Funktionierender Prototyp des Serious Games zur Vermittlung von Wissen zu Software-Engineering-Arbeitsmodellen.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

cryptosign.py 5.7KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152
  1. ###############################################################################
  2. #
  3. # The MIT License (MIT)
  4. #
  5. # Copyright (c) typedef int GmbH
  6. #
  7. # Permission is hereby granted, free of charge, to any person obtaining a copy
  8. # of this software and associated documentation files (the "Software"), to deal
  9. # in the Software without restriction, including without limitation the rights
  10. # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  11. # copies of the Software, and to permit persons to whom the Software is
  12. # furnished to do so, subject to the following conditions:
  13. #
  14. # The above copyright notice and this permission notice shall be included in
  15. # all copies or substantial portions of the Software.
  16. #
  17. # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  18. # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  19. # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  20. # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  21. # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  22. # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  23. # THE SOFTWARE.
  24. #
  25. ###############################################################################
  26. from autobahn.wamp.cryptosign import HAS_CRYPTOSIGN, CryptosignKey
  27. from twisted.internet.defer import inlineCallbacks, returnValue
  28. __all__ = [
  29. 'HAS_CRYPTOSIGN_SSHAGENT'
  30. ]
  31. if HAS_CRYPTOSIGN:
  32. try:
  33. # WAMP-cryptosign support for SSH agent is currently
  34. # only available on Twisted (on Python 2)
  35. from twisted.internet.protocol import Factory
  36. from twisted.internet.endpoints import UNIXClientEndpoint
  37. from twisted.conch.ssh.agent import SSHAgentClient
  38. except ImportError:
  39. # twisted.conch is not yet fully ported to Python 3
  40. HAS_CRYPTOSIGN_SSHAGENT = False
  41. else:
  42. HAS_CRYPTOSIGN_SSHAGENT = True
  43. __all__.append('SSHAgentCryptosignKey')
  44. if HAS_CRYPTOSIGN_SSHAGENT:
  45. import os
  46. from nacl import signing
  47. from autobahn.wamp.cryptosign import _read_ssh_ed25519_pubkey, _unpack, _pack
  48. class SSHAgentCryptosignKey(CryptosignKey):
  49. """
  50. A WAMP-cryptosign signing key that is a proxy to a private Ed25510 key
  51. actually held in SSH agent.
  52. An instance of this class must be create via the class method new().
  53. The instance only holds the public key part, whereas the private key
  54. counterpart is held in SSH agent.
  55. """
  56. def __init__(self, key, comment=None, reactor=None):
  57. CryptosignKey.__init__(self, key, comment)
  58. if not reactor:
  59. from twisted.internet import reactor
  60. self._reactor = reactor
  61. @classmethod
  62. def new(cls, pubkey=None, reactor=None):
  63. """
  64. Create a proxy for a key held in SSH agent.
  65. :param pubkey: A string with a public Ed25519 key in SSH format.
  66. :type pubkey: unicode
  67. """
  68. if not HAS_CRYPTOSIGN_SSHAGENT:
  69. raise Exception("SSH agent integration is not supported on this platform")
  70. pubkey, _ = _read_ssh_ed25519_pubkey(pubkey)
  71. if not reactor:
  72. from twisted.internet import reactor
  73. if "SSH_AUTH_SOCK" not in os.environ:
  74. raise Exception("no ssh-agent is running!")
  75. factory = Factory()
  76. factory.noisy = False
  77. factory.protocol = SSHAgentClient
  78. endpoint = UNIXClientEndpoint(reactor, os.environ["SSH_AUTH_SOCK"])
  79. d = endpoint.connect(factory)
  80. @inlineCallbacks
  81. def on_connect(agent):
  82. keys = yield agent.requestIdentities()
  83. # if the key is found in ssh-agent, the raw public key (32 bytes), and the
  84. # key comment as returned from ssh-agent
  85. key_data = None
  86. key_comment = None
  87. for blob, comment in keys:
  88. raw = _unpack(blob)
  89. algo = raw[0].decode('utf8')
  90. if algo == 'ssh-ed25519':
  91. algo, _pubkey = raw
  92. if _pubkey == pubkey:
  93. key_data = _pubkey
  94. key_comment = comment.decode('utf8')
  95. break
  96. agent.transport.loseConnection()
  97. if key_data:
  98. key = signing.VerifyKey(key_data)
  99. returnValue(cls(key, key_comment, reactor))
  100. else:
  101. raise Exception("Ed25519 key not held in ssh-agent")
  102. return d.addCallback(on_connect)
  103. def sign(self, challenge):
  104. if "SSH_AUTH_SOCK" not in os.environ:
  105. raise Exception("no ssh-agent is running!")
  106. factory = Factory()
  107. factory.noisy = False
  108. factory.protocol = SSHAgentClient
  109. endpoint = UNIXClientEndpoint(self._reactor, os.environ["SSH_AUTH_SOCK"])
  110. d = endpoint.connect(factory)
  111. @inlineCallbacks
  112. def on_connect(agent):
  113. # we are now connected to the locally running ssh-agent
  114. # that agent might be the openssh-agent, or eg on Ubuntu 14.04 by
  115. # default the gnome-keyring / ssh-askpass-gnome application
  116. blob = _pack(['ssh-ed25519'.encode(), self.public_key(binary=True)])
  117. # now ask the agent
  118. signature_blob = yield agent.signData(blob, challenge)
  119. algo, signature = _unpack(signature_blob)
  120. agent.transport.loseConnection()
  121. returnValue(signature)
  122. return d.addCallback(on_connect)