_packet SKIP sending %r because proxy_receiver() not exist' % outpacket)
return None
if outpacket.Command == commands.Identity() and outpacket.CreatorID == my_id.getLocalID():
if proxy_receiver.GetPossibleRouterIDURL() and proxy_receiver.GetPossibleRouterIDURL().to_bin() == outpacket.RemoteID.to_bin():
if network_connector.A().state is 'DISCONNECTED':
if _Debug:
lg.out(_DebugLevel, 'proxy_sender._on_first_outbox_packet SKIP sending %r because network_connector() is DISCONNECTED' % outpacket)
return None
if network_connector.A().state is 'CONNECTED':
lg.warn('sending %r to "possible" proxy router %r' % (outpacket, proxy_receiver.GetPossibleRouterIDURL()))
pkt_out = packet_out.create(outpacket, wide, callbacks, target, route, response_timeout, keep_alive)
return pkt_out
if _Debug:
lg.out(_DebugLevel, 'proxy_sender._on_first_outbox_packet SKIP sending %r, network_connector() have transition state' % outpacket)
return None
if proxy_receiver.A().state != 'LISTEN':
if _Debug:
lg.out(_DebugLevel, 'proxy_sender._on_first_outbox_packet DELLAYED %r because proxy_receiver state is not LISTEN yet' % outpacket)
return self._add_pending_packet(outpacket, wide, callbacks)
router_idurl = proxy_receiver.GetRouterIDURL()
router_identity_obj = proxy_receiver.GetRouterIdentity()
router_proto_host = proxy_receiver.GetRouterProtoHost()
router_proto, router_host = router_proto_host
publickey = router_identity_obj.publickey
my_original_identity_src = proxy_receiver.ReadMyOriginalIdentitySource()
if not router_idurl or not router_identity_obj or not router_proto_host or not my_original_identity_src:
if _Debug:
lg.out(_DebugLevel, 'proxy_sender._on_first_outbox_packet SKIP because remote router not ready')
return self._add_pending_packet(outpacket, wide, callbacks)
if outpacket.RemoteID.to_bin() == router_idurl.to_bin():
if _Debug:
lg.out(_DebugLevel, 'proxy_sender._on_first_outbox_packet SKIP, packet addressed to router and must be sent in a usual way')
return None
try:
raw_data = outpacket.Serialize()
except:
lg.exc('failed to Serialize %s' % outpacket)
return None
# see proxy_router.ProxyRouter : doForwardOutboxPacket() for receiving part
json_payload = {
'f': my_id.getLocalID().to_bin(), # from
't': outpacket.RemoteID.to_bin(), # to
'w': wide, # wide
'p': raw_data, # payload
}
if not json_payload['t']:
raise ValueError('receiver idurl was not set')
raw_bytes = serialization.DictToBytes(json_payload)
block = encrypted.Block(
CreatorID=my_id.getLocalID(),
BackupID='routed outgoing data',
BlockNumber=0,
SessionKey=key.NewSessionKey(session_key_type=key.SessionKeyType()),
SessionKeyType=key.SessionKeyType(),
LastBlock=True,
Data=raw_bytes,
EncryptKey=lambda inp: key.EncryptOpenSSHPublicKey(publickey, inp),
)
block_encrypted = block.Serialize()
newpacket = signed.Packet(
Command=commands.Relay(),
OwnerID=outpacket.OwnerID,
CreatorID=my_id.getLocalID(),
PacketID=outpacket.PacketID,
Payload=block_encrypted,
RemoteID=router_idurl,
)
routed_packet = packet_out.create(
outpacket,
wide=wide,
callbacks=callbacks,
route={
'packet': newpacket,
# pointing "newpacket" to another node
'proto': router_proto,
'host': router_host,
'remoteid': router_idurl,
'description': 'Relay_%s[%s]_%s' % (outpacket.Command, outpacket.PacketID, nameurl.GetName(router_idurl)),
},
response_timeout=response_timeout,
keep_alive=keep_alive,
)
self.event('outbox-packet-sent', (outpacket, newpacket, routed_packet))
if _Debug:
lg.out(_DebugLevel, '>>>Relay-OUT %s' % str(outpacket))
lg.out(_DebugLevel, ' sent to %s://%s with %d bytes' % (
router_proto, router_host, len(block_encrypted)))
if _PacketLogFileEnabled:
lg.out(0, '\033[0;49;36mRELAY OUT %s(%s) with %s bytes from %s to %s via %s\033[0m' % (
outpacket.Command, outpacket.PacketID, len(raw_bytes),
global_id.UrlToGlobalID(outpacket.CreatorID), global_id.UrlToGlobalID(outpacket.RemoteID),
global_id.UrlToGlobalID(router_idurl), ),
log_name='packet', showtime=True,)
del raw_bytes
del block
del newpacket
del outpacket
del router_identity_obj
del router_idurl
del router_proto_host
return routed_packet
def _on_first_outbox_packet(self,
outpacket,
wide,
callbacks,
target=None,
route=None,
response_timeout=None,
keep_alive=True):
"""
Will be called first for every outgoing packet.
Must to return None if that packet should be send normal way.
Otherwise will create another "routerd" packet instead and return it.
"""
if not driver.is_on('service_proxy_transport'):
if _Debug:
lg.out(
_DebugLevel,
'proxy_sender._on_first_outbox_packet SKIP because service_proxy_transport is not started'
)
return None
if proxy_receiver.A() and proxy_receiver.A().state != 'LISTEN':
if _Debug:
lg.out(
_DebugLevel,
'proxy_sender._on_first_outbox_packet DELLAYED because proxy_receiver state is not LISTEN yet'
)
return self._add_pending_packet(outpacket, wide, callbacks)
router_idurl = proxy_receiver.GetRouterIDURL()
router_identity_obj = proxy_receiver.GetRouterIdentity()
router_proto_host = proxy_receiver.GetRouterProtoHost()
router_proto, router_host = router_proto_host
publickey = router_identity_obj.publickey
my_original_identity_src = proxy_receiver.ReadMyOriginalIdentitySource(
)
if not router_idurl or not router_identity_obj or not router_proto_host or not my_original_identity_src:
if _Debug:
lg.out(
_DebugLevel,
'proxy_sender._on_first_outbox_packet SKIP because remote router not ready'
)
return self._add_pending_packet(outpacket, wide, callbacks)
if outpacket.RemoteID == router_idurl:
if _Debug:
lg.out(
_DebugLevel,
'proxy_sender._on_first_outbox_packet SKIP, packet addressed to router and must be sent in a usual way'
)
return None
try:
raw_data = outpacket.Serialize()
except:
lg.exc('failed to Serialize %s' % outpacket)
return None
# see proxy_router.ProxyRouter : doForwardOutboxPacket() for receiving part
json_payload = {
'f': my_id.getLocalID(), # from
't': outpacket.RemoteID, # to
'w': wide, # wide
'p': raw_data, # payload
}
raw_bytes = serialization.DictToBytes(json_payload)
block = encrypted.Block(
CreatorID=my_id.getLocalID(),
BackupID='routed outgoing data',
BlockNumber=0,
SessionKey=key.NewSessionKey(),
SessionKeyType=key.SessionKeyType(),
LastBlock=True,
Data=raw_bytes,
EncryptKey=lambda inp: key.EncryptOpenSSHPublicKey(publickey, inp),
)
block_encrypted = block.Serialize()
newpacket = signed.Packet(
commands.Relay(),
outpacket.OwnerID,
my_id.getLocalID(),
outpacket.PacketID,
block_encrypted,
router_idurl,
)
routed_packet = packet_out.create(
outpacket,
wide=wide,
callbacks=callbacks,
route={
'packet':
newpacket,
# pointing "newpacket" to another node
'proto':
router_proto,
'host':
router_host,
'remoteid':
router_idurl,
'description':
'Relay_%s[%s]_%s' % (outpacket.Command, outpacket.PacketID,
nameurl.GetName(router_idurl)),
},
response_timeout=response_timeout,
keep_alive=keep_alive,
)
self.event('outbox-packet-sent', (outpacket, newpacket, routed_packet))
if _Debug:
lg.out(_DebugLevel, '>>>Relay-OUT %s' % str(outpacket))
lg.out(
_DebugLevel, ' sent to %s://%s with %d bytes' %
(router_proto, router_host, len(block_encrypted)))
del raw_bytes
del block
del newpacket
del outpacket
del router_identity_obj
del router_idurl
del router_proto_host
return routed_packet
def _do_forward_inbox_packet(self, *args, **kwargs):
# encrypt with proxy_receiver()'s key and sent to man behind my proxy
receiver_idurl, newpacket, info = args[0]
route_info = self.routes.get(receiver_idurl, None)
if not route_info:
lg.warn('route with %s not found for inbox packet: %s' %
(receiver_idurl, newpacket))
return
hosts = route_info['address']
if len(hosts) == 0:
lg.warn(
'route with %s do not have actual info about the host, use identity contacts instead'
% receiver_idurl)
hosts = route_info['contacts']
if len(hosts) == 0:
lg.warn('has no known contacts for route with %s' % receiver_idurl)
return
if len(hosts) > 1:
lg.warn('found more then one channel with receiver %s : %r' % (
receiver_idurl,
hosts,
))
receiver_proto, receiver_host = strng.to_bin(
hosts[0][0]), strng.to_bin(hosts[0][1])
publickey = route_info['publickey']
block = encrypted.Block(
CreatorID=my_id.getLocalID(),
BackupID='routed incoming data',
BlockNumber=0,
SessionKey=key.NewSessionKey(),
SessionKeyType=key.SessionKeyType(),
LastBlock=True,
Data=newpacket.Serialize(),
EncryptKey=lambda inp: key.EncryptOpenSSHPublicKey(publickey, inp),
)
raw_data = block.Serialize()
routed_packet = signed.Packet(
commands.Relay(),
newpacket.OwnerID,
my_id.getLocalID(),
newpacket.PacketID,
raw_data,
receiver_idurl,
)
pout = packet_out.create(
newpacket,
wide=False,
callbacks={},
route={
'packet':
routed_packet,
'proto':
receiver_proto,
'host':
receiver_host,
'remoteid':
receiver_idurl,
'description':
('Relay_%s[%s]_%s' % (newpacket.Command, newpacket.PacketID,
nameurl.GetName(receiver_idurl))),
},
)
if _Debug:
lg.out(
_DebugLevel, '<<<Relay-IN-OUT %s %s:%s' % (
str(newpacket),
info.proto,
info.host,
))
lg.out(
_DebugLevel, ' sent to %s://%s with %d bytes in %s' %
(receiver_proto, receiver_host, len(raw_data), pout))
del raw_data
del block
del newpacket
del routed_packet
def _do_transfer_key(key_id,
idurl,
include_private=False,
timeout=10,
result=None):
if _Debug:
lg.out(_DebugLevel,
'key_ring.transfer_key %s -> %s' % (key_id, idurl))
if not result:
result = Deferred()
recipient_id_obj = identitycache.FromCache(idurl)
if not recipient_id_obj:
lg.warn('not found "%s" in identity cache' % idurl)
result.errback(Exception('not found "%s" in identity cache' % idurl))
return result
key_alias, creator_idurl = my_keys.split_key_id(key_id)
if not key_alias or not creator_idurl:
lg.warn('wrong key_id')
result.errback(Exception('wrong key_id'))
return result
key_object = my_keys.known_keys().get(key_id)
if key_object is None:
lg.warn('unknown key: "%s"' % key_id)
result.errback(Exception('unknown key: "%s"' % key_id))
return result
try:
key_json = my_keys.make_key_info(key_object,
key_id=key_id,
include_private=include_private)
except Exception as exc:
lg.exc()
result.errback(exc)
return result
key_data = json.dumps(key_json)
block = encrypted.Block(
BackupID=key_id,
Data=key_data,
SessionKey=key.NewSessionKey(),
# encrypt data using public key of recipient
EncryptKey=lambda inp: recipient_id_obj.encrypt(inp),
)
encrypted_key_data = block.Serialize()
p2p_service.SendKey(
remote_idurl=recipient_id_obj.getIDURL(),
encrypted_key_data=encrypted_key_data,
packet_id=key_id,
callbacks={
commands.Ack():
lambda response, info: _on_transfer_key_response(
response, info, key_id, result),
commands.Fail():
lambda response, info: _on_transfer_key_response(
response, info, key_id, result),
# commands.Ack(): lambda response, info: result.callback(response),
# commands.Fail(): lambda response, info: result.errback(Exception(response)),
None:
lambda pkt_out: _on_transfer_key_response(None, None, key_id,
result),
},
timeout=timeout,
)
return result
def send(customer_idurl,
packet_id,
format_type,
key_id,
remote_idurl,
query_items=[]):
if not query_items:
query_items = [
'*',
]
key_id = my_keys.latest_key_id(key_id)
parts = global_id.ParseGlobalID(key_id)
if parts['key_alias'] == 'master' and parts['idurl'] != my_id.getIDURL():
# lg.warn('incoming ListFiles() request with customer "master" key: %r' % key_id)
if not my_keys.is_key_registered(key_id) and identitycache.HasKey(
parts['idurl']):
lg.info(
'customer public key %r to be registered locally for the first time'
% key_id)
known_ident = identitycache.FromCache(parts['idurl'])
if not my_keys.register_key(key_id, known_ident.getPublicKey()):
lg.err(
'failed to register known public key of the customer: %r' %
key_id)
if not my_keys.is_key_registered(key_id):
lg.warn(
'not able to return Files() for customer %s, key %s not registered'
% (
customer_idurl,
key_id,
))
return p2p_service.SendFailNoRequest(customer_idurl,
packet_id,
response='key not registered')
if _Debug:
lg.out(
_DebugLevel,
"list_files.send to %s, customer_idurl=%s, key_id=%s, query_items=%r"
% (
remote_idurl,
customer_idurl,
key_id,
query_items,
))
ownerdir = settings.getCustomerFilesDir(customer_idurl)
plaintext = ''
if os.path.isdir(ownerdir):
try:
for query_path in query_items:
plaintext += process_query_item(query_path, parts['key_alias'],
ownerdir)
except:
lg.exc()
return p2p_service.SendFailNoRequest(
customer_idurl,
packet_id,
response='list files query processing error')
else:
lg.warn('did not found customer folder: %s' % ownerdir)
if _Debug:
lg.out(_DebugLevel, '\n%s' % plaintext)
raw_list_files = PackListFiles(plaintext, format_type)
block = encrypted.Block(
CreatorID=my_id.getIDURL(),
BackupID=key_id,
Data=raw_list_files,
SessionKey=key.NewSessionKey(session_key_type=key.SessionKeyType()),
SessionKeyType=key.SessionKeyType(),
EncryptKey=key_id,
)
encrypted_list_files = block.Serialize()
newpacket = p2p_service.SendFiles(
idurl=remote_idurl,
raw_list_files_info=encrypted_list_files,
packet_id=packet_id,
callbacks={
commands.Ack(): on_acked,
commands.Fail(): on_failed,
None: on_timeout,
},
)
return newpacket
def audit_public_key(key_id, untrusted_idurl, timeout=10):
"""
Be sure remote user posses given public key.
I also need to posses that public key in order to do such audit.
I will send him a random string, he needs to encrypt it and send me back.
I can compare his encrypted output with mine.
Returns Deferred object.
"""
if _Debug:
lg.out(
_DebugLevel, 'key_ring.audit_public_key testing %s from %s' %
(key_id, untrusted_idurl))
result = Deferred()
recipient_id_obj = identitycache.FromCache(untrusted_idurl)
if not recipient_id_obj:
lg.warn('not found "%s" in identity cache' % untrusted_idurl)
result.errback(
Exception('not found "%s" in identity cache' % untrusted_idurl))
return result
key_alias, creator_idurl = my_keys.split_key_id(key_id)
if not key_alias or not creator_idurl:
lg.warn('wrong key_id')
result.errback(Exception('wrong key_id'))
return result
if untrusted_idurl == creator_idurl and key_alias == 'master':
lg.warn('doing audit of master key (public part) of remote user')
else:
if not my_keys.is_key_registered(key_id):
lg.warn('unknown key: "%s"' % key_id)
result.errback(Exception('unknown key: "%s"' % key_id))
return result
public_test_sample = key.NewSessionKey()
json_payload = {
'key_id': key_id,
'audit': {
'public_sample': base64.b64encode(public_test_sample),
'private_sample': '',
}
}
raw_payload = json.dumps(json_payload)
block = encrypted.Block(
BackupID=key_id,
Data=raw_payload,
SessionKey=key.NewSessionKey(),
# encrypt data using public key of recipient
EncryptKey=lambda inp: recipient_id_obj.encrypt(inp),
)
encrypted_payload = block.Serialize()
p2p_service.SendAuditKey(
remote_idurl=recipient_id_obj.getIDURL(),
encrypted_payload=encrypted_payload,
packet_id=key_id,
timeout=timeout,
callbacks={
commands.Ack():
lambda response, info: _on_audit_public_key_response(
response, info, key_id, untrusted_idurl, public_test_sample,
result),
commands.Fail():
lambda response, info: result.errback(Exception(response)),
None:
lambda pkt_out: result.errback(Exception('timeout')), # timeout
},
)
return result
def doForwardInboxPacket(self, arg):
"""
Action method.
"""
# encrypt with proxy_receiver()'s key and sent to man behind my proxy
receiver_idurl, newpacket, info = arg
route_info = self.routes.get(receiver_idurl, None)
if not route_info:
lg.warn('route with %s not found for inbox packet: %s' %
(receiver_idurl, newpacket))
return
hosts = route_info['address']
if len(hosts) == 0:
lg.warn(
'route with %s do not have actual info about the host, use identity contacts instead'
% receiver_idurl)
hosts = route_info['contacts']
if len(hosts) == 0:
lg.warn('has no known contacts for route with %s' % receiver_idurl)
return
receiver_proto, receiver_host = hosts[0]
publickey = route_info['publickey']
src = ''
src += newpacket.Serialize()
block = encrypted.Block(
my_id.getLocalID(),
'routed incoming data',
0,
key.NewSessionKey(),
key.SessionKeyType(),
True,
src,
EncryptKey=lambda inp: key.EncryptOpenSSHPublicKey(publickey, inp))
routed_packet = signed.Packet(commands.Relay(), newpacket.OwnerID,
my_id.getLocalID(), newpacket.PacketID,
block.Serialize(), receiver_idurl)
pout = packet_out.create(newpacket,
wide=False,
callbacks={},
route={
'packet':
routed_packet,
'proto':
receiver_proto,
'host':
receiver_host,
'remoteid':
receiver_idurl,
'description':
('Relay_%s[%s]_%s' %
(newpacket.Command, newpacket.PacketID,
nameurl.GetName(receiver_idurl)))
})
if _Debug:
lg.out(
_DebugLevel, '<<<Relay-IN %s %s:%s' % (
str(newpacket),
info.proto,
info.host,
))
lg.out(
_DebugLevel, ' sent to %s://%s with %d bytes in %s' %
(receiver_proto, receiver_host, len(src), pout))
del src
del block
del newpacket
del routed_packet
def _do_send_packet_to_router(self,
outpacket,
callbacks,
wide,
response_timeout,
keep_alive,
is_retry=False):
router_idurl = proxy_receiver.GetRouterIDURL()
router_identity_obj = proxy_receiver.GetRouterIdentity()
router_proto_host = proxy_receiver.GetRouterProtoHost()
router_proto, router_host = router_proto_host
publickey = router_identity_obj.publickey
my_original_identity_src = proxy_receiver.ReadMyOriginalIdentitySource(
)
if not router_idurl or not router_identity_obj or not router_proto_host or not my_original_identity_src:
if _Debug:
lg.out(
_DebugLevel,
'proxy_sender._do_send_packet_to_router SKIP because router not ready yet'
)
return self._do_add_pending_packet(outpacket, callbacks, wide,
response_timeout, keep_alive)
if outpacket.RemoteID.to_bin() == router_idurl.to_bin():
if _Debug:
lg.out(
_DebugLevel,
'proxy_sender._do_send_packet_to_router SKIP, packet addressed to router and must be sent in a usual way'
)
return None
try:
raw_data = outpacket.Serialize()
except:
lg.exc('failed to Serialize %s' % outpacket)
return None
# see proxy_router.ProxyRouter : doForwardOutboxPacket() for receiving part
json_payload = {
'f': my_id.getIDURL().to_bin(), # from
't': outpacket.RemoteID.to_bin(), # to
'p': raw_data, # payload
'w': wide, # wide
'i': response_timeout,
'a': keep_alive,
'r': is_retry,
}
if not json_payload['t']:
raise ValueError('receiver idurl was not set')
raw_bytes = serialization.DictToBytes(json_payload)
block = encrypted.Block(
CreatorID=my_id.getIDURL(),
BackupID='routed outgoing data',
BlockNumber=0,
SessionKey=key.NewSessionKey(
session_key_type=key.SessionKeyType()),
SessionKeyType=key.SessionKeyType(),
LastBlock=True,
Data=raw_bytes,
EncryptKey=lambda inp: key.EncryptOpenSSHPublicKey(publickey, inp),
)
block_encrypted = block.Serialize()
newpacket = signed.Packet(
Command=commands.RelayOut(),
OwnerID=outpacket.OwnerID,
CreatorID=my_id.getIDURL(),
PacketID=outpacket.PacketID,
Payload=block_encrypted,
RemoteID=router_idurl,
)
if response_timeout is not None:
# must give some extra time for the proxy re-routing
response_timeout += 10.0
routed_packet = packet_out.create(
outpacket=outpacket,
wide=False,
callbacks={},
route={
'packet':
newpacket,
# pointing "newpacket" to router node
'proto':
router_proto,
'host':
router_host,
'remoteid':
router_idurl,
'description':
'RelayOut_%s[%s]_%s' % (outpacket.Command, outpacket.PacketID,
nameurl.GetName(router_idurl)),
},
response_timeout=response_timeout,
keep_alive=True,
)
for command, cb_list in callbacks.items():
if isinstance(cb_list, list):
for cb in cb_list:
routed_packet.set_callback(command, cb)
else:
routed_packet.set_callback(command, cb_list)
if not is_retry:
_key = (
outpacket.Command,
outpacket.PacketID,
outpacket.RemoteID.to_bin(),
)
self.sent_packets[_key] = (
routed_packet,
outpacket,
)
self.event('relay-out', (outpacket, newpacket, routed_packet))
if _Debug:
lg.out(
_DebugLevel,
'>>>Relay-OUT %s sent to %s://%s with %d bytes, timeout=%r' % (
str(outpacket),
router_proto,
router_host,
len(block_encrypted),
response_timeout,
))
if _PacketLogFileEnabled:
lg.out(
0,
'\033[0;49;36mRELAY OUT %s(%s) with %s bytes from %s to %s via %s\033[0m'
% (
outpacket.Command,
outpacket.PacketID,
len(raw_bytes),
global_id.UrlToGlobalID(outpacket.CreatorID),
global_id.UrlToGlobalID(outpacket.RemoteID),
global_id.UrlToGlobalID(router_idurl),
),
log_name='packet',
showtime=True,
)
del raw_bytes
del block
del newpacket
del outpacket
del router_identity_obj
del router_idurl
del router_proto_host
return routed_packet
