aljaz/python-teos
1
0
Fork 0
mirror of https://github.com/aljazceru/python-teos.git synced 2025-12-17 22:24:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Client signs appointment before sending it to server

Browse Source
This commit is contained in:
Turtle
2019-11-07 17:50:58 -05:00
parent 20f296c9d4
commit 79d986677d
3 changed files with 80 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apps/cli/__init__.py
View File

@@ -13,6 +13,8 @@ APPOINTMENTS_FOLDER_NAME = "appointments"
SUPPORTED_HASH_FUNCTIONS = ["SHA256"] SUPPORTED_HASH_FUNCTIONS = ["SHA256"]
SUPPORTED_CIPHERS = ["AES-GCM-128"] SUPPORTED_CIPHERS = ["AES-GCM-128"]
CLI_PUBLIC_KEY = "cli_pk.pem"
CLI_PRIVATE_KEY = "cli_sk.pem"
PISA_PUBLIC_KEY = "pisa_pk.pem" PISA_PUBLIC_KEY = "pisa_pk.pem"
# Configure logging # Configure logging

90
apps/cli/pisa_cli.py
View File

@@ -6,21 +6,28 @@ import requests
import time import time
from sys import argv from sys import argv
from hashlib import sha256 from hashlib import sha256
from binascii import unhexlify from binascii import hexlify, unhexlify
from getopt import getopt, GetoptError from getopt import getopt, GetoptError
from requests import ConnectTimeout, ConnectionError from requests import ConnectTimeout, ConnectionError
from uuid import uuid4 from uuid import uuid4
from cryptography.hazmat.backends import default_backend from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.serialization import load_pem_public_key from cryptography.hazmat.primitives.serialization import load_pem_public_key, load_pem_private_key
from cryptography.hazmat.primitives.asymmetric import ec from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.exceptions import InvalidSignature, UnsupportedAlgorithm from cryptography.exceptions import InvalidSignature, UnsupportedAlgorithm
from apps.cli.blob import Blob from apps.cli.blob import Blob
from apps.cli.help import help_add_appointment, help_get_appointment from apps.cli.help import help_add_appointment, help_get_appointment
from apps.cli import DEFAULT_PISA_API_SERVER, DEFAULT_PISA_API_PORT, PISA_PUBLIC_KEY, APPOINTMENTS_FOLDER_NAME from apps.cli import (
from apps.cli import logger DEFAULT_PISA_API_SERVER,
DEFAULT_PISA_API_PORT,
CLI_PUBLIC_KEY,
CLI_PRIVATE_KEY,
PISA_PUBLIC_KEY,
APPOINTMENTS_FOLDER_NAME,
logger,
)
HTTP_OK = 200 HTTP_OK = 200
@@ -48,21 +55,42 @@ def generate_dummy_appointment():
print("\nData stored in dummy_appointment_data.json") print("\nData stored in dummy_appointment_data.json")
# Loads and returns Pisa's public key from disk. def sign_appointment(sk, appointment):
# Will raise NotFoundError or IOError if the attempts to open and read the public key file fail. data = json.dumps(appointment, sort_keys=True, separators=(",", ":")).encode("utf-8")
# Will raise ValueError if it the public key file was present but it failed to be deserialized. return hexlify(sk.sign(data, ec.ECDSA(hashes.SHA256()))).decode("utf-8")
def load_pisa_public_key():
# Loads and returns Pisa keys from disk
def load_key_file_data(file_name):
try: try:
with open(PISA_PUBLIC_KEY, "r") as key_file: with open(file_name, "r") as key_file:
pubkey_pem = key_file.read().encode("utf-8") key_pem = key_file.read().encode("utf-8")
pisa_public_key = load_pem_public_key(pubkey_pem, backend=default_backend()) return key_pem
return pisa_public_key
except FileNotFoundError:
raise FileNotFoundError("File not found.")
# Deserialize public key from pem data.
def load_public_key(pk_pem):
try:
pisa_pk = load_pem_public_key(pk_pem, backend=default_backend())
return pisa_pk
except UnsupportedAlgorithm: except UnsupportedAlgorithm:
raise ValueError("Could not deserialize the public key (unsupported algorithm).") raise ValueError("Could not deserialize the public key (unsupported algorithm).")
# Verifies that the appointment signature is a valid signature with public key `pk`, # Deserialize private key from pem data.
def load_private_key(sk_pem):
try:
cli_sk = load_pem_private_key(sk_pem, None, backend=default_backend())
return cli_sk
except UnsupportedAlgorithm:
raise ValueError("Could not deserialize the private key (unsupported algorithm).")
# returning True or False accordingly. # returning True or False accordingly.
def is_appointment_signature_valid(appointment, signature, pk): def is_appointment_signature_valid(appointment, signature, pk):
try: try:
@@ -143,7 +171,38 @@ def add_appointment(args):
appointment_data.get("end_time"), appointment_data.get("end_time"),
appointment_data.get("dispute_delta"), appointment_data.get("dispute_delta"),
) )
appointment_json = json.dumps(appointment, sort_keys=True, separators=(",", ":"))
try:
sk_pem = load_key_file_data(CLI_PRIVATE_KEY)
cli_sk = load_private_key(sk_pem)
except ValueError:
logger.error("Failed to deserialize the public key. It might be in an unsupported format.")
return False
except FileNotFoundError:
logger.error("Client's private key file not found. Please check your settings.")
return False
except IOError as e:
logger.error("I/O error({}): {}".format(e.errno, e.strerror))
return False
signature = sign_appointment(cli_sk, appointment)
try:
cli_pk_pem = load_key_file_data(CLI_PUBLIC_KEY)
except FileNotFoundError:
logger.error("Client's private key file not found. Please check your settings.")
return False
except IOError as e:
logger.error("I/O error({}): {}".format(e.errno, e.strerror))
return False
data = {"appointment": appointment, "signature": signature, "public_key": cli_pk_pem.decode("utf-8")}
appointment_json = json.dumps(data, sort_keys=True, separators=(",", ":"))
logger.info("Sending appointment to PISA") logger.info("Sending appointment to PISA")
@@ -181,7 +240,8 @@ def add_appointment(args):
signature = response_json["signature"] signature = response_json["signature"]
# verify that the returned signature is valid # verify that the returned signature is valid
try: try:
pk = load_pisa_public_key() pk_pem = load_key_file_data(PISA_PUBLIC_KEY)
pk = load_public_key(pk_pem)
is_sig_valid = is_appointment_signature_valid(appointment, signature, pk) is_sig_valid = is_appointment_signature_valid(appointment, signature, pk)
except ValueError: except ValueError:

6
test/apps/cli/test_pisa_cli.py
View File

@@ -50,7 +50,7 @@ def test_is_appointment_signature_valid():
assert not pisa_cli.is_appointment_signature_valid(dummy_appointment, other_signature, pisa_pk) assert not pisa_cli.is_appointment_signature_valid(dummy_appointment, other_signature, pisa_pk)
def get_dummy_pisa_pk(): def get_dummy_pisa_pk(pem_data):
return pisa_pk return pisa_pk
@@ -60,7 +60,7 @@ def test_add_appointment(monkeypatch):
# and the return value is True # and the return value is True
# make sure the test uses the right dummy key instead of loading it from disk # make sure the test uses the right dummy key instead of loading it from disk
monkeypatch.setattr(pisa_cli, "load_pisa_public_key", get_dummy_pisa_pk) monkeypatch.setattr(pisa_cli, "load_public_key", get_dummy_pisa_pk)
response = {"locator": dummy_appointment["locator"], "signature": sign_appointment(pisa_sk, dummy_appointment)} response = {"locator": dummy_appointment["locator"], "signature": sign_appointment(pisa_sk, dummy_appointment)}
@@ -81,7 +81,7 @@ def test_add_appointment_with_invalid_signature(monkeypatch):
# make sure that the right endpoint is requested, but the return value is False # make sure that the right endpoint is requested, but the return value is False
# make sure the test uses the right dummy key instead of loading it from disk # make sure the test uses the right dummy key instead of loading it from disk
monkeypatch.setattr(pisa_cli, "load_pisa_public_key", get_dummy_pisa_pk) monkeypatch.setattr(pisa_cli, "load_public_key", get_dummy_pisa_pk)
response = { response = {
"locator": dummy_appointment["locator"], "locator": dummy_appointment["locator"],