Commit 1ff9a9b8 authored by toaster's avatar toaster

1.6beta2 checkin, report fixed, irods partial audit patch, sample python code as well

git-svn-id: https://subversion.umiacs.umd.edu/ace/trunk@66 f1b3a171-7291-4a19-a512-95ad0ad9394a
parent 1aa138ab
...@@ -21,7 +21,7 @@ In this file you should find the following: ...@@ -21,7 +21,7 @@ In this file you should find the following:
use aceam; use aceam;
source ace-am.sql; source ace-am.sql;
----- ----- Example -----
Welcome to the MySQL monitor. Commands end with ; or \g. Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2 to server version: 4.1.20 Your MySQL connection id is 2 to server version: 4.1.20
......
#!/usr/local/stow/python-2.7.1/bin/python
#
# ACE Token store tool
#
import hashlib
import binascii
import string
import getopt
import sys
import time
from urlparse import urlparse
from suds.client import Client
from suds.sax.date import DateTime
class TokenStore:
"""Ace Token Store"""
def __init__(self,infile,trimid=0):
self.entries = {}
self.roundlist = {}
while 1:
header = readHeader(infile)
if not header:
break
albName = header[0]
identifiers = readIdentifiers(infile)
proof = readProof(infile)
entry = TokenStoreEntry(proof,header)
for id in identifiers:
self.entries[id[trimid:]] = entry
def get_round(self,round):
if round not in self.roundlist:
url='http://ims.umiacs.umd.edu:8080/ace-ims/IMSWebService?wsdl'
client = Client(url)
response = client.service.getRoundSummaries(round)
for resp in response:
self.roundlist[resp.id] = resp.hashValue;
return self.roundlist[round]
def validate(self,file,identifier):
if identifier not in self.entries:
return None
token = self.entries[identifier]
roundhash = self.get_round(token.round)
prevhash = digestFile(file)
for proofLine in token.proof:
prevhash = calculateLevel(prevhash,proofLine,token.algorithm)
if (binascii.b2a_hex(prevhash) != roundhash):
return False
else:
return True
class TokenStoreEntry:
"""Token Store Entry"""
def __init__(self,proof,headerparts):
self.proof = proof
self.algorithm,self.server,self.service,self.round,self.date,self.length = headerparts
self.round = int(self.round)
def createTokens(digestlist,outfile,wsdl='http://ims.umiacs.umd.edu:8080/ace-ims/IMSWebService?wsdl'):
print 'start_create ' + str(time.time())
urlparts = urlparse(wsdl)
client = Client(wsdl)
requestlist = []
for digestpair in digestlist:
request = client.factory.create('tokenRequest')
request.hashValue = digestpair[1]
request.name = digestpair[0]
requestlist.append(request)
#request._tokenClassName = "SHA-256-0"
print 'before call' + str(time.time())
response = client.service.requestTokensImmediate('SHA-256-0',requestlist)
#response = portType.requestTokensImmediate(request)
print 'after call ' + str(time.time())
for item in response:
lines = [item.name,'']
for proofelement in item.proofElements:
proofelement.hashes.insert(proofelement.index,'X')
lines.append( ":".join(proofelement.hashes))
lines.append('')
lines.append('')
result = '\n'.join(lines)
outfile.write(item.digestService + ' ' + urlparts.hostname + ' ' + item.tokenClassName + ' ' + str(item.roundId) + ' ' +DateTime(item.timestamp).__unicode__()+ ' ' + str(len(result)) + "\n")
outfile.write(result)
print 'return ' + str(time.time())
def getAlgorithm(algName):
if (algName == "SHA-256"):
return hashlib.sha256()
elif (algName == "SHA-512"):
return hashlib.sha512()
elif (algName == "SHA-384"):
return hashlib.sha384()
elif (algName == "MD5"):
return hashlib.md5()
elif (algName == "SHA1"):
return hashlib.sha1()
return None
def calculateLevel(lowerHash,rowString, algName):
"""Calculate a level given a token store string, and the hash and index
of the previously calculated level's (or file) hash"""
hashAlg = getAlgorithm(algName)
for hash in string.split(rowString,":"):
if (hash == "X"):
hashAlg.update(lowerHash)
else:
hashAlg.update(binascii.a2b_hex(hash))
return hashAlg.digest()
def readHeader(file):
currLine = file.readline()
if not currLine:
return False
headerParts = string.split(currLine)
if (len(headerParts) != 6):
print "Bad header: " + currLine
return False
return headerParts
def readIdentifiers(infile):
line = infile.readline().rstrip("\n")
ids = []
while line != "":
ids.append(line)
line = infile.readline().rstrip("\n")
return ids
def readProof(infile):
line = infile.readline().rstrip("\n")
proof = []
while line != "":
proof.append(line)
line = infile.readline().rstrip("\n")
return proof
def digestFile(file,alg="SHA-256"):
hashAlg = getAlgorithm(alg)
with open(file,'rb') as digFile:
bytes_read = digFile.read(1024*1024)
while bytes_read:
hashAlg.update(bytes_read)
bytes_read = digFile.read(1024*1024)
digFile.close()
fileDigest = hashAlg.digest()
return fileDigest
#!/usr/bin/python
#
#
#
import acestore
import os
import sys
import binascii
import argparse
class TrollSettings:
outfile = sys.stdout
requestlist = []
def processDir(settings,directory,files):
for f in files:
fullPath = os.path.join(directory,f)
if os.path.isfile(fullPath):
settings.requestlist.append((fullPath,binascii.b2a_hex(acestore.digestFile(fullPath))))
if len(settings.requestlist) > 1000:
acestore.createTokens(settings.requestlist,settings.outfile)
del(settings.requestlist[:])
def main():
parser = argparse.ArgumentParser(description='Validate Files using a token store.')
parser.add_argument('files',nargs='+',help='Files or directories to scan');
parser.add_argument('-v','--verbose',action='store_true')
parser.add_argument('-r','--recurse',action='store_true',help='recurse into any listed directories')
parser.add_argument('-f','--file',nargs='?', type=argparse.FileType('w'), default=sys.stdout,help='File to write token store into, default std out')
parser.add_argument('-d','--digest',nargs='?',default='SHA-256',help='Digest algorithm to use (default SHA-256)')
args = parser.parse_args()
if acestore.getAlgorithm(args.digest) is None:
print 'Invalid digest algorithm ' + args.digest
parser.print_help()
sys.exit(2)
settings = TrollSettings()
settings.outfile = args.file
for file in args.files:
if not (os.path.isfile(file) or args.recurse and os.path.isdir(file)):
if not args.recurse and os.path.isdir(file):
print file + " is a directory and -r, or --recurse has not been specified"
elif not os.path.isfile(file):
print file + " does not exist"
parser.print_help()
sys.exit(2)
for file in args.files:
if os.path.isdir(file):
os.path.walk(file,processDir, settings)
else:
settings.requestlist.append((file,binascii.b2a_hex(acestore.digestFile(file))))
if len(settings.requestlist) > 0:
acestore.createTokens(settings.requestlist,settings.outfile)
settings.outfile.close()
if __name__ == "__main__":
main()
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"Contributed modules"
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
from pysimplesoap.client import SoapClient
from pysimplesoap.simplexml import SimpleXMLElement
import acestore
acestore.retrieveRoundSummaries([56478,67489])
client = SoapClient(wsdl="http://ims.umiacs.umd.edu:8080/ace-ims/IMSWebService?WSDL",trace=True,ns='tns')
print 'namespace ' + client.namespace
response = client.getRoundSummaries(rounds=[2855142,67564])
print response[0]['return']
#print result
import hashlib
import binascii
from suds.client import Client
filename='test2.py'
digFile = open(filename,'rb')
hashAlg = hashlib.sha256()
hashAlg.update(digFile.read())
binarydigest = hashAlg.digest()
filedigest = binascii.b2a_hex(binarydigest)
url='http://ims.umiacs.umd.edu:8080/ace-ims/IMSWebService?wsdl'
client = Client(url)
print '---File to secure:'
print filename, ' ', filedigest
print '\n---Token Response from IMS'
request = client.factory.create('tokenRequest')
request.hashValue = filedigest
request.name = filename
token = client.service.requestTokensImmediate('SHA-256-0',request)
print 'Round:', token[0].roundId, ' Date:', token[0].timestamp
print token[0].proofElements
print '\n---Computing proof'
level = 0
prevhash = binarydigest
for element in token[0].proofElements:
i = 0
hashAlg = hashlib.sha256()
# create level by converting hashes to bytes and inserting
# previous level where necessary, first level uses file hash
for strhash in element.hashes:
if i == element.index:
hashAlg.update(prevhash)
hashAlg.update(binascii.a2b_hex(strhash))
i = i + 1
# in case previous level is to be inserted at end
if i == element.index:
hashAlg.update(prevhash)
prevhash = hashAlg.digest()
print 'Level:',level, '( index:',element.index,') ', binascii.b2a_hex(prevhash)
level = level + 1
print '\n---Requesting Round Hash for',token[0].roundId
rounds = client.service.getRoundSummaries(token[0].roundId)
print 'Round hash:', rounds[0].hashValue
print '\n---Comparing Round Hash to computed proof hash'
print rounds[0].hashValue
print binascii.b2a_hex(prevhash)
print 'Equal:',binascii.b2a_hex(prevhash) == rounds[0].hashValue
import hashlib
import binascii
from suds.client import Client
#
# Witness value retrieved from:
# http://groups.google.com/group/ace-ims-witness
#
roundid = 2855147
trustedwitnessvalue='d85e36d6af2246d76c9a4fa0ef22eb10a5215eae5747504241b92b18f2c22467'
url='http://ims.umiacs.umd.edu:8080/ace-ims/IMSWebService?wsdl'
client = Client(url)
print '\n---Requesting Round Hash for',roundid
rounds = client.service.getRoundSummaries(roundid)
print 'Round hash:', rounds[0].hashValue
print '\n---Requesting proof to witness for round',roundid
witnessProof = client.service.createWitnessProofForRound(roundid)
print 'Witness ID:', witnessProof[0].witnessId, 'Timestamp:',witnessProof[0].roundTimestamp, witnessProof[0].tokenClassName, witnessProof[0].digestService
print witnessProof[0].proofElements
print '\n---Calculating round to witness proof',roundid
level = 0
prevhash = binascii.a2b_hex(rounds[0].hashValue)
for element in witnessProof[0].proofElements:
i = 0
hashAlg = hashlib.sha256()
# create level by converting hashes to bytes and inserting
# previous level where necessary, first level uses file hash
for strhash in element.hashes:
if i == element.index:
hashAlg.update(prevhash)
hashAlg.update(binascii.a2b_hex(strhash))
i = i + 1
# in case previous level is to be inserted at end
if i == element.index:
hashAlg.update(prevhash)
prevhash = hashAlg.digest()
print 'Level:',level, '( index:',element.index,') ', binascii.b2a_hex(prevhash)
level = level + 1
imswitnessvalue = binascii.b2a_hex(prevhash)
print '\n---Comparing trusted value to IMS proof result'
print 'calculated',imswitnessvalue
print 'trusted ',trustedwitnessvalue
print 'Equal:',imswitnessvalue == trustedwitnessvalue
import sys
import argparse
import acestore
import os
def scan_dir(dict,directory,files):
unseenids = dict['store'].entries.keys
for f in files:
fullpath = os.path.join(directory,f)
idpath = fullpath[dict['trim']:]
#unseenids.remove(unseenids.index(idpath))
if os.path.isfile(fullpath):
result = dict['store'].validate(fullpath,idpath)
if result is None:
print idpath + ' not found in tokenstore'
elif not result:
print fullpath + ' not valid'
#elif [dict['verbose']]
# print fullpath + ' valid ' +
#for id in unseenids:
# print id + ' not found'
def main():
parser = argparse.ArgumentParser(description='Validate Files using a token store.')
parser.add_argument('store',metavar='token-store', nargs='?',help='token store file name or "-" to read from stdin')
parser.add_argument('-v','--verbose',action='store_true')
parser.add_argument('-m','--missing',action='store_true',default=False,help='Show files which appear in token store, but not on the local filesystem')
parser.add_argument('-f','--files',nargs=1,help="comma(,) separated list of files to validate")
parser.add_argument('-i','--identifiers',nargs=1,help='comma(,) separated list of identifiers to match with supplied files (ie, file1=id1)')
parser.add_argument('-d','--dir',nargs='?',default='.',help='directory to scan, default is current directory')
parser.add_argument('--trimidentifiers',nargs='?',type=int,default=0,help='remove the first n characters from id\'s when reading a token store')
parser.add_argument('--trimpath',nargs='?',type=int,default=0,help='remove the first n characters from file paths when looking for identifiers')
arguments = parser.parse_args()
storefile = sys.stdin
if arguments.store != '-' and arguments.store is not None:
storefile = open(arguments.store,'r')
aceStore = acestore.TokenStore(storefile,arguments.trimidentifiers)
os.path.walk(arguments.dir,scan_dir,{'store':aceStore,'trim':arguments.trimpath})
if __name__ == "__main__":
main()
<?xml version="1.0" encoding="UTF-8"?><!-- Published by JAX-WS RI at http://jax-ws.dev.java.net. RI's version is JAX-WS RI 2.1.3.1-hudson-417-SNAPSHOT. --><!-- Generated by JAX-WS RI at http://jax-ws.dev.java.net. RI's version is JAX-WS RI 2.1.3.1-hudson-417-SNAPSHOT. --><definitions xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="http://ws.ims.ace.umiacs.edu/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.xmlsoap.org/wsdl/" targetNamespace="http://ws.ims.ace.umiacs.edu/" name="IMSWebService">
<types>
<xsd:schema>
<xsd:include schemaLocation="http://ims.umiacs.umd.edu:8080/ace-ims/IMSWebService?xsd=1"></xsd:include>
</xsd:schema>
</types>
<message name="requestLink">
<part name="parameters" element="tns:requestLink"></part>
</message>
<message name="requestLinkResponse">
<part name="parameters" element="tns:requestLinkResponse"></part>
</message>
<message name="IMSFault">
<part name="fault" element="tns:IMSFault"></part>
</message>
<message name="requestTokensAsync">
<part name="parameters" element="tns:requestTokensAsync"></part>
</message>
<message name="requestTokensAsyncResponse">
<part name="parameters" element="tns:requestTokensAsyncResponse"></part>
</message>
<message name="requestTokensImmediate">
<part name="parameters" element="tns:requestTokensImmediate"></part>
</message>
<message name="requestTokensImmediateResponse">
<part name="parameters" element="tns:requestTokensImmediateResponse"></part>
</message>
<message name="getRoundSummaries">
<part name="parameters" element="tns:getRoundSummaries"></part>
</message>
<message name="getRoundSummariesResponse">
<part name="parameters" element="tns:getRoundSummariesResponse"></part>
</message>
<message name="createWitnessProofForRound">
<part name="parameters" element="tns:createWitnessProofForRound"></part>
</message>
<message name="createWitnessProofForRoundResponse">
<part name="parameters" element="tns:createWitnessProofForRoundResponse"></part>
</message>
<message name="retrieveTokens">
<part name="parameters" element="tns:retrieveTokens"></part>
</message>
<message name="retrieveTokensResponse">
<part name="parameters" element="tns:retrieveTokensResponse"></part>
</message>
<portType name="IMSWebService">
<operation name="requestLink">
<input message="tns:requestLink"></input>
<output message="tns:requestLinkResponse"></output>
<fault message="tns:IMSFault" name="IMSFault"></fault>
</operation>
<operation name="requestTokensAsync">
<input message="tns:requestTokensAsync"></input>
<output message="tns:requestTokensAsyncResponse"></output>
<fault message="tns:IMSFault" name="IMSFault"></fault>
</operation>
<operation name="requestTokensImmediate">
<input message="tns:requestTokensImmediate"></input>
<output message="tns:requestTokensImmediateResponse"></output>
<fault message="tns:IMSFault" name="IMSFault"></fault>
</operation>
<operation name="getRoundSummaries">
<input message="tns:getRoundSummaries"></input>
<output message="tns:getRoundSummariesResponse"></output>
<fault message="tns:IMSFault" name="IMSFault"></fault>
</operation>
<operation name="createWitnessProofForRound">
<input message="tns:createWitnessProofForRound"></input>
<output message="tns:createWitnessProofForRoundResponse"></output>
<fault message="tns:IMSFault" name="IMSFault"></fault>
</operation>
<operation name="retrieveTokens">
<input message="tns:retrieveTokens"></input>
<output message="tns:retrieveTokensResponse"></output>
<fault message="tns:IMSFault" name="IMSFault"></fault>
</operation>
</portType>
<binding name="IMSWebServicePortBinding" type="tns:IMSWebService">
<soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document"></soap:binding>
<operation name="requestLink">
<soap:operation soapAction=""></soap:operation>
<input>
<soap:body use="literal"></soap:body>
</input>
<output>
<soap:body use="literal"></soap:body>
</output>
<fault name="IMSFault">
<soap:fault name="IMSFault" use="literal"></soap:fault>
</fault>
</operation>
<operation name="requestTokensAsync">
<soap:operation soapAction=""></soap:operation>
<input>
<soap:body use="literal"></soap:body>
</input>
<output>
<soap:body use="literal"></soap:body>
</output>
<fault name="IMSFault">
<soap:fault name="IMSFault" use="literal"></soap:fault>
</fault>
</operation>
<operation name="requestTokensImmediate">
<soap:operation soapAction=""></soap:operation>
<input>
<soap:body use="literal"></soap:body>
</input>
<output>
<soap:body use="literal"></soap:body>
</output>
<fault name="IMSFault">
<soap:fault name="IMSFault" use="literal"></soap:fault>
</fault>
</operation>
<operation name="getRoundSummaries">
<soap:operation soapAction=""></soap:operation>
<input>
<soap:body use="literal"></soap:body>
</input>
<output>
<soap:body use="literal"></soap:body>
</output>
<fault name="IMSFault">
<soap:fault name="IMSFault" use="literal"></soap:fault>
</fault>
</operation>
<operation name="createWitnessProofForRound">
<soap:operation soapAction=""></soap:operation>
<input>
<soap:body use="literal"></soap:body>
</input>
<output>
<soap:body use="literal"></soap:body>
</output>
<fault name="IMSFault">
<soap:fault name="IMSFault" use="literal"></soap:fault>
</fault>
</operation>
<operation name="retrieveTokens">
<soap:operation soapAction=""></soap:operation>
<input>
<soap:body use="literal"></soap:body>
</input>
<output>
<soap:body use="literal"></soap:body>
</output>
<fault name="IMSFault">
<soap:fault name="IMSFault" use="literal"></soap:fault>
</fault>
</operation>
</binding>
<service name="IMSWebService">
<port name="IMSWebServicePort" binding="tns:IMSWebServicePortBinding">
<soap:address location="http://ims.umiacs.umd.edu:8080/ace-ims/IMSWebService"></soap:address>
</port>
</service>
</definitions>
<?xml version="1.0" encoding="UTF-8"?><!-- Published by JAX-WS RI at http://jax-ws.dev.java.net. RI's version is JAX-WS RI 2.1.3.1-hudson-417-SNAPSHOT. --><xs:schema xmlns:tns="http://ws1.ims.ace.umiacs.edu/" xmlns:xs="http://www.w3.org/2001/XMLSchema" version="1.0" targetNamespace="http://ws1.ims.ace.umiacs.edu/">
<xs:element name="IMSFault" type="tns:IMSFault"></xs:element>
<xs:element name="createWitnessProofForRound" type="tns:createWitnessProofForRound"></xs:element>
<xs:element name="createWitnessProofForRoundResponse" type="tns:createWitnessProofForRoundResponse"></xs:element>
<xs:element name="getRoundSummaries" type="tns:getRoundSummaries"></xs:element>
<xs:element name="getRoundSummariesResponse" type="tns:getRoundSummariesResponse"></xs:element>
<xs:element name="requestLink" type="tns:requestLink"></xs:element>
<xs:element name="requestLinkResponse" type="tns:requestLinkResponse"></xs:element>
<xs:element name="requestTokensAsync" type="tns:requestTokensAsync"></xs:element>
<xs:element name="requestTokensAsyncResponse" type="tns:requestTokensAsyncResponse"></xs:element>
<xs:element name="requestTokensImmediate" type="tns:requestTokensImmediate"></xs:element>
<xs:element name="requestTokensImmediateResponse" type="tns:requestTokensImmediateResponse"></xs:element>
<xs:element name="retrieveTokens" type="tns:retrieveTokens"></xs:element>
<xs:element name="retrieveTokensResponse" type="tns:retrieveTokensResponse"></xs:element>
<xs:complexType name="requestLink">
<xs:sequence>
<xs:element name="tokenClassName" type="xs:string" minOccurs="0"></xs:element>
<xs:element name="hashValue" type="xs:string" minOccurs="0"></xs:element>
</xs:sequence>
</xs:complexType>
<xs:complexType name="requestLinkResponse">
<xs:sequence>
<xs:element name="return" type="tns:linkResponse" minOccurs="0"></xs:element>
</xs:sequence>
</xs:complexType>
<xs:complexType name="linkResponse">
<xs:sequence>
<xs:element name="previousHash" type="xs:string" minOccurs="0"></xs:element>
<xs:element name="rootHash" type="xs:string" minOccurs="0"></xs:element>
<xs:element name="roundId" type="xs:long"></xs:element>
<xs:element name="timestamp" type="xs:dateTime" minOccurs="0"></xs:element>
<xs:element name="tokenClassName" type="xs:string" minOccurs="0"></xs:element>
</xs:sequence>
</xs:complexType>
<xs:complexType name="IMSFault">
<xs:sequence>
<xs:element name="message" type="xs:string" minOccurs="0"></xs:element>
<xs:element name="serverFault" type="xs:boolean"></xs:element>
<xs:element name="statusCode" type="xs:int"></xs:element>
</xs:sequence>
</xs:complexType>
<xs:complexType name="retrieveTokens">
<xs:sequence>
<xs:element name="requestNumber" type="xs:long"></xs:element>
<xs:element name="sessionKey" type="xs:long"></xs:element>
</xs:sequence>
</xs:complexType>
<xs:complexType name="retrieveTokensResponse">
<xs:sequence>
<xs:element name="return" type="tns:tokenResponse" minOccurs="0" maxOccurs="unbounded"></xs:element>
</xs:sequence>
</xs:complexType>
<xs:complexType name="tokenResponse">
<xs:sequence>
<xs:element name="digestProvider" type="xs:string" minOccurs="0"></xs:element>
<xs:element name="digestService" type="xs:string" minOccurs="0"></xs:element>
<xs:element name="name" type="xs:string" minOccurs="0"></xs:element>
<xs:element name="proofElements" type="tns:proofElement" nillable="true" minOccurs="0" maxOccurs="unbounded"></xs:element>
<xs:element name="roundId" type="xs:long"></xs:element>
<xs:element name="statusCode" type="xs:int"></xs:element>
<xs:element name="timestamp" type="xs:dateTime" minOccurs="0"></xs:element>
<xs:element name="tokenClassName" type="xs:string" minOccurs="0"></xs:element>
</xs:sequence>
</xs:complexType>
<xs:complexType name="proofElement">
<xs:sequence>
<xs:element name="hashes" type="xs:string" nillable="true" minOccurs="0" maxOccurs="unbounded"></xs:element>
<xs:element name="index" type="xs:int"></xs:element>
</xs:sequence>
</xs:complexType>
<xs:complexType name="requestTokensImmediate">
<xs:sequence>
<xs:element name="tokenClassName" type="xs:string" minOccurs="0"></xs:element>
<xs:element name="requests" type="tns:tokenRequest" minOccurs="0" maxOccurs="unbounded"></xs:element>