Ace:IMSPython: Difference between revisions
From Adapt
No edit summary |
|
(No difference)
|
Revision as of 19:55, 7 January 2011
Using the python suds library it's fairly trivial to request tokens from the ACE IMS service.
- https://fedorahosted.org/suds/ - suds library, examples use .4
Validating ace tokens is described in on the ims overview page and token store example page
Request One Token
from suds.client import Client url='http://ims.umiacs.umd.edu:8080/ace-ims/IMSWebService?wsdl' client = Client(url) request = client.factory.create('tokenRequest') request.hashValue = '4ed9ba3d9c7e3e092d0b0e3441f04574' request.name = 'MyFile' result = client.service.requestTokensImmediate('SHA-256-0',reqlist) print result
Here's the result of running it:
[python] [toaster@loach ace-cli]$ python test2.py [(tokenResponse){ digestService = "SHA-256" name = "somename" proofElements[] = (proofElement){ hashes[] = "9129f93bc8ac2d93e35aa6206298fb8616690211a8563db51cf2ea1159682692", index = 0 }, (proofElement){ hashes[] = "34bd07cc18a7ab1a47467081dcb21a6ca1857b1d3bdc12106ba2fd538b3bafbd", index = 0 }, (proofElement){ hashes[] = "8a2042da9a114a41cf3738a841d65336af5b864ed6be8484c6bae4a4ac9e65a1", index = 0 }, (proofElement){ hashes[] = "e95826668c3f301bef729e60157bbd3dbc346859ceee71655a9a065106276d72", index = 1 }, roundId = 2892850 statusCode = 100 timestamp = 2011-01-07 12:59:36.000013 tokenClassName = "SHA-256-0" }]
Secure One File
Using hashlib, and binascii we can use python to both generate a digest and grab an ace token for that digest.
import hashlib import binascii from suds.client import Client filename='test2.py' digFile = open(filename,'rb') hashAlg = hashlib.sha256() hashAlg.update(digFile.read()) filedigest = binascii.b2a_hex(hashAlg.digest()) url='http://ims.umiacs.umd.edu:8080/ace-ims/IMSWebService?wsdl' client = Client(url) print filename, ' ', filedigest request = client.factory.create('tokenRequest') request.hashValue = filedigest request.name = filename result = client.service.requestTokensImmediate('SHA-256-0',request) print result
And the output:
[python] [toaster@loach ace-cli]$ python test2.py test2.py 164182eef9792e2e1c5005cd9240ff508aef042b8fa344597431eae39370c784 [(tokenResponse){ digestService = "SHA-256" name = "test2.py" proofElements[] = (proofElement){ hashes[] = "c5e82872eeee3dfa539202a9757f8a5364b6fded4dfcb40b66084158f2b5c627", index = 0 }, (proofElement){ hashes[] = "6e16a71847403f4e586625463160993bfab189c0bba771d81354c03d9c3591fd", index = 0 }, (proofElement){ hashes[] = "0879b385c366d07142446a18dfb6d19c468a733991e9685fc75ce6f4b929b659", index = 0 }, (proofElement){ hashes[] = "e19dd18bd9eabf79a074d72231a7117bd2319a859d31a429575b4657e85d0c95", index = 1 }, roundId = 2893078 statusCode = 100 timestamp = 2011-01-07 13:08:27.000253 tokenClassName = "SHA-256-0" }]
Bulk sending
Rather than sending one token per request, you should create batches to send. Just send a 'list' of tokenRequest objects to requestTokensImmediate. The IMS currently supports up to 10,000 tokens per request.
Round Requests
You can request the round hashes for one or more rounds using getRoundSummaries.
from suds.client import Client url='http://ims.umiacs.umd.edu:8080/ace-ims/IMSWebService?wsdl' client = Client(url) result = client.service.getRoundSummaries(2893078) print result[0].id print result[0].hashValue
output
[python] [toaster@loach ace-cli]$ python test2.py 2893078 1324d496da42e04347c74001f8bd948b31fa296419ee49246ba5494970b16752
Complete Example
This example will read a file, compute its digest and request a token. It will then recompute the round hash using the
import hashlib import binascii from suds.client import Client filename='test2.py' digFile = open(filename,'rb') hashAlg = hashlib.sha256() hashAlg.update(digFile.read()) binarydigest = hashAlg.digest() filedigest = binascii.b2a_hex(binarydigest) url='http://ims.umiacs.umd.edu:8080/ace-ims/IMSWebService?wsdl' client = Client(url) print '---File to secure:' print filename, ' ', filedigest print '\n---Token Response from IMS' request = client.factory.create('tokenRequest') request.hashValue = filedigest request.name = filename token = client.service.requestTokensImmediate('SHA-256-0',request) print 'Round:', token[0].roundId, ' Date:', token[0].timestamp print token[0].proofElements print '\n---Computing proof' level = 0 prevhash = binarydigest for element in token[0].proofElements: i = 0 hashAlg = hashlib.sha256() # create level by converting hashes to bytes and inserting # previous level where necessary, first level uses file hash for strhash in element.hashes: if i == element.index: hashAlg.update(prevhash) hashAlg.update(binascii.a2b_hex(strhash)) i = i + 1 # in case previous level is to be inserted at end if i == element.index: hashAlg.update(prevhash) prevhash = hashAlg.digest() print 'Level:',level, '( index:',element.index,') ', binascii.b2a_hex(prevhash) level = level + 1 print '\n---Requesting Round Hash for',token[0].roundId rounds = client.service.getRoundSummaries(token[0].roundId) print 'Round hash:', rounds[0].hashValue print '\n---Comparing Round Hash to computed proof hash' print rounds[0].hashValue print binascii.b2a_hex(prevhash) print 'Equal:',binascii.b2a_hex(prevhash) == rounds[0].hashValue
And now the output:
[python] [toaster@loach ace-cli]$ python test2.py ---File to secure: test2.py 1f9bf12fc4e402d6cad8b36f9f6e0482af14add1b00f0f5aff2197309483a199 ---Token Response from IMS Round: 2895642 Date: 2011-01-07 14:54:21.000883 [(proofElement){ hashes[] = "31ed6c99ea3932bd2cbc8db0e42fc7bd028a773ac7e2359785f55fe076a6492b", index = 0 }, (proofElement){ hashes[] = "be071a2271d0be7633e986c4463cbc3fc39e244d75948000c41583e78d0398e3", index = 0 }, (proofElement){ hashes[] = "2cb53579297ff25fa6492e6f9b4cc130acf379f1061e31d2e5fd65da734c0f91", index = 0 }, (proofElement){ hashes[] = "439e40fbeae4635d014091ed93324cd467c61a3848516ee99d2c0bb20e02e7cf", index = 1 }] ---Computing proof Level: 0 ( index: 0 ) f91649510d117b361d6023b8846f12f273de0e25fab257d94be774a77bd222c6 Level: 1 ( index: 0 ) 1d56960d990765a1581559786df5e77dbdcf25e6c53b79f215375001ac761f88 Level: 2 ( index: 0 ) 31473c279b3d0d4714b096fe59c0aaa2b36286cbf3e82dbc9afb73a988a33f3e Level: 3 ( index: 1 ) 1ccba7f2302c71615f20e5b5768a118fbf44781e40bd2d7e5479ddd11a46d44c ---Requesting Round Hash for 2895642 Round hash: 1ccba7f2302c71615f20e5b5768a118fbf44781e40bd2d7e5479ddd11a46d44c ---Comparing Round Hash to computed proof hash 1ccba7f2302c71615f20e5b5768a118fbf44781e40bd2d7e5479ddd11a46d44c 1ccba7f2302c71615f20e5b5768a118fbf44781e40bd2d7e5479ddd11a46d44c Equal: True